Including public key
Jay Litwyn
brewhaha at freenet.edmonton.ab.ca
Thu Jul 28 13:53:41 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
On 2011-07-27 8:25 PM, Len Cooley wrote:
> Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to
> attach your public key as a sig at the end of an email, such as
> below?
>
It depends on the environment of your receiver.
Would they be subject to seeing your signature replaced?
Do any policies concern the use of cryptography at their workplace or
domicile, say in jail or in a country where Blackberry crypto is an
issue (India, if I remember correctly)?
Do they live in a country that accepted U.S. export restrictions on
cryptography (probably Russia)?
Is your recipient a public figure (about whom there might be motivation
to pull a Murdoch) or an ex convict (about whom there might still be
search warrants)?
In any of the rejions where cryptography is controlled, it is a better
idea (than simply sending a public key with no signatures on it other
than yours) to be creative with the hash on your public key; perhaps
telephone verification, perhaps you can personally meet someone on the
web of trust.
While the Physics of public key cryptography are air tight,
it depends on signatures on your public key to become robust
in the real world. I suspect that you are more likely to get
those if you release your key on servers, and sign a lot of stuff
that people consider important. Attaching a photo to your public
key might help. So might putting a phone number on your public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQCVAwUBTjFNvx47apzXdID2AQEWCQQAkWqfrRfQYixNinxHY96rEawOrCcsRcHF
aQDSq0knmwOXRggiQFLkb4iixFKV49hnbfbseDVHRv5cefdldJFuyetGhCruINQj
yPesb3cNkyvnCBD8yN4YPkmPfGnDu+9EEaYyRqUSUu18S9q944Gm/m6t2q8LlLXh
9ogBDYNJfio=
=FbUF
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list