[OT] Why are you using the GPG / PGP keys?

Henry Hertz Hobbit hhhobbit at securemecca.net
Tue May 28 23:18:57 CEST 2013


On 05/28/2013 04:17 PM, Forlasanto wrote:
> The fact remains that email is "the house that Jack built." The wall
> plugs are upside down, the wiring is sketchy at best, the plumbing is
> crazy and doesn't function correctly, the house is half wood and half
> brick, and/Jack forgot to put locks on the doors./
> 
> The fact that younger generations don't see email as a viable system is
> telling. It's an opportunity for something /better /to take email's
> place. Hopefully something with built-in encryption, rather than
> encryption tacked on as an afterthought. Just my two cents.

It is a pretty good two cents but you don't understand where the
encryption is needed most.  What needs to happen is that the aging
SMTP protocol needs to be replaced by a SSMTP (Secure Simple Mail
Transfer Protocol):

http://securemecca.blogspot.com/2012/09/vote-against-spam.html

See "Mail Delivery Fix".  I have had a sysadmin for a Mathematics
department that I respect both professionally and personally that
didn't think too much of it because of all the shady SSL certs
for web-sites.  Yes, the shady SSL certs are there but I expect
people to use some common sense.  It would help if something like
a browser would allow you temporarily to over-ride the warning.
But what does Firefox and other browsers want to do?  They want
to PERMANENTLY store the exception.  The over-ride should have
that box unchecked.  You should only check it when you are sure
the warning is in error. We could end up with a list of shady email
certificates that the spam houses could block as well. But that
is better than nothing at all. Here is an email header for you
to look at:

http://securemecca.com/public/PeskySpammer/WackoBot.txt
(the Originating IP is where the email message really came
from, not 000123gw[GNAT]att.net - and it is a machine that
is in A-YAHOO-US9 that sent the message showing how deep
the problem is - yes, an infected windows machine at Yahoo
sent the message)

PeskySpammer saw me using the term hash-user in my blog so they
sold that email address to other spammers. PeskySpammer is either
completely in the Newark, NJ area or at least have a presence
there.  Not all of these spammers are in Russia or China.

PeskySpammer does more than just spam too.  They need a constant
crop of infected Windows machines to mail from.  They email out
dastardly links pretending to be somebody else (but Thunderbird
which is no longer available in Gnome 3 on OpenSuSE 12.3 that I
could see) does make the hidden links visible:

http://securemecca.com/public/PeskySpammer/Pictures/

But not only young people today, but a lot of people that used
to use email no longer use it.  Unless a way to get rid of the
spam can be devised only a few stalwarts that MUST use email
will use it.  But I dumped Gnome 3 entirely after looking at
OpenSuSE 12.3 with Gnome as the last straw because I could only
use Firefox and LibreOffice.  This smart-phone GUI on a desktop
shows that thinking is in short supply.  But they just approved
the iPhone and iPad for military use now.  The world is changing
but most of the changes aren't good.

The spammers and spear-phishers (mostly Chinese) have killed
email.  It is not so much that people have moved on but we
need opt-in policies and a thorough overhaul to make email
work again and nobody wants to do it.




More information about the Gnupg-users mailing list