Re: PGP signatures.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tim wrote:
> It would have helped if Evolution, for instance, allowed you to set
> an option in the address book to always encrypt for this person,
> rather than requiring the user to do an encrypt action choice for
> every email.  I've had that option in other clients.  That'd help
> against accidentally sending things in the clear, at the very least.

I think there are numerous deficiencies in Evolution then.  I believe
Kmail has better gpg integration (and probably Thunderbird also).  I'm
not sure if the Evolution developers have strong crypto support as
much of a goal.

(FWIW, I don't use any of them regularly myself.  I've been a happy
mutt user for years now. :)

> One thing that struck as being particularly painful, since it was
> email that we were talking about, was the inability to give someone
> your public key in some way through your mail program.  Yes, I know
> that's not a brilliantly safe way to set things up.  But with two
> PCs next to each other on a LAN, that would have been safe and an
> easy to do it.

There's actually nothing wrong with trading keys via email.  And any
good mail client should make it easy to import and export keys this
way.  I know mutt does (and has for as long as I've used it).  I
believe that Kmail does as well.

The important thing, no matter how you receive a key, is to properly
verify it.  For me, this means either:

    Exchanging the key info (fingerprint, size, and type) via some
    means other than email or internet.  Typically, it'd be a phone
    call or in person meeting.

or

    Having the key already signed by someone I trust.

But how you get the key itself isn't at all important and doing so via
email is as secure as downloading the key from a keyserver.

> You had to use the gpg program, separately, to publish your key, or
> create it as a file.  The "mail and encryption are separate things"
> issue is difficult for many to comprehend, and that's just another
> thing that will discourage many from using it.

If this is made an issue, then you're using a mail client that does
not care about decent gpg integration AFAIAC.

> As I mentioned earlier, someone's obviously monitoring some
> keyservers, and harvesting addresses from them.

I never noticed an increase in spam when I added my keys, and they've
been there for a long time.  Further, some of the addresses I had on
my keys never got any spam.  Of course, I'm not trying to deny that
your experience isn't accurate, just saying that it doesn't seem to be
unilaterally true.

But either way, losing the convenience of the public keyserver isn't
worth stopping a little spam IMO.  I do next to nothing to obscure my
email address anymore.  Instead, I rely on SpamAssassin to quell the
flow of spam that comes to me.  That's preferable to me than trying to
hide my address in all the places it might be convenient to expose it.
But to each his own. :)

> Peculiarly, removing some addresses from the key had a similar
> effect (no more spam being received at those addresses).  I didn't
> expect that to happen.

That is indeed quite odd. ;)

> The keyserver I used was:  hkp://subkeys.pgp.net  Though I'm
> inclined to suspect the harvesting is not that server, in itself.

Yeah, since most of the keyservers sync with each other, it could be
any of them.  Hell, a spammer could even run one if they wanted to.
But I suspect there are better ways to get addresses.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sex is hereditary. If your parents never had it, chances are you wont
either.
    -- Joseph Fischer

Attachment: pgptTNRbqz26z.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux