On Tue, Jan 25, 2011 at 04:04:17PM +0530, Binand Sethumadhavan wrote:
> 2011/1/25 Arun Khan <[email protected]>:
> > Also please avoid 17 lines of  PGP public key in each and every
> > message.  IMO it is as bad as legal disclaimers; instead post it on a
> > public key server and give a link to it.
> 
> Just nitpicking; Nitesh Mistry's email contains a PGP signature - not
> the public key. To verify the signature, one needs the public key -

Absolutely right!

> there are no instructions in the email on how to get it (I doubt if it
> is published in any keyserver either). So yes, you are right - the
> signature is completely useless.

Wrong. In all my emails, I mention my PGP key id below my name. So anyone
can download it from a public keyserver and verify it. Anyone who knows
about PGP would know how to do that. I don't give those instructions on
how to do it, because there are zillions of websites that provide such
instructions (hint: there is link on the contact page of my website -
a narcissist, you might call me :P). Also because, writing those instructions
in every email again would tick off some people on this list (and rightly
so). Any MUA which supports PGP encryption/authentication would parse the
signature instead of showing those lines in the email. If set up properly,
it can also be made to automatically download the key with which message
was signed without user intervention and only show relevant information
like the owner of the key and the time of making the signature, etc. 

Do not discard public key authentication/encryption as useless. They might
be the last available avenues to protect privacy. IMHO, signing messages
is a healthy practice.

PS: Yo! this list is back to normalcy. :D


-- 
Regards,
Nitesh Mistry | www.mistrynitesh.com
PGP key id: A6FEF696 | 'geekosopher' on freenode irc

Attachment: signature.asc
Description: Digital signature

-- 
http://mm.glug-bom.org/mailman/listinfo/linuxers

Reply via email to