-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Monday 30 March 2015 at 7:21:35 PM, in
, Ville Määttä wrote:
> That's a "mental breakdown" of the user :). Sorry about
> the ambiguity.
I find malformed emails full of HTML tags and almost totally
unreadable throughout to be a greater risk
On 25.03.15 22:32, Doug Barton wrote:
> On 3/25/15 1:20 PM, Ville Määttä wrote:
>> On 25.03.15 21:41, Doug Barton wrote:
>>> While this is strictly anecdotal evidence I would argue that it's a good
>>> indication that we may not be ready for PGP/MIME as the default.
>>
>> I think that fail, a signa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 26 March 2015 at 8:10:08 PM, in
,
Brian Minton wrote:
> I meant what I said about them gmail being a client.
This is only true in the limited sense that they provide a webmail
interface that performs a function equivalent to an em
On 2015-03-26 21:10, Brian Minton wrote:
but
for comparison, searching my ~12GB of mail on Thunderbird takes a lot
longer and is a lot clunkier of an interface than the nearly instant
search using gmail's web interface.
With IMAP, you can run searches on the server as well (I'm assuming
you're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Mar 26, 2015 at 3:49 PM, MFPA
<2014-667rhzu3dc-lists-gro...@riseup.net> wrote:
>
> Gmail is an email service provider, not an email client. They provide
> access via a webmail site for those who wish to process their email
> using a web brows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 26 March 2015 at 4:17:46 PM, in
,
Brian Minton wrote:
> I think gmail is the single most popular email client,
Gmail is an email service provider, not an email client. They provide
access via a webmail site for those who wish to
On 26.03.15 01:38, Daniele Nicolodi wrote:
> On 25/03/15 23:56, Ville Määttä wrote:
>> > On 26.03.15 00:14, Ingo Klöcker wrote:
>>> >> So it's not mailman that's not smart enough, but the mail clients
>>> >> the other recipients are using. Mail clients showing a
>>> >> "signature.asc" attachment pr
On 3/26/2015 1:57 PM, Ville Määttä wrote:
> On 26.03.15 01:38, Daniele Nicolodi wrote:
>> On 25/03/15 23:56, Ville Määttä wrote:
On 26.03.15 00:14, Ingo Klöcker wrote:
>> So it's not mailman that's not smart enough, but the mail clients
>> the other recipients are using. Mail clients s
On 26.03.15 18:17, Brian Minton wrote:
> I think gmail is the single most popular email client, with 500 million
>
> users.
There are about 7,3 billion people out there that don't have a clue what
OpenPGP is.
> I think that until there is a way to verify pgp signatures from
>
> within gmail, pg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I think gmail is the single most popular email client, with 500 million
users. I think that until there is a way to verify pgp signatures from
within gmail, pgp/mime will continue to show up as an attachment.
There are ways to use pgp/mime or i
Doug Barton writes:
> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
>> Doug,
>> Signature shows as an attachment "signature.asc". No evidence that PGP
>> actions were envoked. Work forces use of Synaptic PGP, so I cannot tell if
>> it is verified or not.
>
> Thanks Bob, that is interestin
On 25/03/15 23:56, Ville Määttä wrote:
> On 26.03.15 00:14, Ingo Klöcker wrote:
>> So it's not mailman that's not smart enough, but the mail clients
>> the other recipients are using. Mail clients showing a
>> "signature.asc" attachment probably do not understand PGP/MIME
>> (which isn't that unusu
On Thursday, March 26, 2015 12:56:03 AM Ville Määttä wrote:
> It seems to me that emails sent and signed by Thunderbird + Enigmail are
> displayed just fine by it. No signature.asc quirks. But emails sent by
> others are displaying the attachment in addition to the normal Enigmail
> added UI signat
On 26.03.15 00:14, Ingo Klöcker wrote:
> So it's not mailman that's not smart enough, but the mail clients the other
> recipients are using. Mail clients showing a "signature.asc" attachment
> probably do not understand PGP/MIME (which isn't that unusual because only a
> handful mail clients sup
On Wednesday 25 March 2015 21:06:53 martijn. list wrote:
> On 03/25/2015 08:41 PM, Doug Barton wrote:
> > On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
> >> Doug,
> >> Signature shows as an attachment "signature.asc". No evidence that PGP
> >> actions were envoked. Work forces use of Synaptic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 25 March 2015 at 7:41:56 PM, in
, Doug Barton wrote:
> While this is strictly anecdotal evidence I would argue
> that it's a good indication that we may not be ready
> for PGP/MIME as the default.
