Semi-off-topic - Netiquette ?

David Shaw
Tue Jul 17 15:11:01 2001

On Mon, Jul 16, 2001 at 02:12:37PM -0400, Toxik - Fabian Rodriguez wrote:

> Hi,
> I'd like to know if there's any netiquette guide for mail encryption
> ? For example, how to publish your public key, why sending and
> encrypted email in the first post is "rude"... ? It's for a (very)
> general-public guide we are preparing for our users, I would also
> make it part of my information page on encryption. If such a guide
> already exists, I'd like to improve it, instead of writing one from
> scratch with my limited hands-on experience.
The guidelines are different for different uses of email. For person-to-person email, it's just fine to send encrypted email. If the person has a public key posted somewhere (web page or keyserver), they can be presumed to accept encrypted email. The worst thing that can happen is you'd get back a note asking you to re-send in the clear. For mailing list or other public forum (like Usenet), encrypted messages are frowned on. Not really because of rudeness or etiquette, but because it is mostly pointless - the message is going to "the world", so you'd have to encrypt it to everyone on the list, which mostly defeats the point of encryption. You would also need a key for everyone on the list/newsgroup which is unlikely to happen except on certain specific lists - it's likely that everyone on this list has a key, as this list is about GPG. It's very unlikely to be the case on a list with a different topic. It is frowned upon to post your public key in each message. There are better ways to distribute keys (keyservers, web pages, etc) than to keep sending it out in every mail. It is, however, just fine to include your key ID and fingerprint in each mail - it's a heck of a lot shorter than the whole key. Note that including your key fingerprint isn't like signing the message - all it does is provide a way for someone reading the message to get your key. For very prolific posters, it also provides a certain amount of weak evidence the key is yours. If someone wanted to spoof your key, it would be very difficult to get around the many messages you had sent in the past with your true fingerprint. I say "weak" evidence, since obviously key signatures and the web of trust is a much stronger solution for this. Clear signatures are generally accepted in any messages, public or private. Finally, remember that these are just guidelines, and a particular mailing list may have other guidelines and rules. Still, most lists that I've seen follow the guidelines above. David -- David Shaw | | WWW +---------------------------------------------------------------------------+ "There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson