On 08/08/2013 09:17 PM, Khelben Blackstaff wrote: <SNIP> (please read the original)
Short answer: Your github URL converted into an email address is NOT a good solution. Read on if you want to know why. It is not necessary to "own" the domain. For example, I could perhaps have an email account at physics.arizona.edu (they make great telescope optics). There was a joke about a head coach here in the United States being able to come up to a potential recruit and say "Coach Jared Grasso, Iona College." To which the potential recruit would reply as he was shaking the coach's hand; "YOU DO!?" Even though you don't own the educational institution you do own an email address there if one is given to you. It is yours as long as they let you have it. Similarly, if you have an email address at a company you work at, even though the company may say they own the email box contents, the address is "yours" at least to use until you move on to some place else. The first reason one of your UIDs needs an email address only you use is to make the keys (assuming a primary signing key and an enciphering sub key but there are many other options) "yours". It is also helpful to have a comment for that UID with an email address to help persuade others to sign your keys for the WOT. It also makes it even harder for somebody to typo-squat on your key-set (key-pair for me). If you put your public keys on one of the keyservers about the only way others can get your key(s) is if at least one of your UIDs has an email address. The email address is used to find your key as well as providing partial authentication that you got the right key. This is especially true for web key search tools: http://pgp.mit.edu/ (real names and even the shortened key ID come up blank for me but email addresses never fail) In addition to your primary UID which has an email address you can add as many UIDs as you need. Make sure you really need the UIDs. There should not be a problem in making one of the other UIDs without an email address that has only your name in the name field and your github URL in the comment field. I have many keys on my key-ring that in addition to one or more UIDs with email addresses have some additional UIDs with just their name and the Comment field filled in. So making an extra UID with your name, no email address, and your github URL in the comment field is probably the best way to do what I THINK you are attempting to do. Are you saying that strange email address created from your github ID makes it possible for people to send you a message from POP or web-mail similar to sending an SMS message to a cell phone? If it works you may want to add it but you still should have a UID for your key-set that has a "real" email address. (I answer why in a separate paragraph). It is much easier and less expensive to own your own domain and a POP email account than you would expect. The domain and POP email account I am using here is less than $30 per year at 1and1.com. GoDaddy and others can also set you up. Your first and last name run together "khelbenblackstaff" is available in the BIZ, COM, INFO, NET, and ORG TLDs. If you are in the US, "khelbenblackstaff.us" is also available. So getting a POP email account is in reach. It is also something you can have that is consistent and stays with you from school to school and job to job as well as many changes in your physical address and even across multiple ISPs. If you get an email account with a mail provider that is using Microsoft Exchange make sure you write EVERYTHING down. Others send to you with the traditional NAME@DOMAIN but you usually access the POP email in Thunderbird or another MUA by using the internal Microsoft Exchange name your mail service provider will give you. E.g,. instead of using hhhobbit[GNAT]securemecca.net I use m-MYHASHID to access the email for this account. I also have to use the m-MYHASHID in the web-mail interface. I will let others answer your questions about "converting" your github URL to an email address. I don't think too much of it because another reason for a "real" email address is so they can email you an enciphered message and ask "is this key yours?" They enciphered with your public key. If you don't have the secret (private) side of the key then you cannot decipher the message. If you don't answer the sender gets paranoid and decides the key is bogus. Can you handle an enciphered message with that github id converted into an email address? I don't think so. NOW you know why I don't like that strange github derived email address. I have taken up WAY too much space in an attempt to give the greatest clarity. I will let somebody else answer your pgpmime question. All I know is that Enigmail in Thunderbird makes it explicit with an "use PGP/MIME" check box. It works. So does Claws Mail on Windows which is bundled with GPG4Win. I cannot advise using any MUA (Mail User Agent - Thunderbird, Office, Claws Mail, etc.) that renders HTML. I am getting one malware per day in my email but since I use Thunderbird, NOT phish or spear phish fools me even when I am sick and almost asleep. Enigmail in Thunderbird seamlessly integrates GnuPG encryption as well. Ditto for Claws Mail. I strongly discourage using Microsoft Office. Even RSA and other companies get whacked by spear-phish when they use Microsort Office to read email. HHH _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