FWIW, my MUA (The Bat!) shows
On 03/25/2015 08:41 PM, Doug Barton wrote:
> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
>> Doug,
>> Signature shows as an attachment "signature.asc". No evidence that PGP
>> actions were envoked. Work forces use of Synaptic PGP, so I cannot
>> tell if it is verified or not.
>
> Thanks Bob,
On Wednesday, March 25, 2015 12:41:56 PM Doug Barton wrote:
> On 3/25/15 11:08 AM, Bob (Robert) Cavanaugh wrote:
> > Doug,
> > Signature shows as an attachment "signature.asc". No evidence that PGP
> > actions were envoked. Work forces use of Synaptic PGP, so I cannot tell
> > if it is verified or
On 3/25/15 1:20 PM, Ville Määttä wrote:
On 25.03.15 21:41, Doug Barton wrote:
While this is strictly anecdotal evidence I would argue that it's a good
indication that we may not be ready for PGP/MIME as the default.
I think that fail, a signature.asc attachment, is still a "cleaner fail"
than
On 25.03.15 21:41, Doug Barton wrote:
> While this is strictly anecdotal evidence I would argue that it's a good
> indication that we may not be ready for PGP/MIME as the default.
I think that fail, a signature.asc attachment, is still a "cleaner fail"
than a non-PGP receiver getting a breakdown f
On 2/20/12 7:55 PM, Steve wrote:
> Hm, that was also bothering me with the other mails you wrote on
> this topic earlier. It's already very late here, so bare with me I'm
> taking this from remembrance. You said due to the fact that the world
> is very big and web of trust not used much, it can't s
> . . .
>> Mozilla is founded ["funded" probably] by Google. Without Google
>> they would be gone.
>> Googles business model is not to protect the user but to analyze him.
>> That is not possible when you use mail encryption.
>>
>> The question is still valid and imo, some pressure from the user
>
On 2/20/12 2:24 PM, steveb...@gulli.com wrote:
. . .
Mozilla is founded ["funded" probably] by Google. Without Google
they would be gone.
Googles business model is not to protect the user but to analyze him.
That is not possible when you use mail encryption.
The question is still valid and imo,
On 2/20/12 2:24 PM, Steve wrote:
> Mozilla is founded by Google.
Mozilla receives funds from Google and others. The "and others" bit is
important.
> Without Google they would be gone.
Without Google Mozilla would have to find other partners. I'm willing
to bet cash money on the barrelhead they
>> Has there been a concerted effort to make Enigmail an integral part of
>> Thunderbird, distributed with it? If yes, what are the reasons that it
>> has been rejected so far? If no, why not?
> Werner replied:
> The Mozillas don't like OpenPGP. To them it is probably too much
> anarchy compared t
On Thu, 2 Feb 2012, Robert J. Hansen wrote:
. . .
Oh, Wittgenstein's wonderful. I have a quote from him on a Post-It on
my monitor:
"What makes a subject difficult to understand ... is not
that some special instruction about abstruse things is
necessary to understand
On 2/2/12 2:03 PM, Avi wrote:
> OK, I'm sorry, but when someone drops Wittgenstein—on topic—on a
> list about cryptography, there needs to be some recognition of
> that.
Oh, Wittgenstein's wonderful. I have a quote from him on a Post-It on
my monitor:
"What makes a subject difficult to
> -- Forwarded message --
> From: "Robert J. Hansen"
> To: gnupg-users@gnupg.org
> Cc:
> Date: Wed, 01 Feb 2012 18:12:24 -0500
> Subject: Re: PGP/MIME use
> On 2/1/12 5:53 PM, Hauke Laging wrote:
> Yes, I'm ignoring Windows, mostly becau
On 2/1/2012 7:30 PM, Hauke Laging wrote:
>> Your statement was, "I just don't understand why someone who has
>> understood the concept[s] and is capable of [using the software] should
>> not use that technology for his email." That's a statement, not a
>> question:
>
> You are so right. You like
Am Donnerstag, 2. Februar 2012, 00:27:04 schrieb Robert J. Hansen:
> Your statement was, "I just don't understand why someone who has
> understood the concept[s] and is capable of [using the software] should
> not use that technology for his email." That's a statement, not a
> question:
You are
On 2/1/12 6:08 PM, Hauke Laging wrote:
> My question was NOT "Why do so few people use email cryptography"?
