Mutt/GnuPG doc initial release
Tue Sep 25 20:21:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Horacio wrote (2001-09-25 T 19:10 +0200):
> > We're talking 251 bytes here. I don't think 251 bytes per
> > message is gonna break anyone's metered dial-up bank.
> [*] No, we are talking of a process which gets started everytime one
> opens a message that=B4s been digitally signed, and which is a case of
> 1 out X messages for each mailing list one is subscribed to.
Fair point. In which case, I can only suggest that, if it bothers you,
you should configure your software (be it GPG or PGP) not to verify
I can empathise, gpg on FreeBSD 4.4-PRERELEASE can take quite a while to
check a signature -- a lot longer than PGP on Windows 2000
(subjectively, of course). But I don't let it bother me. But then I
multitask my mail with other things (work or choosing a new MP3 to
listen to, usually :)
> Which is just what I wrote.
I had understood from what you had written that we were contradicting
each other, but I feel that bit's unimportant. :)
> > I sign almost all my mail. If I
> > didn't sign it, then I might not have sent it. Whether
> > it's a message to my boyfriend asking what's for dinner
> > tonight or a politically sensitive statement, I sign it.
> > If it's unsigned or the signature doesn't verify, then
> > check if it's me. I firmly believe that everyone should do
> > the same.
> I see, meaning you don=B4t give a monkey=B4s ass whether it=B4s a bother
> for subscribers or not???
Frankly, no I don't. Let me restate, I firmly believe that all mail
should be signed. I also believe that all mail should be encrypted,
irrespective of how secret people want to keep the contents. I
militantly believe that ~all~ communications should be encrypted. Then
messages that are won't look out of place. The only problem is that
it's a lot more hassle persuading everyone I know to install gpg in
order to read my mails...
> Who you are, where you live, your ethnic group, sex or sex
> preferences, or your name is completely irrelevant to me if it is
> all about reading an answer or question from you related to a
> specific subject. So, I couldn=B4t care less if I can verify any of
> the above or else from a digital signature.
The implication behind your words seemed to be saying that this was an
issue. Apologies if I misunderstood you.
> You know, it=B4s like all those annoying vcards, or those long
> signatures with ascii-disart included. They are not big deal, but
> they are not good nettiquete either.
I disagree that it is like those at all. And, tbh, I'm not sure that
I'd find a small vCard attachment an annoyance, or Ascii art, for that
matter, but I don't use them because it's accepted netiquette. I just
don't feel that digital signatures are the same thing.
> > That's merely a different ethos. I think that anything
> > anyone writes is worth signing. If it's not worth signing
> > (and thus claiming attribution for it, for example), then
> > it's not worth saying. Imho, of course :o)
> Of course, iyho.
Which is where I think the difference lies. If that's the case, we may
as well stop now, as I don't think either of us is likely to persuade
the other :o)
> No, no big deal (but see [*]). Unwrapped long lines are a worst
> nuisance than some added 251 bytes.
Owen Blacker | Senior Software Developer and InfoSecurity Consultant
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig 0x3e2056b9 | 18cd 92aa 32aa 81b9 f5e8 c520 6475 6239 3e20 56b9
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety --Benjamin Franklin, 1759
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----