info in sigs, comments and header
Robert J. Hansen
rjh at sixdemonbag.org
Mon Jun 16 21:44:06 CEST 2008
Rick Valenzuela wrote:
> Is there any customary practice for including GnuPG/PGP information in
> an email -- whether to put it in your sig file, or in the comments of
> your GnuPG signature? Is it useful (or preferred) to have the GnuPG
> version in the GnuPG signature comment, or frowned on to use/not use the
> comment from Enigmail or FireGPG?
If you use Enigmail, you can tell Enigmail to add an email header
indicating your OpenPGP key id. This seems to be about as low-intrusive
a method as any.
> but who looks in headers?
Technically savvy people -- which happens to be the same demographic
which tends to use OpenPGP, unfortunately enough. OpenPGP's penetration
into the layman's world of computing is practically nil.
> What are your practices for this? Is anything seen as useless or gauche?
A brief "OpenPGP: 0xDEADBEEF" is probably not going to get you any hate
I run my key fingerprint across the bottom of my business cards. That
way when I meet someone, we trade information and they now have a
trusted copy of my fingerprint, delivered directly from my hand. Since
I work in a very technical field, most people who get my card understand
what it is -- it's been a conversational icebreaker at several conventions.
It's also very handy for impromptu keysigning parties. A couple of
weeks ago I was sitting in a coffeeshop with a Canadian doctoral student
in CS, a sysadmin for kernel.org, and a couple of fellow voting
researchers. I put my passport and a stack of business cards on the
table, and presto, everyone had the opportunity to confirm my identity
and get a copy of my fingerprint. It was a lot more convenient than if
I'd had to say "hold on a second...", boot up my laptop, grab a stack of
napkins, and laboriously hand-copy my fingerprint from a terminal window
onto napkins again and again for each person who was sitting at the table.
More information about the Gnupg-users