> But that is the question this paper wants to answer.
Your statement was, "I just don't understand why someone who has
understood the concept[s] and is capable of [using the software] shoul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/1/2012 04:35 PM, MFPA wrote:
> Seems likely to me that the majority of Windows users use neither
> S/MIME nor openPGP.
This is an assumption. I, personally, have a dual-boot system with a GNU/Linux
OS and Windows 7. Ever since I discovered Gn
On 2/1/12 5:53 PM, Hauke Laging wrote:
> I apologize if anyone had the impression that I used your quote
> wrongly (but why should I?). The point is that you said nothing about
> Windows which due to its market share cannot be ignored. And that has
> no relation to the context of your quote.
Yes,
Am Mittwoch, 1. Februar 2012, 22:38:57 schrieb Robert J. Hansen:
> On 2/1/12 4:14 PM, Hauke Laging wrote:
> > I just don't understand why someone who has understood the
> > concept and is capable of validating keys of others, encrypting,
> > decrypting and signing should not use that technology for
Am Mittwoch, 1. Februar 2012, 17:19:08 schrieb Robert J. Hansen:
> On 2/1/12 10:47 AM, Hauke Laging wrote:
> > Of course not. I just don't believe that there are many examples of
> > this type out there. To me a serious user is one who actively signs,
> > encrypts, and/or verifies data and knows wh
gnupg-users-boun...@gnupg.org wrote on 02/01/2012 01:58:45 PM:
> - Message from Jerry on Wed, 1 Feb 2012
> 14:23:31 -0500 -
>
> To:
>
> gnupg-users@gnupg.org
>
> Subject:
>
> Re: PGP/MIME use
>
> On Wed, 1 Feb 2012 13:37:56 -0500
>
Am Mittwoch, 1. Februar 2012, 23:19:43 schrieb MFPA:
> > I just don't understand why someone
> > who has understood the concept and is capable of
> > validating keys of others, encrypting, decrypting and
> > signing should not use that technology for his email
> > (neither professional nor privat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 1 February 2012 at 9:14:33 PM, in
, Hauke Laging
wrote:
> I just don't understand why someone
> who has understood the concept and is capable of
> validating keys of others, encrypting, decrypting and
> signing should not use tha
On 2/1/12 5:02 PM, Christopher J. Walters wrote:
> I have read the abstract, and admit that I only skimmed the rest of
> that paper. I find that it is only really talking about the use of
> public key encryption of messages, and the human factors that lead
> to the decision of whether or not to en
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2/1/2012 04:38 PM, Robert J. Hansen wrote:
> I have referred to this paper probably five times or more on this list
> and other lists. I really wish people would read it. I'm getting tired
> of answering this -- it's my least-favorite OpenPGP-re
On Wed, 1 Feb 2012 21:35:21 +
MFPA articulated:
> Seems likely to me that the majority of Windows users use neither
> S/MIME nor openPGP.
Which would equate to the majority of non-Windows users. However, of
those users on MS Windows that do use a form of document signing, I
believe that major
On 2/1/12 4:14 PM, Hauke Laging wrote:
> I just don't understand why someone who has understood the
> concept and is capable of validating keys of others, encrypting, decrypting
> and signing should not use that technology for his email.
I have referred to this paper probably five times or more
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 1 February 2012 at 5:19:41 PM, in
, Jerry wrote:
> Windows users prefer S/MIME.
Seems likely to me that the majority of Windows users use neither
S/MIME nor openPGP.
- --
Best regards
MFPAmailto:expires2...@
On Wed, 01 Feb 2012 14:40:23 -0500
Robert J. Hansen articulated:
> I liked hearing the "Gee, look at the time, gotta go" answer. It
> seemed to be the most honest.
