Adding a UserID to Your Key
faramir.cl at gmail.com
Sun Oct 5 00:23:25 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Lawrence Chin escribió:
> Hi everyone, I want to propose something. Kara has been very patiently
> helping me with my questions on the board about how to use GnuPG and
Yes, I don't remember to have seen a message from Kara in the list,
but she has helped me too, by private messages.
> Enigmail, as is here. However, on two occasions she used sensitive words
> in her examples as in the "extreme example" here. It didn't just keep me
> scared all night and day due to my weak nervous system, but it has
Well, on her behalf, the idea about an "extreme example" is to make it
"extreme". Now, you should not let an "extreme example" bother you, in
special if your nervous system is weak (maybe you should ask a medic
about it, and sometimes, you need a second opinion). The thing about
signatures in our public keys mean: "you can't control them", but I
would add: "since we know we can't control them, why should be worried
about them?". I mean, most people doesn't know how to use GPG, and the
people trying to learn about it, soon or latter will learn about that
fact... They will learn it sooner if that point is included in a FAQ...
By the way, the fact the used that example as "extreme example",
implies she considers it a very undesirable signature... a racist person
would not use it as an example, since that person could even be proud of
> bothered me for over a whole week for another reason. I want to propose
> that we all use absolutely untainted clean language when we send
> encrypted emails (like this one is encrypted) so that we wouldn't give
The first thing I should point, is the message you sent to the list,
is not encrypted, it is just signed... and yes, if you sign a message
and send it unencrypted, you should be careful about what are you
saying, since we would know it was you the one who sent it. BUT at the
same time (*if I am not wrong*), malicious people can't modify it to
change the context... so if you send an "extreme example", a malicious
user would need to show the whole message, and that would make clear the
fact it was just an example, and not an opinion.
The second thing, is the purpose of encrypting messages, is to keep
them private. There are laws about reading letters sent to other people
(at least, in my country, that is not legal), and the only thing gpg
does, is to give us a way to bring the same privacy principle to email
messages. In _my_ _opinion_, the only concern we must have when we send
an encrypted message, is to not offend the recipient's sensibility, but
I would not care about what a "listener" would think about the message,
since gpg (_if_ _used_ _in_ _a_ _proper_ _way_), will take care of
> authority a reason to take away this privilege of ours to use
> encryption. It should be part of our ethic in using encryption.
Well, IIRC, there was an attempt to forbid encryption, but it could
not be done, because it would destroy the electronic commerce...
Now, I would be careful about the use of encryption in countries where
privacy is not a right... but I suppose if you are in this list, then
you are not in one of those countries.
The only ways the authorities can know the content of an encrypted
1.- If the recipient disclosures the content of the message, as you did
with Kara's message (but since the only thing it contained was an
"extreme example", and also you didn't post her signature -so she can
claim your forged the message), I suppose it won't cause any problem.
Anyway, maybe next time you should ask people before posting the content
of a private message...
2.- If the authority ask a judge to order either the recipient or the
sender to disclosure the content of the message (note that, if the
sender has not configured enigmail to encrypt the message to his own key
too, he would not be able to do it, even if he wants to).
3.- If either the recipient or the sender has some spyware in his
Now, if you want to receive just "absolutely untainted clean
language", maybe you should add a signature talking about that, in your
email client (Thunderbird, I suppose)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Gnupg-users