Mutt/GnuPG doc initial release

Owen Blacker
Tue Sep 25 20:21:01 2001

Hash: SHA1

Horacio wrote (2001-09-25 T 19:10 +0200):

> > We're talking 251 bytes here. I don't think 251 bytes per
> > message is gonna break anyone's metered dial-up bank.
> [*] No, we are talking of a process which gets started everytime one
> opens a message that=B4s been digitally signed, and which is a case of
> 1 out X messages for each mailing list one is subscribed to.
Fair point. In which case, I can only suggest that, if it bothers you, you should configure your software (be it GPG or PGP) not to verify signatures automatically. I can empathise, gpg on FreeBSD 4.4-PRERELEASE can take quite a while to check a signature -- a lot longer than PGP on Windows 2000 (subjectively, of course). But I don't let it bother me. But then I multitask my mail with other things (work or choosing a new MP3 to listen to, usually :)
> Which is just what I wrote.
I had understood from what you had written that we were contradicting each other, but I feel that bit's unimportant. :)
> > I sign almost all my mail. If I
> > didn't sign it, then I might not have sent it. Whether
> > it's a message to my boyfriend asking what's for dinner
> > tonight or a politically sensitive statement, I sign it.
> > If it's unsigned or the signature doesn't verify, then
> > check if it's me. I firmly believe that everyone should do
> > the same.
> I see, meaning you don=B4t give a monkey=B4s ass whether it=B4s a bother
> for subscribers or not???
Frankly, no I don't. Let me restate, I firmly believe that all mail should be signed. I also believe that all mail should be encrypted, irrespective of how secret people want to keep the contents. I militantly believe that ~all~ communications should be encrypted. Then messages that are won't look out of place. The only problem is that it's a lot more hassle persuading everyone I know to install gpg in order to read my mails...
> Who you are, where you live, your ethnic group, sex or sex
> preferences, or your name is completely irrelevant to me if it is
> all about reading an answer or question from you related to a
> specific subject. So, I couldn=B4t care less if I can verify any of
> the above or else from a digital signature.
The implication behind your words seemed to be saying that this was an issue. Apologies if I misunderstood you.
> You know, it=B4s like all those annoying vcards, or those long
> signatures with ascii-disart included. They are not big deal, but
> they are not good nettiquete either.
I disagree that it is like those at all. And, tbh, I'm not sure that I'd find a small vCard attachment an annoyance, or Ascii art, for that matter, but I don't use them because it's accepted netiquette. I just don't feel that digital signatures are the same thing.
> > That's merely a different ethos. I think that anything
> > anyone writes is worth signing. If it's not worth signing
> > (and thus claiming attribution for it, for example), then
> > it's not worth saying. Imho, of course :o)
> Of course, iyho.
Which is where I think the difference lies. If that's the case, we may as well stop now, as I don't think either of us is likely to persuade the other :o)
> No, no big deal (but see [*]). Unwrapped long lines are a worst
> nuisance than some added 251 bytes.
Definitely :o) x - --=20 Owen Blacker | Senior Software Developer and InfoSecurity Consultant See -- more about my PGP keys Sig 0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8 c520 6475 6239 3e20 56b9 - -- They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety --Benjamin Franklin, 1759 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see iD8DBQE7sMqOZHViOT4gVrkRArtaAKC5F0xgSyiE0mhN7Xh1K+oA9uzjYQCgsTqK /tf+WE51ONbAKlqCYO+8Sr0=3D =3DZK6P -----END PGP SIGNATURE-----