>
> YMMV, and banks are definitely different beasts from voting
> authorities.
I used to get the "Gee" bit to when I asked for a ra
Am Mittwoch, 1. Februar 2012, 19:37:56 schrieb michaelquig...@theway.org:
> I would be one who fits in the other case. I've never signed an
> e-mail--no one at our organization does. (Not that I wouldn't like to,
> but nearly all those with whom I communicate wouldn't have any use for nor
> comp
On 2/1/12 2:23 PM, Jerry wrote:
> Does your bank actually verify those signed documents?
I can't vouch for financial institutions. I can tell you that when I
was working in electronic voting, whenever I asked questions about "do
you verify signatures?" I was always assured that yes, yes they did.
On Wed, 1 Feb 2012 13:37:56 -0500
michaelquig...@theway.org articulated:
> However, I've written scripts to
> routinely sign files for transmission to our bank.
Does your bank actually verify those signed documents? I have sent
documents to various organizations, both signed and unsigned and nev
On Wed, 1 Feb 2012 18:19, je...@seibercom.net said:
> Windows users prefer S/MIME. I know I use it on my Windows machines
> because it does not require me to install more applications. It works
But users need to pay their Internet tax to Verislime et al. Or, tinger
with CAcert root certificates
On 2/1/12 11:40 AM, gn...@lists.grepular.com wrote:
> Has there been a concerted effort to make Enigmail an integral part
> of Thunderbird, distributed with it?
I don't know what you mean by a "concerted effort." Maybe five Enigmail
users count under your definition, maybe fifty: maybe two people
gnupg-users-boun...@gnupg.org wrote on 02/01/2012 10:51:46 AM:
> - Message from "Robert J. Hansen" on Wed,
> 01 Feb 2012 11:19:08 -0500 -
>
> To:
>
> gnupg-users@gnupg.org
>
> Subject:
>
> Re: PGP/MIME use
>
> On 2/1/12 10:47 AM, Hauke
On Wed, 01 Feb 2012 17:55:05 +0100
Werner Koch articulated:
> The Mozillas don't like OpenPGP. To them it is probably too much
> anarchy compared to S/SMIME. Ask the Mammon.
Windows users prefer S/MIME. I know I use it on my Windows machines
because it does not require me to install more applic
On Wed, 1 Feb 2012 17:40, gn...@lists.grepular.com said:
> Has there been a concerted effort to make Enigmail an integral part of
> Thunderbird, distributed with it? If yes, what are the reasons that it
> has been rejected so far? If no, why not?
The Mozillas don't like OpenPGP. To them it is p
On 01/02/12 16:19, Robert J. Hansen wrote:
> As soon as both Thunderbird *and* Enigmail are part of a standard Linux
> installation, let me know. I'd love to know about it. Until then, I
> think Enigmail is going to remain a niche player.
Has there been a concerted effort to make Enigmail an in
On Wed, 1 Feb 2012 16:47, mailinglis...@hauke-laging.de said:
> That's not true for a certain quite popular OS. How many Windows users
> install
> GnuPG without Enigmail? Given the huge difference in Linux and Windows users
> this affects the calculation a lot.
A quick data point. From March
On 2/1/12 10:47 AM, Hauke Laging wrote:
> Of course not. I just don't believe that there are many examples of
> this type out there. To me a serious user is one who actively signs,
> encrypts, and/or verifies data and knows what he is doing. He has
> created a key and verified at least one. Everyth
Am Mittwoch, 1. Februar 2012, 01:04:57 schrieb Robert J. Hansen:
> > It is hard for me to believe that a serious user of GnuPG does not
> > use it for email.
>
> This sounds like a No True Scotsman fallacy. If someone uses GnuPG but
> not for email, does that disqualify them from being a serious
On Tue, Jan 31, 2012 at 02:08:26PM -0500, Jean-David wrote in
<4f283c2a.6070...@verizon.net>:
Remco Rijnders wrote:
I appreciate signed mails on this list (and any other lists). Most
problems these days on the internet are, in my opinion, related to
people being completely anonymous. If you st
On Tue, 31 Jan 2012 19:04:57 -0500
Robert J. Hansen articulated:
> And then I imagined my dean answering, "That proves nothing: after
> all, if I was posting this stuff I wouldn't sign it, either."
