[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: gpg/pgp noise



On Tue, May 08, 2012 at 04:06:54PM +0300, Mika Suomalainen wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 08.05.2012 15:47, Indulekha kirjoitti:
> > On Tue, May 08, 2012 at 03:41:40PM +0300, Mika Suomalainen wrote: 
> > 08.05.2012 15:38, Indulekha kirjoitti:
> >>>> On Tue, May 08, 2012 at 03:05:30PM +0300, Mika Suomalainen
> >>>> wrote: 08.05.2012 15:03, Indulekha kirjoitti:
> >>>>>>> On Tue, May 08, 2012 at 03:00:16PM +0300, Mika
> >>>>>>> Suomalainen wrote: 08.05.2012 14:57, Indulekha
> >>>>>>> kirjoitti:
> >>>>>>>>>> On Tue, May 08, 2012 at 02:53:30PM +0300, Mika 
> >>>>>>>>>> Suomalainen wrote: 08.05.2012 14:45, Jochen
> >>>>>>>>>> Spieker kirjoitti:
> >>>>>>>>>>>>> Indulekha:
> >>>>>>>>>>>>>> 
> >>>>>>>>>>>>>> No, I think you may have an incorrect or 
> >>>>>>>>>>>>>> incomplete configuration....
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> This is inline vs. MIME:
> >>>>>>>>>>>>> 
> >>>>>>>>>>>>> http://www.phildev.net/pgp/pgp_clear_vs_mime.html
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >
> >>>>>>>>>>>>> 
> J.
> >>>>>>>>>> 
> >>>>>>>>>> And that page forgets the problems in MIME.
> >>>>>>>>>> 
> >>>>>>>>>> PGP/MIME requires headers, message and the 
> >>>>>>>>>> signature.asc to be verified. Some mailing list 
> >>>>>>>>>> programs mess up with the headers and this way
> >>>>>>>>>> make PGP/MIME signatures unverifiable.
> >>>>>>>>>> 
> >>>>>>>>>> In INLINE, the signature is in message and it
> >>>>>>>>>> doesn't require headers to be verified so it's
> >>>>>>>>>> harder to be messed up by mailing list software.
> >>>>>>>>>> 
> >>>>>>>>>>> 
> >>>>>>>>>> 
> >>>>>>>>>> Well, all I know is that Jochen Spieker is able
> >>>>>>>>>> to use it without being intrusive.... Maybe you
> >>>>>>>>>> should try to follow his example? :)
> >>>>>>> 
> >>>>>>> If I used PGP/MIME, my signatures couldn't be verified
> >>>>>>> on Ubuntu mailing lists (I am on 5 of them if I recall 
> >>>>>>> correctly), nor Enigmail mailing list nor gnupg-user
> >>>>>>> mailing lists nor many others. This is small list of
> >>>>>>> those MLs, which I mean with
> >>>>>>> http://mkaysi.github.com/PGP/Clearsigning.html .
> >>>>>>> 
> >>>>>>> 
> >>>>>>> I see... so the people on the *proper* msiling lists
> >>>>>>> will just have to suffer then, eh? :\
> >>>>>>> 
> >>>> 
> >>>> I don't understand how those other mailing lists are
> >>>> inproper.
> >>>> 
> >>>>> 
> >>>>> 
> >>>> 
> >>>> They don't support the considerate version of gpg/pgp. Now
> >>>> that I know that people using this actually have a choice and
> >>>> choose to be rude, it does make it rather tempting to set up
> >>>> an autoresponder and filter to nag them...
> > 
> > Note that gnupg mailing lists are also affected and they aren't
> > lists themselves, the problem is in mailing list software. I think
> > that they all use GNU Mailman, which is very popular among mailing
> > lists.
> > 
> > People don't have a choice if they are on mailing lists, which
> > force this by having this bug, but do as you want.
> > 
> >> 
> >> 
> >> -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> >>  with a subject of "unsubscribe". Trouble? Contact
> >> listmaster@lists.debian.org Archive:
> >> 4FA91484.6050505@hotmail.com">http://lists.debian.org/4FA91484.6050505@hotmail.com
> >> 
> > 
> > There is always a choice --for instance you have the choice to only
> > sign the maill to those lists.
> > 
> 
> And if someone spoofs email from my address to this list and it's
> unsigned and my messages to this list are always unsigned, I cannot
> say that I always sign my emails and that isn't sent by me.
> 

I think they've come a long way in mediactions to address paranoia 
these last few years...
Seriously, why the devil would anyone want to spoof your email?!
What are you, Black Ops?

-- 
❤ ♫ ❤ ♫ ❤ ♫ ❤   
 Indulekha 


Reply to: