Re: Detached PGP signatures in mail?
-----BEGIN PGP SIGNED MESSAGE-----
At 22:30 19/04/97 -0400, you wrote:
>...apparently under the impression
>> that we're all going to take the time to check whether or not it was really
>> you who sent that embarrassing message.
>
>Not at all. The point of PGP/MIME (I believe that's what it's called) is
>that the whole business of signing, checking signatures, etc. can be
>cleanly and easily automated. I'm sure someone will be able to point you to
>the relevant RFC if you want to know more.
Well, no, you miss the point completely. You assume that I really care that every message I receive is genuine or not. Some I do care about (in which case I'll ask in advance); some I couldn't care less about. I would suggest that it's out of place
The other reason that it's silly to PGP-sign your messages indiscriminately is that PGP requires me to have a copy of your public key to verify your signature. Am I supposed to carry a copy of the entire world's PGP public-key database? Failing that
And it's RFC 2015, if you really want to know. I already had a copy of it, and I'm aware of its contents. I may implement parts of it in the future,
The point of the whole thing is this: if you insist on using PGP as a toy, then don't complain if others don't like the results of your playing.
>You mean that Eudora dump
>all the attachments it sees into a directory? Isn't the point of an
>attachment that it should stay attached to the mail it came with (until you
>detach it)? Ugh. That pretty much rules out Eudora for me as a windows
>email program.
I think really we're talking about a philosophical difference here. I'd rather it did save anything it didn't understand to a file; I can deal with it immediately rather than having to crank up the mailer again and decide what to do with it. YMMV.
>One of the mailers is mutt, available as a Debian package on your nearest
>Debian mirror.
I can't seem to find it as a Debian package (it's not in either rex, bo, free or non-US), but I suspect it's yet another casualty of the US's never-to-be-sufficiently-cursed ITAR regulations and not available outside the US in the PGP-compatible for
>But instead of writing a plugin that discards the
>signatures, wouldn't you want to write a plugin that uses PGP to check
>them?
See my comments above.
.....Ron
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBM1mkYNji+CKHL7clAQGEdQP/UI2twOwmeNMBlAmY+s6xhE9jhmdXWHDL
si5tKX3gfvXoiLx+w3wzXlCEFjcTJ4TQJJhbTMO5a2D6SLSOpo+iw/1W7Ztz8dkw
ZAZdOOQ2VRi6qfZN/+4Q8I05oX/v3vPxZdp+WxSbcGDp98bZWavwPphWTl+tLfQu
Xz5JDyygpbc=
=Fb4g
-----END PGP SIGNATURE-----
Ron Murray ron@merlin.ece.curtin.edu.au http://curly.ece.curtin.edu.au/ron
PGP Public Key Fingerprint 1C 39 39 73 B4 D1 FA DA 0B 26 D5 23 13 45 6D 3E
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: