Semi-off-topic - Netiquette ?

Ben Paul Wise
Tue Jul 17 15:29:01 2001

My two cents worth:

I also think it is worthwhile to include one's key ID, if only to let people 
know you participate in and support such things.

Signing early emails is not intrusive or obfuscating (as would be encrypting 
them) - but signing w/o posting your public key somewhere obvious defeats the 
purpose.  Some people (e.g. Lionel) post the key on their own website, which 
leads to follow on Netiquette question:

	Is it better to put your public key on a public key server, or
	to put it on a personal website?

On Tuesday 17 July 2001 08:47, Lionel Elie Mamane allegedly wrote:

> On Tue, Jul 17, 2001 at 04:40:27PM +0200, Marc Mutz wrote:
> > I don't think that adding your fingerprint to your (mail)
> > signature/footer is wise. It only leads people to believe it and not
> > check it properly.
> Hmm... Obviously (as you can see in my signature) I don't agree. I
> have been putting mey key's fingerprint in my signature for some time
> now. Yes, mail can be faked. But if Mallaury decides today he wants to
> impersonate me in front of you, he can't change all the mail I have
> already sent in various lists, and in various newsgroups. Nor can he
> change old private e-mail I sent you and that is on your computer. (At
> least, I believe no one that has that much manpower wants to
> impersonate me) Thus, if he tries to induce you into using another
> public key as mine, this will (if you are a bit security minded)
> trigger an alarm for you: My key fingerprint has changed!
> Even if you don't formally know which one of the keys (the former or
> the "new") is the right one, you know something is wrong. That's
> valuable.
---------------------------------------- Content-Type: application/pgp-signature; charset="us-ascii"; name="Attachment: 1" Content-Transfer-Encoding: 7bit Content-Description: ---------------------------------------- -- Ben Wise, PhD Mobile: 703-731-5144 SAIC GnuPG ID: 0xF491BD21