Don't apologize, I loved you post. One of the better one's I have read
in a while. It appears that
Warning: do not take *any* of the numbers here seriously. They may be
completely divorced from reality. These numbers are like Monopoly money
-- completely fake, but still useful to illuminate important lessons
about the real thing.
This email is also quite long, and I apologize for that. I hav
> One, albeit rather unimportant, use is to help people with whom you
> would like to regularly communicate access and check your key a bit
> more easily, especially for people with multiple keys.
Putting a kludge in email headers or a "OpenPGP Key ID: 0xD6B98E10" in
the sigblock seems to be a mor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 31 January 2012 at 6:02:27 PM, in
, gn...@lists.grepular.com
wrote:
> IMO, if there's one place you should be able to sign
> email, it's the GnuPG users mailing list. It's called
> dogfooding.
OK, but should we *clearsign* our mess
On Tue, 31 Jan 2012, re...@webconquest.com wrote:
Most problems these days on the internet are,
in my opinion, related to people being completely
anonymous. If you stand behind your words, show
so by signing your posts.
If the idea is more important than who said it, signing
(in both the non-
> From: "Robert J. Hansen"
> To: gnupg-users@gnupg.org
> Cc:
> Date: Tue, 31 Jan 2012 13:46:05 -0500
> Subject: Re: PGP/MIME use (was Re: META)
> I now see no utility to them for the vast majority of uses.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
One, albei
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remco Rijnders wrote:
> I appreciate signed mails on this list (and any other lists). Most
> problems these days on the internet are, in my opinion, related to
> people being completely anonymous. If you stand behind your words,
> show so by signing
Jerry wrote:
> I totally agree. I have never seen or heard any logical excuse for the
> signing of list traffic.
I almost never sign anything unless I suspect the destination can at
least ignore the signature. The people with whom I send e-mail (a
diminishing population because most have moved t
Am Dienstag, 31. Januar 2012, 19:46:05 schrieb Robert J. Hansen:
> Enigmail isn't. Assume we
> have 50,000 installations. (This sounds like a lot, but it's a pale
> shadow compared to GnuPG installations.)
Do you mean "hidden" installations (used unnoticedly by a distribution's
update tool in
On 01/31/2012 11:23 AM, Steve wrote:
> Sometimes if the right parties decide to no longer support an old
> standard the software that does not support the new (better)
> standard will die or get improved...
This works if and only if the "right parties" are a large enough market
to push implementa
On Tue, Jan 31, 2012 at 05:23:59PM +0100, Steve wrote in
<946fffc5-a191-4073-9d69-fc7fdc695...@gpgtools.org>:
Of course, I really feel it's better for mailing list traffic to not
be signed at all, since usually all it gives us is a false sense of
security. A signature from an unvalidated key bel
On 31/01/12 16:23, Steve wrote:
> You at least know that the person with that key is the author. That is some
> information. Should I still stop signing list mails? So far, I used to do
> that, because I though people then could check and if my key is signed by
> someone they know it's a lot of
> Supporting the "inline" method is like supporting a grown child. If you
> keep supporting him/her, they will never leave home. Stop supporting
> them and they will leave. The same is true for "inline" PGP. If support
> for it were to cease, it would also.
That was the idea behind the question I
On Mon, 30 Jan 2012 18:40:08 -0500
Robert J. Hansen articulated:
> This comes fairly close to my own practices, with one significant
> exception: since it's almost impossible for me to know whether all the
> MUAs used on a mailing list support PGP/MIME, I feel it's better for
> mailing list traffi
On 3/03/11 3:17 PM, David Shaw wrote:
>
> The premise (more or less) was that a guy named Martin (RM) was on a
> mailing list and signed all his mail. After some time, a new guy
> (FM) shows up and claims that he is, in fact, Martin. FM may have
> his own key or may not have a key at all. It do
On Mar 2, 2011, at 10:04 PM, Ben McGinnes wrote:
> On 1/03/11 9:33 AM, David Shaw wrote:
>>
>> That experiment, while interesting, is not relevant to the "real
>> Martin" / "fake Martin" situation we've been talking about. If both
>> Real Martin and Fake Martin have the same secret key, then the
On 2/03/11 8:20 AM, Ingo Klöcker wrote:
>
> Of course, my experience is from a time when UTF-8 wasn't used in email.
> But do the standard mail clients (Outlook, GMail, Thunderbird) really
> default to UTF-8 nowadays? Expecting people to properly configure their
> mail clients is an unrealistic
On 1/03/11 9:33 AM, David Shaw wrote:
>
> That experiment, while interesting, is not relevant to the "real
> Martin" / "fake Martin" situation we've been talking about. If both
> Real Martin and Fake Martin have the same secret key, then there is
> no way to tell them apart using signatures.
Han
On Sunday 27 February 2011, Doug Barton wrote:
> On 02/27/2011 02:04, Ingo Klöcker wrote:
> > On Saturday, February 26, 2011, MFPA wrote:
> >> Hi
> >>
> >>
> >> On Friday 25 February 2011 at 1:45:03 AM, in
> >>
> >> , Jameson Rollins
wrote:
> >>> Yikes! I thought we were almost done killing in
Op 28-2-2011 23:23, Robert J. Hansen schreef:
> He then learned that his users thought the banner across the top was
> "just another one of those annoying Flash ads," and they tuned it out.
Their senses were dulled by overadvertising. He had better also
distributed Adblock Plus to try to counter
On 2/28/11 12:10 PM, David Shaw wrote:
> Well, I suppose that's up to you whether you want to trust RM or not.
> A question on trustworthiness is outside crypto, and not what the
> discussion was about here in any event.
First it was, "even signatures from non-validated keys belonging to
non-trust
On Feb 28, 2011, at 5:47 PM, Robert J. Hansen wrote:
> On 2/28/11 12:10 PM, David Shaw wrote:
>> Well, I suppose that's up to you whether you want to trust RM or not.
>> A question on trustworthiness is outside crypto, and not what the
>> discussion was about here in any event.
>
> First it was,
On Feb 28, 2011, at 4:59 PM, MFPA wrote:
>> It is reasonable
>> that if someone was being masqueraded, that person
>> would speak up and challenge the forger (e.g. "Hey,
>> you're not Martin! I'm the real Martin, and I can
>> prove it by signing this message with the same key I've
>> used all alo
On 2/28/11 4:59 PM, MFPA wrote:
> I'm sure Martin would have something to say *if* he
> spotted his key's signature on messages he didn't write...
Yes: but I suspect that may be a big "if." If you see a message is
signed by an unknown key 0xDEADBEEF, do you really notice the 0xDEADBEEF
and go, "h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 28 February 2011 at 3:02:08 AM, in
, David Shaw
wrote:
> It is reasonable
> that if someone was being masqueraded, that person
> would speak up and challenge the forger (e.g. "Hey,
> you're not Martin! I'm the real Martin, and I can
On Mon, Feb 28, 2011 at 11:58:02AM -0500, Robert J. Hansen wrote:
> On 2/28/11 10:13 AM, Aaron Toponce wrote:
> > If a key has falsified signatures, it should be easy enough to find out.
>
> Why?
>
> I have never understood the tendency of people, particularly on this
> list, to assume that peopl
On Feb 28, 2011, at 12:01 PM, Robert J. Hansen wrote:
> On 2/28/11 9:12 AM, David Shaw wrote:
>> In this particular case, though, key signatures aren't even necessary
>> - RM just needs to prove that he is the same entity that signed the
>> other messages to the list. That is, he's "real" in the
On 2/28/11 9:12 AM, David Shaw wrote:
> In this particular case, though, key signatures aren't even necessary
> - RM just needs to prove that he is the same entity that signed the
> other messages to the list. That is, he's "real" in the sense that
> he is the Martin that the list knows and has be
On 2/28/11 10:13 AM, Aaron Toponce wrote:
> If a key has falsified signatures, it should be easy enough to find out.
Why?
I have never understood the tendency of people, particularly on this
list, to assume that people who are technologically skilled and up to no
good will not devote more than th
On Mon, Feb 28, 2011 at 09:12:33AM -0500, David Shaw wrote:
> Unfortunately, barring the case where you have an actual trust path to either
> Martin, key signatures don't tell you much. After all, FM could easily make
> up dozens of fake people keys and use them to sign his key.
Yes. Understood
On Feb 28, 2011, at 8:18 AM, Aaron Toponce wrote:
> On 02/27/2011 08:27 PM, Robert J. Hansen wrote:
>> FM: [message]
>> RM: Hey, that's not me! I'm me. See? I've signed this with the same cert
>> I've used for everything else on this list.
>> FM: No, I'm the real Martin. I didn't sign up for
On 02/27/2011 08:27 PM, Robert J. Hansen wrote:
> FM: [message]
> RM: Hey, that's not me! I'm me. See? I've signed this with the same cert
> I've used for everything else on this list.
> FM: No, I'm the real Martin. I didn't sign up for this mailing list until
> last week. You signed up here
On 28/02/11 4:35 PM, Grant Olson wrote:
> On 02/27/2011 11:48 PM, Ben McGinnes wrote:
>>
>> Heh. Are you aiming for some kind of simultaneously expired and
>> accepted key? Schrödinger's Key, if you will.
>>
>
> Yep, basically I will set my key to expire one day later and push it
> to the keyser
On 02/27/2011 11:48 PM, Ben McGinnes wrote:
> On 28/02/11 2:59 PM, Grant Olson wrote:
>>
>> I've been toying with the idea of expiring my key and seeing how
>> long it takes for anyone to notice. In fact, I've just decided I
>> will do this sometime in the next year. It'll be interesting to see
>
On 28/02/11 2:59 PM, Grant Olson wrote:
>
> I've been toying with the idea of expiring my key and seeing how
> long it takes for anyone to notice. In fact, I've just decided I
> will do this sometime in the next year. It'll be interesting to see
> how long it takes people to notice even after I'
On Feb 27, 2011, at 8:35 PM, Robert J. Hansen wrote:
>
> On Feb 27, 2011, at 5:17 PM, David Shaw wrote:
>
>> Can I see the HCI study that MIME attachments confuse people? ;)
>
> I would love to see such a study. However, I never made that claim. :)
>
> Someone else made the claim PGP/MIME is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
El 28-02-2011 0:27, Robert J. Hansen escribió:
...
> Then we're at an impasse, because that claim wouldn't fly with me. Let's
> imagine Fake-Martin and Real-Martin (FM and RM).
>
>
> FM: [message]
> RM: Hey, that's not me! I'm me. See? I've si
> Please post this bit of useful details to the "Android PGP/MIME test
> results" thread started by Grant Olson, which actually has an acceptable
> signal-to-noise ratio.
As I have said a few times now, I have been out of town at a funeral. I have
just now returned and am for the most part exhau
On 02/27/2011 10:22 PM, Ben McGinnes wrote:
> On 28/02/11 2:02 PM, David Shaw wrote:
>>
>> I'm not at all surprised that you had those results. A limited
>> subset of people have support for OpenPGP signatures. A limited
>> subset of those people actually verify signatures. A limited subset
>> o
On 02/27/2011 08:31 PM, Robert J. Hansen wrote:
> the default mail app on a Verizon Droid X running Android 2.2 has broken MIME
> support.
Please post this bit of useful details to the "Android PGP/MIME test
results" thread started by Grant Olson, which actually has an acceptable
signal-to-noise
On Feb 27, 2011, at 10:27 PM, Robert J. Hansen wrote:
>> I think we're missing each other here. We have Martin (the real one), the
>> fake Martin (let's call him "Marty"), and various other people on a mailing
>> list. Martin always signs his messages. One day Marty shows up and tries
>> to
> I think we're missing each other here. We have Martin (the real one), the
> fake Martin (let's call him "Marty"), and various other people on a mailing
> list. Martin always signs his messages. One day Marty shows up and tries to
> pretend to be Martin. Martin, not wanting someone else to
On 28/02/11 2:02 PM, David Shaw wrote:
>
> I'm not at all surprised that you had those results. A limited
> subset of people have support for OpenPGP signatures. A limited
> subset of those people actually verify signatures. A limited subset
> of those people actually pay attention to what thos
1 - 100 of 157 matches
Mail list logo
