[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg/pgp noise



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

08.05.2012 15:47, Indulekha kirjoitti:
> On Tue, May 08, 2012 at 03:41:40PM +0300, Mika Suomalainen wrote: 
> 08.05.2012 15:38, Indulekha kirjoitti:
>>>> On Tue, May 08, 2012 at 03:05:30PM +0300, Mika Suomalainen
>>>> wrote: 08.05.2012 15:03, Indulekha kirjoitti:
>>>>>>> On Tue, May 08, 2012 at 03:00:16PM +0300, Mika
>>>>>>> Suomalainen wrote: 08.05.2012 14:57, Indulekha
>>>>>>> kirjoitti:
>>>>>>>>>> On Tue, May 08, 2012 at 02:53:30PM +0300, Mika 
>>>>>>>>>> Suomalainen wrote: 08.05.2012 14:45, Jochen
>>>>>>>>>> Spieker kirjoitti:
>>>>>>>>>>>>> Indulekha:
>>>>>>>>>>>>>> 
>>>>>>>>>>>>>> No, I think you may have an incorrect or 
>>>>>>>>>>>>>> incomplete configuration....
>>>>>>>>>>>>> 
>>>>>>>>>>>>> This is inline vs. MIME:
>>>>>>>>>>>>> 
>>>>>>>>>>>>> http://www.phildev.net/pgp/pgp_clear_vs_mime.html
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>
>>>>>>>>>>>>> 
J.
>>>>>>>>>> 
>>>>>>>>>> And that page forgets the problems in MIME.
>>>>>>>>>> 
>>>>>>>>>> PGP/MIME requires headers, message and the 
>>>>>>>>>> signature.asc to be verified. Some mailing list 
>>>>>>>>>> programs mess up with the headers and this way
>>>>>>>>>> make PGP/MIME signatures unverifiable.
>>>>>>>>>> 
>>>>>>>>>> In INLINE, the signature is in message and it
>>>>>>>>>> doesn't require headers to be verified so it's
>>>>>>>>>> harder to be messed up by mailing list software.
>>>>>>>>>> 
>>>>>>>>>>> 
>>>>>>>>>> 
>>>>>>>>>> Well, all I know is that Jochen Spieker is able
>>>>>>>>>> to use it without being intrusive.... Maybe you
>>>>>>>>>> should try to follow his example? :)
>>>>>>> 
>>>>>>> If I used PGP/MIME, my signatures couldn't be verified
>>>>>>> on Ubuntu mailing lists (I am on 5 of them if I recall 
>>>>>>> correctly), nor Enigmail mailing list nor gnupg-user
>>>>>>> mailing lists nor many others. This is small list of
>>>>>>> those MLs, which I mean with
>>>>>>> http://mkaysi.github.com/PGP/Clearsigning.html .
>>>>>>> 
>>>>>>> 
>>>>>>> I see... so the people on the *proper* msiling lists
>>>>>>> will just have to suffer then, eh? :\
>>>>>>> 
>>>> 
>>>> I don't understand how those other mailing lists are
>>>> inproper.
>>>> 
>>>>> 
>>>>> 
>>>> 
>>>> They don't support the considerate version of gpg/pgp. Now
>>>> that I know that people using this actually have a choice and
>>>> choose to be rude, it does make it rather tempting to set up
>>>> an autoresponder and filter to nag them...
> 
> Note that gnupg mailing lists are also affected and they aren't
> lists themselves, the problem is in mailing list software. I think
> that they all use GNU Mailman, which is very popular among mailing
> lists.
> 
> People don't have a choice if they are on mailing lists, which
> force this by having this bug, but do as you want.
> 
>> 
>> 
>> -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>>  with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org Archive:
>> [🔎] 4FA91484.6050505@hotmail.com">http://lists.debian.org/[🔎] 4FA91484.6050505@hotmail.com
>> 
> 
> There is always a choice --for instance you have the choice to only
> sign the maill to those lists.
> 

And if someone spoofs email from my address to this list and it's
unsigned and my messages to this list are always unsigned, I cannot
say that I always sign my emails and that isn't sent by me.

- -- 
Mika Suomalainen
gpg --keyserver pool.sks-keyservers.net --recv-keys 4DB53CFE82A46728
Key fingerprint = 24BC 1573 B8EE D666 D10A  AA65 4DB5 3CFE 82A4 6728
http://mkaysi.github.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPqRpsAAoJEE21PP6CpGcokcEQAKSyKa7RyDevQA4a7Na+wX4y
Gju/qk+6JZ4G2+Yi8v6fvz7QPbQdNz+Ef38we6pDAiPoNqziDsSPPR3wjj6gIwG/
G1pBhNDwpI1B9UnFNV4HAck7A3swdJA6JP1UtNEybSrA90OZx0nyn8FGlayFq5Lz
V2QG6KlBcGNLP0aGQLcGhHJGKpowRn0M+Jbxxhp5d9sTdz57pqlsAKml64NR50Pt
VQNtIsYBCoyNyRX0rvCjd6WAc0+THIgNTPQ2Bz4VPaGzfgP1XdESSvL81q+03+N8
oQPq9E1S/4ECaPuYC6ORZ2TsEv20NzNDi8YXMeGMZhIf8cIk9rCFiGdOgCCTnQ1v
hFgLXCHASgIrT0lRnznbWe1hVIjF6nFno44FNIGH6rmAgroyjYtJO1OJ3gM8lQdv
FsRNlzHi/LhkKrL5OPwJ5fLGlmojCtsT/hKFt1yGRNH11lcLLnaQocQuO0PfT4yb
qVnblpXVbLFlYjWWMuXA0BukV6zzKW6OT5HmJF46gbNDHsmgIjIoS1//DT8bJ7+u
3AJOCAO5QVBOEjvNeGeA8EFe/BShQEy4OJW/kIaXNDU90SFYR3v9pvzMntOta9kY
WzGAtMW6pa1anFKHLj72alYOn7hRW1NjscO1dkVB6cTdTiq0E1fTlHgnZamFBUy3
PAkEkWFzCP/Z7zEGyz/6
=lkYs
-----END PGP SIGNATURE-----


Reply to: