[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: More about GPG signing


Dňa Sat, 12 May 2012 12:36:25 +1000 Scott Ferguson
<scott.ferguson.debian.user@gmail.com> napísal:

> Paraphrase yes. Useful analogy I don't believe so.

from your point of view... But from my point it is analogy.

> A better analogy would be:-
> Is the post reduced in value if Tony's was name was not added to the
> sender field?

the same as above. At first i want to remove my name from this post, but
i see, that i am very lazy ;-)

My english is poor, then it is terrible to write long answers for me. I
hope, that i will write it in proper manner...

For me the name in sender has no value. For one good reason - i never meet
anybody from this list, then i cannot create association with name and
person, and then i mostly don't read the name at all.

But, consider, that i will read this list for long time. After some time i
will see that some senders posts here good solutions and another not. I am
sure, that you know it: some people know what they are writing, and others
are writing what they know... When i will want distinguish these senders i
will read the names and then you will right. 

But now about principle - anybody on the word can add "Slavko" as
name in sender header. Many people can add the whole line ("Slavko
<linux(blee)slavino.sk>") as sender (i want no discuss here why, who and
when). As you can see, the sender header of the many people can be
identical with my sender header. Then when i will depend on sender only, i
can get false positives and then the real value of this field is nearer
zero for me. Yes, here exists many people for which it is enough and many
people, which do not know about unreliability of this header. And many
others simply trust...

Consider the same with PGP signature. Can anybody on the word sign his
name and address? Yes, they can. Can anybody sign for my name and email?
Yes, they can. But will be the signature of the anybody identical with my?
No, the digital signatures will not be identical (again, i want no discuss
here about key cracking etc. - i am not cryptology expert). Then i am able
to identify mail's sender, and then this signature has value for me.

I still cannot create association between mail sender and person, but this
is about web of trust and this was discussed before by another senders.

I will go back to start now. Consider that i have reason to distinguish
the senders. For some people is enough to see sender mail, for another is
enough to see name in sender, and for another else are both (name and
email) needed. But still here are some people, for which, the more
reliability is needed.

The included digital signature is for these, which are seeking it and
others can ignore it. It is not about his "ego-trip", it is about
providing option to receivers. And this "ego-trip" was goal of my

This is my point of view.

> People have a perfect right to object to signatures - even non-PGP ones.
> Just as people have a perfect right to use signatures, provided they
> comply with the rules of conduct... if people don't want to download the
> signature (or it's embedded pictures) it's their call, just as it's the
> call of those who want to bully their signatures onto others.
> I object to inline signatures - but I won't filter out the posts just
> because of the signatures and I'd hope that most people are the same.

One example from my live: I am using Linux at home, Windows at work and i
have some Android tablet too.

* On linux here is not problem to find solution and as you see, my
  signature is PGP/MIME.
* It was a lot of searching for me to get MUA for   Windows with GPG
  support (early mentioned Thunderbird and Enigmail) and i see no others
  equivalents exists (or only very old or commercial).
* Some time was needed for searching the same for my Android and here i
  found only one, but it supports only inline PGP, then i have problem
  with mails with GPG/Mime

A lot of my friends uses GPG/Inline for me now, because they know about my
Android GPG problem. And analogically, if i will respond here from my
Android, my mail will be signed by GPG/Inline - will be i the ignorant?

My conclusion:

In freedom world i am respecting sender's option to don't fill his name, i
will respect his option to fill his name too. I will respect the "Micky
Maus" as name too. I will respect mail sender's option about don't
including digital signature, as well as including it in any manners. Why?
Because these all are sender's freedom options. I have freedom too. I can
filter unwanted messages (yes, i know, filter by unreliable sender
header), or go out from mail list. Or, more simply, i can tell to self,
that this (GPG/Inline) is not for me, because i am not only one recipient
in this ML, and ignore these mails (most used key on my keyboard seems to
be the Delete key).



Attachment: signature.asc
Description: PGP signature

Reply to: