-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 A brief note that in this message the term "PGP" refers to any implementation of the OpenPGP standard or implementations that inspired the standard, including Phil Zimmerman's original PGP and its decendants, and also GPG or any other implementation.
At some point hitherto, Michael O'Donnell hath spake thusly: > My point has always been simply that this channel has > a blessedly high S/N ratio that is worth preserving, > and pointlessly cluttered messages degrade it. This is the one point of your message I agree with, and I hope to respond to a few of your other points (slightly out of order) in order to provide some perspective as to the use of PGP, and perhaps even win over some people to using it regularly. I hope to pursuade you and others that PGP is neither pointless nor is it noise. > PGP is pointless here because this channel (and > GNHLUG in general) is a safe environment. There is no such thing as a safe environment, other than perhaps in some imaginary utopian society. In all aspects of life, there are non-zero but widely varying degrees of inherent danger. Just as it is up to the individual whether or not to buy homeowner's insurance or automobile insurance (in absentia of legal or contractual obligations that do often accompany the purchase of such), so it is the individual's right to decide what other forms of danger with which they will concern themselves and from which they will attempt to protect themselves. In using PGP, I choose to provide myself with what I feel is adequate protection from e-mail forgery, a danger with which I choose to concern myself. > My point has never been that forgery is impossible, > so your forgery stunt illustrates... what? The forgery itself illustrates very little; that is true. The fact that it took me about three extra seconds to do it as compared to generating my own reply illustrates that forging e-mail is easy enough that if some bored teenager or other malicious person might decide to pretend to be a regular poster and forge a message that will offend a large number of people, or for other malicious purpose, he or she will have NO trouble doing so. E-mail forgery isn't just possible, it's EASY. I'm quite capable of offending people on my own, and I (along with presumably everyone else who signs their e-mail) would prefer that if one of my posts offends people, that at least I were, in fact, the person who wrote it. And barring that, that it were fairly easy to show that I weren't. Much as when one signs a hand-written or typed letter [have you ever produced one you did not sign?], by using PGP to sign my messages, I am providing a reasonable certainty to anyone who chooses to test it that I and only I am the author of my message, whereas the mere mention of my name at the bottom of the electronic document can not reliably provide the same. Forgeries of both types of signatures are possible; however convincing forgeries that would stand up to expert scrutiny are very difficult to achieve, in both cases. In addition, there is an element of familiarity endowed by a signature. If you write a hand-written letter to a friend, the import of signing or not signing is hardly different than signing or not signging a mailing list post. But would you ever NOT do it? Most people wouldn't even consider not signing a hand-written letter. The same familiarity of your friend's signature on a hand-written letter is available in electronic documents through PGP signing. As the reader of a letter, if you are familiar with the author, you will see the signature and it will register as familiar. If you are unfamiliar with the author or his signature, you will simply ignore it, though it remains for your scrutiny. It is thus also with PGP signatures. > In the meantime, though, since forgery is a total > non-issue on this channel That is a subjective value judgement, and one with which I (and it would seem others as well) do not agree. Just because an event has never happened before, does not mean it will not ever. And just because if it ever does, YOU will not care, some of us may. > the PGP clutter is no more appropriate here than any of the other > clutter (eg. HTML, TNEF, RichText, etc, etc...) Again, we are in disagreement. The amount of extra text a PGP signature adds to a message is generally around 100 bytes or so, and represents about as much clutter as someone's large signature or custom e-mail headers (x-face and my favorite x-message-flag come to mind). And unlike those you mention, a PGP signature serves a useful FUNCTION distinct from the content of the message, which is to provide a *reasonably* reliable, though admittedly imperfect, assurance of the *author's* (but unfortunately not necessarily the *sender's*) identity. Clearly some members of the community *do* find value in this added function, as more than one person here uses it. Commonly, the other formats you mention add nothing to the FUNCTION of the message, but only modify the FORM, assuming the viewer is capable of interpreting them, and then at the expense of (generally) adding multiples of the message size in extra payload. In cases where those other formats do provide additional functionality, there are generally more efficient and more acceptable alternatives to providing them in the message itself. For example, when one might be inclined to use HTML mail to distribute a web form in an e-mail message, a more efficient alternative is to simply make the form available from a web site, and provide the *address* of the web form, rather than the form itself. AFAIK, no such alternatives exist for PGP signatures. For all of the above reasons, I argue both that PGP signatures do add value to a message, and that there is absolutely no comparison between a PGP signature and any of the aforementioned methods of message formatting. And if it will appease you, I also know that exmh, the particular mailer you use, can easily be configured so that the "PGP clutter" does not appear in the message body (assuming you have some form of PGP installed, which most modern Linux systems include). While I rarely offer the assistance of others without first asking, I've little doubt that Paul Lussier would be delighted to help you set that up. :) If you happen to use some other mailer at an alternate location, the mailers which can be made to understand cleartext PGP signatures, and thereby reduce or eliminate "clutter" include (but are not limited to): mutt pine exmh kmail Microsoft Outlook HTH. - -- Derek Martin [EMAIL PROTECTED] - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8dgevdjdlQoHP510RAp3LAJ9PxlT/vPBv8mx/+4/4MzlSUKh6rgCeMXA+ i7MFEyeCEoQD7a7QTpxIzvE= =eoFs -----END PGP SIGNATURE----- ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
