Holly Bostick wrote: > OK, since this is getting to be kind of a whole "thing", I've split it off. > > This message is (or should be) signed. Hopefully using PGP/MIME, which, > if I understand Neil correctly, is what I'm supposed to do. > > You all have undoubtedly realized by now that I have little experience > and less understanding of GPG keys and their proper use; I only have one > because last year (which is why the key is from 2004), I was > corresponding with someone who preferred encrypted email. Now that I've > got my reinstall relatively stable-- at the time of the key's creation, > I was using Gentoo, which I broke, and in the meantime, I'd switched to > SuSE, where I didn't use my backed-up keyrings at all, and back to > Gentoo-- and got Enigmail working again, I figure it's time to learn at > least how to use my keys properly. Even if I don't seem to have much use > for them now, you never know when it might come in handy. > > I think I've pretty much got a handle on full encryption (not only did I > exchange several encrypted mails last year, but today I sent myself a > test mail, which I was able to decrypt), but the signing is kinda wiping > the floor with me, apparently. > > OK, so Neil said: > > Neil Bothwick schreef: > >>On Fri, 24 Jun 2005 17:26:43 +0200, Holly Bostick wrote: >> >> >>>But this whole episode has at least gotten me to finally upload my own >>>key, so I've (hopefully) signed this message. >> >> >>Yes, but as an inline signature, not as a MIME message part, which is >>the preferred way of doing it. > > > Right.... that means, I think, that the default setting in Enigmail's > PGP/MIME settings-- "Allow PGP/MIME"-- should be set to "Always use > PGP/MIME". Is that correct? The point being-- as I understand it-- that > MIME parts have something to do with IMAP, which I don't use (yet), but > many others do, especially those likely to be desiring signed or > encrypted mail, so it's just better to use it by default? Fine, then let > me know if this message, transmitted using the new setting, arrived with > the signature correctly as a MIME message part.
MIME has nothing to do with IMAP - its just a different way way to attach the signature. You can either do it as normal text, that goes something like: -- BEGIN GPG SIGNED MESSAGE -- Bla bla bla -- BEGIN SIGNATURE -- yada yada yada -- END SIGNATURE -- Or something along those lines. PGP/MIME adds the signature as an attachment - which is usually a good idea, but it breaks some things (I know of one free webmail that breaks attachments if I use PGP/MIME ... ). > Meanwhilst, Rumen said: > > >>Hi, >>Lately stopped using keyservers very much, but now just tried to >>search/check for your key, the result: >>1.running: "gpg --keyserver subkeys.pgp.net --search-key Holly" gets this > > <snip> > >>(10) Holly Bostick <[EMAIL PROTECTED]> >> 1024 bit DSA key 94456400, created: 2004-07-05 > > <snip> > >>there are many more, reached till 123 and there's more ;) >>2.running: "gpg --keyserver subkeys.pgp.net --search-key Holly" gets this >>...BEGIN... >>gpg: searching for "Holly" from hkp server random.sks.keyserver.penguin.de > > <snip me not winding up in the first 25 hits> > >>...END... >>Searching with '[EMAIL PROTECTED]' (on both) results the in same one >>entry above. >>This key is from 2004: >>(1) Holly Bostick <[EMAIL PROTECTED]> >> 1024 bit DSA key 94456400, created: 2004-07-05 > > > Which is my key, so it's out there somewhere. But I am wondering if it > is in some way incomplete or improperly aliased-- or was "Holly" too > general a search as opposed to "Bostick"? Yes, apparently so; replacing > --search-key Holly with --search-key Bostick comes up with me first on > both searches. Not so much that I'm hyped on being first, but at least > it means I'm easily found if someone's looking. > > So that seems OK then, but I still have a few questions: > > 1) My key is set to never expire (afaik). Is that OK, or should I > generate a new key... I dunno, every 3 months or something? That seems > to negate the whole idea of having a key in the first place, but.... > what do I know? > > 2) Do I need to create a digital certificate? Is it any good if it's > self-signed? Or should I go to the archives and find that site that will > generate one for me? > > 3) On the same note, I don't have a "Web of Trust"; my key is unsigned > (naturally), and the keys I've collected from this list I have not dared > to specify trust levels for. Should I be concerned about this, and take > steps to rectify the situation with all due haste? If so, how would I go > about that? All I've heard of are key-signing parties, which seem > unlikely be a feasible option for me. > > 4) Clearly no one I am in contact with seems to really care if I sign my > emails by default, but should I protect them from themselves and do so > anyway? Are there any benefits to this good habit, especially since my > key is unsigned anyway? > > 5) If I take up the habit of signing my emails, is it unreasonably > dangerous to also set "No password for user" in the Enigmail options? I > know that if I have to dig up my complex and unique password every time > I send an email (in order to sign it), I'm not going to sign them, but > if not requiring the complex and unique password opens a high > possibility of compromising the key itself (because if I was hacked, > said miscreant could send signed emails "from me" because s/he doesn't > have to know the complex and unique password in order to do so), then I > suppose I'd have to just suck it up (assuming that there's some > overriding benefit in me taking up this habit in the first place). ^-- Personal preferences... :/ --^ > Anyway, I know it's OT, and sorry for hijacking the thread in the second > place, but if there's anyone who'd like to explain this to me in > relatively simpler terms than man gpg or the GNUPG site, I'd appreciate it. > > Holly -- [Name ] :: [Matan I. Peled ] [Location ] :: [Israel ] [Public Key] :: [0xD6F42CA5 ] [Keyserver ] :: [keyserver.kjsl.com] encrypted/signed plain text preferred
signature.asc
Description: OpenPGP digital signature
