Tim wrote: > It would have helped if Evolution, for instance, allowed you to set > an option in the address book to always encrypt for this person, > rather than requiring the user to do an encrypt action choice for > every email. I've had that option in other clients. That'd help > against accidentally sending things in the clear, at the very least. I think there are numerous deficiencies in Evolution then. I believe Kmail has better gpg integration (and probably Thunderbird also). I'm not sure if the Evolution developers have strong crypto support as much of a goal. (FWIW, I don't use any of them regularly myself. I've been a happy mutt user for years now. :) > One thing that struck as being particularly painful, since it was > email that we were talking about, was the inability to give someone > your public key in some way through your mail program. Yes, I know > that's not a brilliantly safe way to set things up. But with two > PCs next to each other on a LAN, that would have been safe and an > easy to do it. There's actually nothing wrong with trading keys via email. And any good mail client should make it easy to import and export keys this way. I know mutt does (and has for as long as I've used it). I believe that Kmail does as well. The important thing, no matter how you receive a key, is to properly verify it. For me, this means either: Exchanging the key info (fingerprint, size, and type) via some means other than email or internet. Typically, it'd be a phone call or in person meeting. or Having the key already signed by someone I trust. But how you get the key itself isn't at all important and doing so via email is as secure as downloading the key from a keyserver. > You had to use the gpg program, separately, to publish your key, or > create it as a file. The "mail and encryption are separate things" > issue is difficult for many to comprehend, and that's just another > thing that will discourage many from using it. If this is made an issue, then you're using a mail client that does not care about decent gpg integration AFAIAC. > As I mentioned earlier, someone's obviously monitoring some > keyservers, and harvesting addresses from them. I never noticed an increase in spam when I added my keys, and they've been there for a long time. Further, some of the addresses I had on my keys never got any spam. Of course, I'm not trying to deny that your experience isn't accurate, just saying that it doesn't seem to be unilaterally true. But either way, losing the convenience of the public keyserver isn't worth stopping a little spam IMO. I do next to nothing to obscure my email address anymore. Instead, I rely on SpamAssassin to quell the flow of spam that comes to me. That's preferable to me than trying to hide my address in all the places it might be convenient to expose it. But to each his own. :) > Peculiarly, removing some addresses from the key had a similar > effect (no more spam being received at those addresses). I didn't > expect that to happen. That is indeed quite odd. ;) > The keyserver I used was: hkp://subkeys.pgp.net Though I'm > inclined to suspect the harvesting is not that server, in itself. Yeah, since most of the keyservers sync with each other, it could be any of them. Hell, a spammer could even run one if they wanted to. But I suspect there are better ways to get addresses. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sex is hereditary. If your parents never had it, chances are you wont either. -- Joseph Fischer
Attachment:
pgptTNRbqz26z.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list