<<< Date Index >>>     <<< Thread Index >>>

Re: PGP etiquette.



William Yardley wrote:
> I'll just add that PGP/MIME certificates cause problems for some folks,

What mailers, even those from MS, still have problems with MIME?  A
couple of years ago I surveyed a bunch of friends who use various
versions of MS-Outlook and all of them handled MIME fine.  I figure
that is the lowest common denominator with any other mailer having
better features. :-)

> Signed messages can cause problems for archives (especially signed
> messages w/ archiving software that doesn't grok MIME).

Same question.  What archives do not handle MIME?

I tried to write this next bit as kindly as I could but feel that I
failed miserably.  Please don't take it too harshly.  My language
skills just failed me at this point.

I feel compelled to call lack of MIME support FUD unless there is some
data to back it up.  Virtually every MS-Outlook user sends messages as
MIME because the typical setting is to send both an text html and a
text plain attachment for every message.  I think many of the free web
mail sites do this as well.  I have not heard of any MIME related
problems in quite a number of years.  I don't think claiming that
people should not use signed messages because of MIME issues is
valid.  It may have been valid a number of years ago but I believe the
world has caught up.

I will agree that some mailing lists actively strip MIME attachments.
This is not the same thing as not handing MIME.  They handle MIME fine
and have been configured to remove MIME attachments.  It is a common
mailing list setting.  Fortunately this does not affect signed mail
which is sent inline and is not stripped.

> I personally don't think there's that much point in signing messages to
> discussion lists,
> ...
> I have seen the argument that signing every message makes it easier
> for people to tell that person XYZ is the same person XYZ who
> normally posts to the list, whereas if you just sign when you have
> something important to say, it might be harder for people to know
> you're the same person.

It is the identity theft issue.  Forged messages.  Virus and spam
email is almost always forged but never signed.  If everyone signed
their email it would be possible to mostly stop forged email.  One of
those, if only, things that we dream about.  It is certainly fair to
argue that there is not now and might not ever be critical mass for
it.  But nothing ventured, nothing gained.

> unless you're making some sort of announcement that needs to be
> authenticated.

Agreed.

> I kind of find it a little annoying when people feel the need to sign
> everything to a list.. it's usually newbie linux weenies who are like
> "OMG LOOK AT MY COOL DECODER RING".

I feel compelled to sign this message just to add a vote that signed
messages (and encrypted messages to private addresses) are a good
thing.  :-)

I usually have the following set for mutt and so if someone sends me a
signed or encrypted message when I reply I will do the same.

  set pgp_replysign=yes
  set pgp_replysignencrypted=yes

> The biggest problem I have with PGP is that virtually no one I'd
> actually want to encrypt (and, to a lesser extent, sign) messages to is
> technical enough to use it properly.

Sigh.  Yes.  That is my biggest problem as well.  Why does it always
seem like most of the world is below average?  :-)

Bob

-- 
Bob Proulx <bob@xxxxxxxxxx>
http://www.proulx.com/~bob/