Adding a UserID to Your Key

Faramir faramir.cl at gmail.com
Sun Oct 5 00:23:25 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Lawrence Chin escribió:

> Hi everyone, I want to propose something. Kara has been very patiently
> helping me with my questions on the board about how to use GnuPG and

  Yes, I don't remember to have seen a message from Kara in the list,
but she has helped me too, by private messages.

> Enigmail, as is here. However, on two occasions she used sensitive words
> in her examples as in the "extreme example" here. It didn't just keep me
> scared all night and day due to my weak nervous system, but it has

  Well, on her behalf, the idea about an "extreme example" is to make it
"extreme". Now, you should not let an "extreme example" bother you, in
special if your nervous system is weak (maybe you should ask a medic
about it, and sometimes, you need a second opinion). The thing about
signatures in our public keys mean: "you can't control them", but I
would add: "since we know we can't control them, why should be worried
about them?". I mean, most people doesn't know how to use GPG, and the
people trying to learn about it, soon or latter will learn about that
fact... They will learn it sooner if that point is included in a FAQ...

  By the way, the fact the used that example as "extreme example",
implies she considers it a very undesirable signature... a racist person
would not use it as an example, since that person could even be proud of
such message...

> bothered me for over a whole week for another reason. I want to propose
> that we all use absolutely untainted clean language when we send
> encrypted emails (like this one is encrypted) so that we wouldn't give

  The first thing I should point, is the message you sent to the list,
is not encrypted, it is just signed... and yes, if you sign a message
and send it unencrypted, you should be careful about what are you
saying, since we would know it was you the one who sent it. BUT at the
same time (*if I am not wrong*), malicious people can't modify it to
change the context... so if you send an "extreme example", a malicious
user would need to show the whole message, and that would make clear the
fact it was just an example, and not an opinion.

  The second thing, is the purpose of encrypting messages, is to keep
them private. There are laws about reading letters sent to other people
(at least, in my country, that is not legal), and the only thing gpg
does, is to give us a way to bring the same privacy principle to email
messages. In _my_ _opinion_, the only concern we must have when we send
an encrypted message, is to not offend the recipient's sensibility, but
I would not care about what a "listener" would think about the message,
since gpg (_if_ _used_ _in_ _a_ _proper_ _way_), will take care of
"listeners".

> authority a reason to take away this privilege of ours to use
> encryption. It should be part of our ethic in using encryption.

  Well, IIRC, there was an attempt to forbid encryption, but it could
not be done, because it would destroy the electronic commerce...
  Now, I would be careful about the use of encryption in countries where
privacy is not a right... but I suppose if you are in this list, then
you are not in one of those countries.

  The only ways the authorities can know the content of an encrypted
messages are:

1.- If the recipient disclosures the content of the message, as you did
with Kara's message (but since the only thing it contained was an
"extreme example", and also you didn't post her signature -so she can
claim your forged the message), I suppose it won't cause any problem.
Anyway, maybe next time you should ask people before posting the content
of a private message...

2.- If the authority ask a judge to order either the recipient or the
sender to disclosure the content of the message (note that, if the
sender has not configured enigmail to encrypt the message to his own key
too, he would not be able to do it, even if he wants to).

3.- If either the recipient or the sender has some spyware in his
computer...

  Now, if you want to receive just "absolutely untainted clean
language", maybe you should add a signature talking about that, in your
email client (Thunderbird, I suppose)

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJI5+zcAAoJEMV4f6PvczxAKFgH/2kWNiWoyprpzYjhvwp/jl+R
zlHR3hvbe/sBS04L3sFnuTynSkCnoUsvlUKdmi6CtIRGRSipDnbLprFQvneG6lQg
qyrvJaSdbopMdp6lMRFUquqvJ/si7k0RNTgIp9a5OJ+EoZDiOwAB9CiD5r8EMwja
6ZouF1VNPaoKPTBe2pDHiQPaAbQB8xp8eRDcHHDCS5jpQegF+H8B4I7flYvdRvJU
zTIBdAvz6ZRh5KHnLgMR+OurQO5ktyLVRuvZzZ8s/iBCQAaEoxTY/dAaJY5KDSGO
eZtqjXnhh4rW7eFiDKO1ubqEz3K12WHQj1wf0vTLMi6566pY5ybCGAILEp+DFSo=
=TdWO
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list