Question about notations and domains
Henry Hertz Hobbit
hhhobbit at securemecca.net
Fri Aug 9 05:37:47 CEST 2013
On 08/08/2013 09:17 PM, Khelben Blackstaff wrote:
<SNIP> (please read the original)
Short answer: Your github URL converted into an email
address is NOT a good solution. Read on if you want to
know why.
It is not necessary to "own" the domain. For example, I could
perhaps have an email account at physics.arizona.edu (they
make great telescope optics). There was a joke about a head
coach here in the United States being able to come up to a
potential recruit and say "Coach Jared Grasso, Iona College."
To which the potential recruit would reply as he was shaking
the coach's hand; "YOU DO!?" Even though you don't own the
educational institution you do own an email address there if
one is given to you. It is yours as long as they let you have
it.
Similarly, if you have an email address at a company you work
at, even though the company may say they own the email box
contents, the address is "yours" at least to use until you
move on to some place else.
The first reason one of your UIDs needs an email address only
you use is to make the keys (assuming a primary signing key
and an enciphering sub key but there are many other options)
"yours". It is also helpful to have a comment for that
UID with an email address to help persuade others to sign your
keys for the WOT. It also makes it even harder for somebody
to typo-squat on your key-set (key-pair for me). If you put
your public keys on one of the keyservers about the only way
others can get your key(s) is if at least one of your UIDs has
an email address. The email address is used to find your key
as well as providing partial authentication that you got the
right key. This is especially true for web key search tools:
http://pgp.mit.edu/
(real names and even the shortened key ID come up blank
for me but email addresses never fail)
In addition to your primary UID which has an email address you
can add as many UIDs as you need. Make sure you really need
the UIDs. There should not be a problem in making one of the
other UIDs without an email address that has only your name
in the name field and your github URL in the comment field. I
have many keys on my key-ring that in addition to one or more
UIDs with email addresses have some additional UIDs with just
their name and the Comment field filled in. So making an extra
UID with your name, no email address, and your github URL in
the comment field is probably the best way to do what I THINK
you are attempting to do. Are you saying that strange email
address created from your github ID makes it possible for
people to send you a message from POP or web-mail similar
to sending an SMS message to a cell phone? If it works you
may want to add it but you still should have a UID for your
key-set that has a "real" email address. (I answer why in
a separate paragraph).
It is much easier and less expensive to own your own domain
and a POP email account than you would expect. The domain and
POP email account I am using here is less than $30 per year
at 1and1.com. GoDaddy and others can also set you up. Your
first and last name run together "khelbenblackstaff" is
available in the BIZ, COM, INFO, NET, and ORG TLDs. If you are
in the US, "khelbenblackstaff.us" is also available. So
getting a POP email account is in reach. It is also something
you can have that is consistent and stays with you from school
to school and job to job as well as many changes in your
physical address and even across multiple ISPs. If you get an
email account with a mail provider that is using Microsoft
Exchange make sure you write EVERYTHING down. Others send to
you with the traditional NAME at DOMAIN but you usually access the
POP email in Thunderbird or another MUA by using the internal
Microsoft Exchange name your mail service provider will give
you. E.g,. instead of using hhhobbit[GNAT]securemecca.net I
use m-MYHASHID to access the email for this account. I also
have to use the m-MYHASHID in the web-mail interface.
I will let others answer your questions about "converting" your
github URL to an email address. I don't think too much of it
because another reason for a "real" email address is so they
can email you an enciphered message and ask "is this key
yours?" They enciphered with your public key. If you don't
have the secret (private) side of the key then you cannot
decipher the message. If you don't answer the sender gets
paranoid and decides the key is bogus. Can you handle an
enciphered message with that github id converted into an
email address? I don't think so. NOW you know why I don't
like that strange github derived email address.
I have taken up WAY too much space in an attempt to give the
greatest clarity. I will let somebody else answer your pgpmime
question. All I know is that Enigmail in Thunderbird makes it
explicit with an "use PGP/MIME" check box. It works. So does
Claws Mail on Windows which is bundled with GPG4Win. I cannot
advise using any MUA (Mail User Agent - Thunderbird, Office,
Claws Mail, etc.) that renders HTML. I am getting one malware
per day in my email but since I use Thunderbird, NOT phish or
spear phish fools me even when I am sick and almost asleep.
Enigmail in Thunderbird seamlessly integrates GnuPG encryption
as well. Ditto for Claws Mail. I strongly discourage using
Microsoft Office. Even RSA and other companies get whacked
by spear-phish when they use Microsort Office to read email.
HHH
More information about the Gnupg-users
mailing list