-----BEGIN PGP SIGNED MESSAGE----- On 2011-07-27 8:25 PM, Len Cooley wrote: > Well, let me ask you this. Is it useful/useless/ridiculous/orwhat to > attach your public key as a sig at the end of an email, such as > below? >
It depends on the environment of your receiver. Would they be subject to seeing your signature replaced? Do any policies concern the use of cryptography at their workplace or domicile, say in jail or in a country where Blackberry crypto is an issue (India, if I remember correctly)? Do they live in a country that accepted U.S. export restrictions on cryptography (probably Russia)? Is your recipient a public figure (about whom there might be motivation to pull a Murdoch) or an ex convict (about whom there might still be search warrants)? In any of the rejions where cryptography is controlled, it is a better idea (than simply sending a public key with no signatures on it other than yours) to be creative with the hash on your public key; perhaps telephone verification, perhaps you can personally meet someone on the web of trust. While the Physics of public key cryptography are air tight, it depends on signatures on your public key to become robust in the real world. I suspect that you are more likely to get those if you release your key on servers, and sign a lot of stuff that people consider important. Attaching a photo to your public key might help. So might putting a phone number on your public key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjFNvx47apzXdID2AQEWCQQAkWqfrRfQYixNinxHY96rEawOrCcsRcHF aQDSq0knmwOXRggiQFLkb4iixFKV49hnbfbseDVHRv5cefdldJFuyetGhCruINQj yPesb3cNkyvnCBD8yN4YPkmPfGnDu+9EEaYyRqUSUu18S9q944Gm/m6t2q8LlLXh 9ogBDYNJfio= =FbUF -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users