Re: About PGP signatures

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: About PGP signatures
From: "Karsten M. Self" <kmself@ix.netcom.com>
Date: Thu, 24 May 2001 10:07:42 -0700
Message-id: <[🔎] 20010524100742.C24047@navel.introspect>
In-reply-to: <[🔎] 20010523195717.C23321@morgul.net>; from frodo@morgul.net on Wed, May 23, 2001 at 07:57:17PM -0400
References: <[🔎] 3B0BB246.899D99EC@mailandnews.com> <[🔎] 20010523154347.F21012@plato.local.lan> <[🔎] 20010523195717.C23321@morgul.net>

on Wed, May 23, 2001 at 07:57:17PM -0400, Noah L. Meyerhans (frodo@morgul.net) wrote:
> On Wed, May 23, 2001 at 03:43:47PM -0800, Ethan Benson wrote:
> >
> > get a real mail client that supports RFCs.  the relevant RFC is 2015
> >
> > i recommend mutt
> 
> Supporting RFCs is fine and should be encouraged, 

Note that RFC 2015 is a draft standard, it's not officially adopted by
IETF.  It is supported by a variety of clients, however.  I've
researched this issue several times as I'm one of the people who signs
messages.  Rant in progress.

Note also that the authors of RFC 2015 and mutt see to have more than a
passing familiarity with one another.

> but from what I've seen there is not another mail reader in existence
> that can verify mutt's attached signatures.  

Not true, as noted by others.

Request:  I'd like a list of clients supporting RFC 2015 attachments and
the plugins necessary to support this.  Of particular interest:

  - AOL
  - dtmail
  - Eudora for Legacy MS Windows and Mac.
  - Forte Agent
  - Juno
  - Lotus Notes
  - MS Internet Mail Service
  - MS Outlook
  - MS Outlook Express
  - Netscape 3.x / 4.x
  - Novell GroupWise
  - Pegasus Mail for Win32
  - Turnpike

Anyone having specific information on any of these clients please mail
me off-list.

> I wrestled with this for a very very long time when switching to mutt.
> I've read the mutt developers' reasons for why inline sigs are bad,
> but when doing things the "right way" breaks things for everybody
> else, that's a bad situation.

Not if it forces everyone else to consider adding RFC 2015 capabilities
to their mail client.  Signing and encryption are useful technologies
(though not panaceas).  The should be encouraged.

> I know mutt people just come back and say "well everybody else is
> broken", but that argument just doesn't hold weight with me.  Maybe mutt
> needs to wait until the rest of the world catches up to it, or, if the
> world has no intention of ever catching up to it, maybe the RFC needs
> rethinking.

My philosophy:

  - You are responsible for verifying that I am the sender of a message
    purporting to come from me, and that the messages are intact.
  - GPG signatures area technical tool providing a level of assurance
    that this.
  - I sign all mail.
  - The standard is open.  It's not officially accepted, but there's
    working code and a rough consensus.  That works for me.

I'm prepared to let the rest of the world reconsider its complacency.

Cheers.

-- 
Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?       There is no K5 cabal
  http://gestalt-system.sourceforge.net/         http://www.kuro5hin.org
   Disclaimer:          http://www.goldmark.org/jeff/stupid-disclaimers/

Attachment: pgpvm0ubinsAM.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: About PGP signatures
  - From: Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>

References:
- About PGP signatures
  - From: Eddy Young <jeyoung@mailandnews.com>
- Re: About PGP signatures
  - From: Ethan Benson <erbenson@alaska.net>
- Re: About PGP signatures
  - From: "Noah L. Meyerhans" <frodo@morgul.net>

Prev by Date: Re: Missing mails
Next by Date: Re: Determining IP address of my pc (dial up and/or cable modem)
Previous by thread: Re: About PGP signatures
Next by thread: Re: About PGP signatures
Index(es):
- Date
- Thread