Mailinglist Archive: opensuse (3166 mails)
| < Previous | Next > |
Re: [SLE] [OT] pgp/gpg signatures & security (was 8.2 Announced)
- From: rex <rex@xxxxxxxxxxxx>
- Date: Sat, 22 Mar 2003 16:03:22 -0800
- Message-id: <20030323000322.GF1317@xxxxxxxxxxxxxxxxxxx>
Theo v. Werkhoven <twe-suse.e@xxxxxxxxxxxxxxxxxxxx> [2003-03-22 14:58]:
> It is strange, yes. Today I asked some people on IRC to check my GPG
> sig. One person had no problem verifiying the sig (ihe is using Mutt 1.4i and GPG
> 1.2.1), the other person said my sig wasn't valid according to his
> setup (he is using Mutt 1.3.27 and GPG 1.0.6).
Any ideas on what the problem is? I've looked at the raw (well, not quite,
because all messages go through procmail) message in /var/mail/rex with the
same result.
>> but your ISP is blocking mail from dialup IP ranges:
>
> They're not, I am.
Good, you have a choice.
> I'm sorry you're on the "wrong" end of the stick, but it is your
> choice to use a mail-setup that is a known source of spam. Please
> read the rest of the advice:
[advice that was previously read snipped]
You're obviously a knowledgeable user and I don't expect that anything I can
say will alter your position. Nevertheless, for others who may be reading
the thread: your argument is similar to a shopkeeper barring blacks from his
shop because blacks indisputably (in the USA, at least) commit crimes at a
higher rate than other racial groups, never mind that in spite of the higher
rate, the percentage of blacks who are criminals is small. IOW, your policy
of blocking dialup IPs punishes a largely innocent group for the infractions
of a few. It also hurts you because people you may want to get mail from
cannot get through (yes, I know how to use my ISP as a smart host, but my
choice is to run my own mail server (sendmail) and bypass my ISP. Those who
have been following the evisceration of the Bill of Rights in the USA may
understand why.)
> > It's quite disappointing to see that signing/encryption failures are so
> > common after public key encryption has been in use for so long
>
> I coudn't agree more.
It's tragic. By now, strong encryption that works transparently should be
built into every MUA. There shouldn't be any interoperability issues, yet
they are the norm rather than the exception. The price is that people who
may desperately need help, but cannot risk to posting openly, often don't
get help. Teens with sexual identity confusion, people who are HIV+, and
potential whistle-blowers come immediately to mind. The world would be a
better place if these people could post using a secure pseudonym. It's
presently possible, but the hurdles deter all but the very technically adept.
-rex
--
"To announce that there must be no criticism of the president, or that we
are to stand by the president right or wrong, is not only unpatriotic and
servile, but is morally treasonable to the American public." - Theodore
Roosevelt (1918)
> It is strange, yes. Today I asked some people on IRC to check my GPG
> sig. One person had no problem verifiying the sig (ihe is using Mutt 1.4i and GPG
> 1.2.1), the other person said my sig wasn't valid according to his
> setup (he is using Mutt 1.3.27 and GPG 1.0.6).
Any ideas on what the problem is? I've looked at the raw (well, not quite,
because all messages go through procmail) message in /var/mail/rex with the
same result.
>> but your ISP is blocking mail from dialup IP ranges:
>
> They're not, I am.
Good, you have a choice.
> I'm sorry you're on the "wrong" end of the stick, but it is your
> choice to use a mail-setup that is a known source of spam. Please
> read the rest of the advice:
[advice that was previously read snipped]
You're obviously a knowledgeable user and I don't expect that anything I can
say will alter your position. Nevertheless, for others who may be reading
the thread: your argument is similar to a shopkeeper barring blacks from his
shop because blacks indisputably (in the USA, at least) commit crimes at a
higher rate than other racial groups, never mind that in spite of the higher
rate, the percentage of blacks who are criminals is small. IOW, your policy
of blocking dialup IPs punishes a largely innocent group for the infractions
of a few. It also hurts you because people you may want to get mail from
cannot get through (yes, I know how to use my ISP as a smart host, but my
choice is to run my own mail server (sendmail) and bypass my ISP. Those who
have been following the evisceration of the Bill of Rights in the USA may
understand why.)
> > It's quite disappointing to see that signing/encryption failures are so
> > common after public key encryption has been in use for so long
>
> I coudn't agree more.
It's tragic. By now, strong encryption that works transparently should be
built into every MUA. There shouldn't be any interoperability issues, yet
they are the norm rather than the exception. The price is that people who
may desperately need help, but cannot risk to posting openly, often don't
get help. Teens with sexual identity confusion, people who are HIV+, and
potential whistle-blowers come immediately to mind. The world would be a
better place if these people could post using a secure pseudonym. It's
presently possible, but the hurdles deter all but the very technically adept.
-rex
--
"To announce that there must be no criticism of the president, or that we
are to stand by the president right or wrong, is not only unpatriotic and
servile, but is morally treasonable to the American public." - Theodore
Roosevelt (1918)
| < Previous | Next > |