[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Challenge-response mail filters considered harmful



On Mon, Aug 04, 2003 at 05:48:42PM -0400, ScruLoose wrote:
> On Mon, Aug 04, 2003 at 01:18:18PM -0700, Alan Connor wrote:
> > 2) They are a an extreme violation of netiquette
> 
> I don't know where you've been learning your netiquette. PGP-signed
> messages have been widely regarded as acceptable (if not preferable)
> for *at least* the past decade.

I'm on a yahoo mailing list that automatically strips PGP signatures
from posts. I consider that a genuine breach of netiquette. (To add
insult to injury, they add several lines of spam to the bottom of each
post - which I, in turn, automatically strip.)

> > 3) They are a waste of bandwidth on several levels
> 
> My signature shows up as a 0.2k attachment. Unless you're still using a
> 50 bps telephone-cradle type modem, I can't see that being a bandwidth
> issue.  Really.

I get rabid about wasted bandwidth because I'm on a metered dialup. I
froth at the mouth about overcomplex websites, but PGP sigs bother me
not at all. Indeed, I use them myself.

> > 4) They make posts hard to read and ugly.
> 
> Only if you're reading them on a badly broken client (or User-Agent if
> you prefer the term).

eg. Outlook Express...

> A properly designed program *even if it doesn't know PGP* will just
> display the message text, leaving the signature alone it its own
> attachment.

And a decent client that does understand PGP will do the same if you
tell it to, so you don't have to be encumbered with it if you don't
want to be.

echo 'set pgp_verify_sig=no' >> ~/.muttrc

> Under my setup with mutt, the signature is automatically checked, and
> each signed message is prefaced with a brief header telling me whether
> the signature is valid (and matches the message contents) or not.
> The very essence of convenience.

I have a script that looks at the sigs in incoming mail as it's
delivered, and automatically pulls from a keyserver any that I don't
have. Very convenient.

> Of course, the old-fashioned "in-line" type of signature does add a few
> lines in the body of the message, but those are (AFAIK) widely regarded
> as deprecated, in favour of PGP-MIME with the sig as a separate
> attachment.

The lines are at the end, though. It has occasional advantages, eg.
sending mail to someone who uses lookout and that with difficulty.

-- 
Pigeon

Be kind to pigeons
Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F

Attachment: pgpTUg4YeBIqQ.pgp
Description: PGP signature


Reply to: