-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
I can't speak for other people, but I can for me. Take
a look at the UIDs on my key, which is
0xC7C66ADF3DB6D884. And also, take a look at my master
key 0x2188A92DF05045C2 that I signed the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 19 March 2010 at 6:54:06 AM, in
mid:4ba31f8e.1050...@gmail.com, Paul Richard Ramer wrote:
On Sat, 13 Mar 2010 20:05:21 + MFPA wrote:
It looks to me as if the answer is yes. Unless each
person who had one of your email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Wednesday 17 March 2010 at 12:58:37 AM, in
mid:pine.gso.4.61.1003161106110.25...@dionne.cs.albany.edu, reynt0
wrote:
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote: . . .
When the reader is Big Brother, or a potential
employer or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Tuesday 16 March 2010 at 6:02:15 AM, in
mid:4b9f1ee7.9000...@gmail.com, Paul Richard Ramer wrote:
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:
I don't understand the comment that they were never
private information. They will have
On Mon, 15 Mar 2010 14:49:32 + MFPA wrote:
. . .
In fact, just by posting to this mailing list we have
given up some privacy or anonymity. The nature of the
way we write, what we think, the experiences that we
relate--all of these reveal something about ourselves.
When the reader is Big
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Monday 15 March 2010 at 7:54:03 AM, in
mid:4b9de79b.3050...@gmail.com, Paul Richard Ramer wrote:
If you knew more about how I shared those e-mail
addresses, you might conclude differently.
OK
I think that I disclosed less than you
Hello MFPA,
I couldn't respond to your post for a while. So here it is.
On Mon, 8 Mar 2010 21:38:18 + MFPA wrote:
I never asserted that you said the key's originator owned the
information stored in the key. I was quoting the context of what your
reply about the originator having some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 13 March 2010 at 11:15:32 AM, in
mid:4b9b73d4.4090...@gmail.com, Paul Richard Ramer wrote:
The issue of law is not an integral part of the
answer to the question of what should be. It is an
integral part of the answer to what
MFPA wrote:
On Saturday 6 March 2010 at 8:55:48 AM, you wrote:
On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
(b) the person owns the information has the right to
control how it is disseminated, and
This was someone's re-interpretation of my point. Spot the extra ?
Hello MFPA,
I never
Hello MFPA,
I will summarize the rights and restrictions that I believe you say
that an OpenPGP user has with another's public key. I will call this
the rules of Key Rights Management or KRM for short.
Rights of the Key Originator
* Can restrict the uploading of the
MFPA wrote:
In each of these cases, John Doe made the mistake of thinking that
he could keep his personal information in his key, and that he could
keep his key off the keyservers. If John were to make the wisest
decision about keeping his personal informaton secret, wouldn't he
choose to not
On Sat, 27 Feb 2010 03:52:02 + MFPA wrote:
(b) the person owns the information has the right to
control how it is disseminated, and
The data subject does have various rights concerning the personal
information that is about him.
Hello MFPA,
How far do the rights of the key holder go?
Hello MFPA,
During this whole debate, you have assumed one thing in your argument
that I don't believe anyone has pointed out as being flawed. You have
assumed that the person (I will call him John Doe) would have decided
to create a UID that contained the personal information that he wants
to
On Wed, Mar 03, 2010 at 06:44:25PM +, MFPA wrote:
On Wednesday 3 March 2010 at 4:16:21 PM, you wrote:
On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
There are privacy issues, especially if user-ids on the key contain
email addresses. In some cases, the authorities knowing an
On Sat, Feb 27, 2010 at 12:30:21AM +, MFPA wrote:
No impact on the web of trust. But your online presence (and possibly
that of somebody else with the same name) can feed into decisions
about employing you or doing business with you, often/usually made by
people who don't actually
On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
There are privacy issues, especially if user-ids on the key contain
email addresses. In some cases, the authorities knowing an individual
used encryption could be a problem.
There are issues of tradecraft, then. Using OpenPGP as a tool for
On 03/03/2010 11:16 AM, Mark H. Wood wrote:
On Fri, Feb 26, 2010 at 03:53:27PM +, MFPA wrote:
There are privacy issues, especially if user-ids on the key contain
email addresses. In some cases, the authorities knowing an individual
used encryption could be a problem.
There are issues of
On 3/3/2010 1:25 PM, Daniel Kahn Gillmor wrote:
There are issues of tradecraft, then. Using OpenPGP as a tool for
committing crimes is kind of stupid.
Can we not go down this line of argument, please?
I agree that OpenPGP implementations can be useful tools for the
advancement of human
On 3/3/2010 1:44 PM, MFPA wrote:
I feel there is a strong assumption among OpenPGP users that our
community is, *ahem*, open.
Is it not also a reasonable assumption, that those who use and promote
privacy-enhancing software will value and respect privacy?
It is not reasonable that their
On Sun, 28 Feb 2010, David Shaw wrote:
On Feb 28, 2010, at 4:20 PM, reynt0 wrote:
On Sat, 27 Feb 2010, Robert J. Hansen wrote:
. . .
The perfect is the enemy of the good.
Just to note, did RJH actually intend to write
...the enemy of the good enough., which I believe is
the usual quote?
On Feb 27, 2010, at 4:54 PM, Grant Olson wrote:
Doh! Originally sent off list... Maybe Robert got a psychic vibe...
On 2/27/2010 2:21 PM, MFPA wrote:
I don't want such a vote. Whether somebody chooses to include an email
address in their UID is up to the individual. I have not seen
On Sat, 27 Feb 2010, Paul Richard Ramer wrote:
. . .
Speculation isn't any more progress than an idea is action. Speculation
buttressed with facts leads, in time, to progress. But speculation,
. . .
And speculation often has the very useful effect of stimulating
search for new facts where
On Sun, 28 Feb 2010, MFPA wrote:
. . .
no way to prove you're MFPA. So I can't sign your key.
If you knew me personally, you could.
And as I already said, do you know MFPA's not my legal identity?
There used to be somebody in my town who had officially changed his
name to FREFF. (Never did
That isn't how the web of trust works. Well, it *can* work that way
for you, since you can choose who to trust and who not to, but that's
not the information encoded in there. I know dozens of people on the
net. I've exchanged encrypted mail with them, I've worked with them, in
some case
On Sat, 27 Feb 2010, Robert J. Hansen wrote:
. . .
The perfect is the enemy of the good.
Just to note, did RJH actually intend to write
...the enemy of the good enough., which I believe is
the usual quote? The two are rather different ideas,
even more so if morality has been included as an
The perfect is the enemy of the good.
It's a pretty common engineering maxim. It's not a statement about morality --
or, at least, it wasn't my intent for it to be taken as such.
For an excellent engineering example of the difference between perfect and
good, compare Project Xanadu to the
On Feb 27, 2010, at 3:23 PM, Robert J. Hansen wrote:
I agree that generally speaking, it's a good idea to put keys on the
keyservers. I don't know if that makes it conventional wisdom, or who the
arbiter of such wisdom might be, but clearly a very common use of OpenPGP is
for encrypted
On Feb 28, 2010, at 4:20 PM, reynt0 wrote:
On Sat, 27 Feb 2010, Robert J. Hansen wrote:
. . .
The perfect is the enemy of the good.
Just to note, did RJH actually intend to write
...the enemy of the good enough., which I believe is
the usual quote? The two are rather different ideas,
You can certainly tell a lot about someone by the signatures on their key.
Either directly from the signature or because those signatures point to other
keys that have their own signatures, etc. With your permission, may I see
what I can find from the signatures on your key D6B98E10?
Go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi reynt0
On Sunday 28 February 2010 at 9:18:55 PM, you wrote:
Now all the serious ones, or maybe the merely curious,
have to do is to search FREFF--or maybe buy from Google the
info Google has about FREFF if nothing can be found easily by
a
On Feb 28, 2010, at 8:09 PM, Robert J. Hansen wrote:
You can certainly tell a lot about someone by the signatures on their key.
Either directly from the signature or because those signatures point to
other keys that have their own signatures, etc. With your permission, may I
see what I
Understood, and I agree it makes no such statement. However, it does make a
reasonably good statement that you were physically located near that person
at a certain point in time, roughly what that time was, and roughly where
(geographically) it happened.
This is assuming the signature is
On Sun, 2010-02-28 at 16:06 -0500, reynt0 wrote:
On Sat, 27 Feb 2010, Paul Richard Ramer wrote:
. . .
Speculation isn't any more progress than an idea is action. Speculation
buttressed with facts leads, in time, to progress. But speculation,
. . .
And speculation often has the very
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jerry wrote:
Maybe not totally apropos to this discussion; however, I worked in
traffic analysis for several years. If given enough leeway, you would
be amazed at the information you can gather about an individual, and at
its astonishing
On Feb 26, 2010, at 12:04 PM, Robert J. Hansen wrote:
In some cases, the authorities knowing an individual used encryption
could be a problem.
Why? Because they have a key on the keyservers? If this is what you're
worried about, rest easy: there are so many easier ways to learn whether
On 2/27/10 9:58 AM, David Shaw wrote:
Do you really mean to suggest that a US authority getting email
headers - even without a warrant - is easier than typing a name into
a search box on a keyserver?
No. You're right, that's clearly easier. However, that only tells you
whether someone has
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 27 February 2010 at 6:11:29 AM, in
mid:4b88b791.7000...@sixdemonbag.org, Robert J. Hansen wrote:
There is a perceived need for $150 bowls of soup, as
evidenced by dozens of high-priced gourmet restaurants
in major cities. The
On Feb 27, 2010, at 11:22 AM, Robert J. Hansen wrote:
On 2/27/10 9:58 AM, David Shaw wrote:
Do you really mean to suggest that a US authority getting email
headers - even without a warrant - is easier than typing a name into
a search box on a keyserver?
No. You're right, that's clearly
On Feb 27, 2010, at 2:21 PM, MFPA wrote:
I have always been taught to challenge the status quo. Because that's
the way we do it is *never* a good reason to continue doing something
in a particular way.
The status quo has something going for it: it works. 95% of all new ideas are
awful and
On Feb 27, 2010, at 3:02 PM, David Shaw wrote:
Much as the email headers do in your example. If the mail is not encrypted,
the headers just show that it might be. In practice, headers won't show much
as the majority of modern mail programs have the capability for encryption of
one sort
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Saturday 27 February 2010 at 4:22:27 PM, in
mid:4b8946c3.5050...@sixdemonbag.org, Robert J. Hansen wrote:
His position seems to have shifted.
As the thread has progressed, the posts I'm replying to have shifted
from It is a good idea to
Doh! Originally sent off list... Maybe Robert got a psychic vibe...
On 2/27/2010 2:21 PM, MFPA wrote:
I don't want such a vote. Whether somebody chooses to include an email
address in their UID is up to the individual. I have not seen anything
that convinces me it is better for me to
This may be a dup - I think the original went out with the wrong From addr
MFPA wrote:
Hi
On Saturday 27 February 2010 at 6:11:29 AM, in
mid:4b88b791.7000...@sixdemonbag.org, Robert J. Hansen wrote:
In any case, I've never seen a convincing argument *for* including email
addresses in the
On Sat, 2010-02-27 at 19:21 +, MFPA wrote:
There is a widespread perception (rightly or wrongly) that exposing
your email address publicly on the internet will lead to that email
address being spammed into oblivion. The new openPGP user is exhorted
to create a key pair using their name and
MFPA wrote:
Hi
On Saturday 27 February 2010 at 6:11:29 AM, in
mid:4b88b791.7000...@sixdemonbag.org, Robert J. Hansen wrote:
In any case, I've never seen a convincing argument *for* including email
addresses in the UID of a PGP key.
Nor have we seen compelling arguments for their omission
On 02/27/10 14:21, John Clizbe wrote:
Nor have we seen compelling arguments for their omission as a general rule
I think it would be more accurate to say that we haven't seen any
arguments that will sway those with strongly held beliefs on either
side. Since we're not likely to see them any time
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Grant
On Saturday 27 February 2010 at 9:54:56 PM, you wrote:
It sounds like you're using the software to do the opposite thing that
many people do. I think digital signatures are utilized much more than
encrypted communication.
I don't
On Sun, 2010-02-28 at 04:33 +, MFPA wrote:
Speculation is great, but speculation isn't fact -- and we need to
change the way we do things based on facts, not on speculations. We
can agree on facts, but our speculations will likely not overlap very much
at all.
I'm sure anybody
I think that MFPA has succinctly summed up his point of view in these
two quotes.
On Sun, 2010-02-28 at 04:33 +, MFPA wrote:
What you're saying here is, even if the advice were sound for one
million users, and destructive to the privacy of just one, I still
would not change because any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 25 February 2010 at 6:04:00 PM, in
mid:4b86bb90.70...@mozilla-enigmail.org, John Clizbe wrote:
Then you need not send your key to the keyserver
network. Pretty simple personal choice, huh? Don't want
to? Don't do it.
Fair
On 2/26/10 9:49 AM, MFPA wrote:
I thought signing somebody's key was just stating to the world that
you believe the claimed identity of the person who controls that key
at the time you are signing it - not an indication that you are in any
way associated.
I'm scratching my head here trying to
On Feb 26, 2010, at 11:24 AM, Robert J. Hansen wrote:
On 2/26/10 9:49 AM, MFPA wrote:
I thought signing somebody's key was just stating to the world that
you believe the claimed identity of the person who controls that key
at the time you are signing it - not an indication that you are in any
On 2/26/10 10:53 AM, MFPA wrote:
There are privacy issues, especially if user-ids on the key contain
email addresses.
This isn't persuasive. It's been hammered out tons of times, and no one
has ever presented a strong argument for keeping email addresses secret.
Usually the same arguments
On 2/26/10 12:38 PM, MFPA wrote:
I am *not* advocating the implementation of any form of
Digital Restrictions Malware (DRM).
You can say you're not advocating DRM -- but if it looks like a duck,
swims like a duck, flies like a duck and quacks like a duck, then it's a
duck.
Digital: yes, the
On 2/26/2010 12:38 PM, MFPA wrote:
I am *not* advocating the implementation of any form of
Digital Restrictions Malware (DRM).
Uploading a somebody else's key without first checking it is OK by
them is a breach of their privacy and could well be illegal/unlawful
in jurisdictions with data
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
MFPA escribió:
...
Do many people check the keyservers for a possible key when they
contact somebody they have not emailed before?
Well, I have done that once or twice...
...
Use of encryption may put an individual under suspicion of illegal
On Feb 26, 2010, at 1:30 PM, Grant Olson wrote:
On 2/26/2010 12:38 PM, MFPA wrote:
I am *not* advocating the implementation of any form of
Digital Restrictions Malware (DRM).
Uploading a somebody else's key without first checking it is OK by
them is a breach of their privacy and could
Alas, while GnuPG supports the flag, no keyserver does.
David
Just curious... Does support just mean it sets the bit? Or will it turn
an attempt to --send-keys on that key into a no-op?
signature.asc
Description: OpenPGP digital signature
On Feb 26, 2010, at 3:37 PM, Grant Olson wrote:
Alas, while GnuPG supports the flag, no keyserver does.
David
Just curious... Does support just mean it sets the bit? Or will it turn
an attempt to --send-keys on that key into a no-op?
Support means it gives the user the ability to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 26 February 2010 at 8:39:07 PM, in
mid:97334e1f-ba6f-403e-83eb-51daee32f...@jabberwocky.com, David Shaw
wrote:
On Feb 26, 2010, at 3:37 PM, Grant Olson wrote:
Alas, while GnuPG supports the flag, no keyserver
does.
David
On 2/26/10 3:14 PM, MFPA wrote:
But if it bears only a slight resemblance to a duck, it is probably
*not* a duck.
You are asserting that (a) the person who created the public key owns
the information, (b) the person owns the information has the right to
control how it is disseminated, and (c)
On Feb 26, 2010, at 4:10 PM, MFPA wrote:
Just curious... Does support just mean it sets the
bit? Or will it turn an attempt to --send-keys on
that key into a no-op?
Support means it gives the user the ability to set and
clear the bit (it is set by default).
Would there not be some
As well as backing up your private key and password on other electronic
storage (CD/memory stick... encrypted of course), I recommend that you
print your private key, a revocation certificate, and your passphrase on
paper, and store that document in a safe place... a secure lock box, ...
a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Friday 26 February 2010 at 5:04:36 PM, in
mid:4b87ff24.3000...@sixdemonbag.org, Robert J. Hansen wrote:
On 2/26/10 10:53 AM, MFPA wrote:
There are privacy issues, especially if user-ids on the key contain
email addresses.
This isn't
On 2/26/10 11:55 PM, MFPA wrote:
Maybe not but there is a perceived need, as evidenced by services
like spamgourmet and all the disposable email address outfits
There is a perceived need for $150 bowls of soup, as evidenced by dozens
of high-priced gourmet restaurants in major cities. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi
On Thursday 25 February 2010 at 3:53:23 AM, in
mid:4b85f433.1040...@mozilla-enigmail.org, John Clizbe wrote:
MFPA wrote:
Hi John
On Thursday 25 February 2010 at 12:17:36 AM, you
wrote:
It is also a good idea to send your key to the
MFPA wrote:
On Thursday 25 February 2010 at 3:53:23 AM, in
mid:4b85f433.1040...@mozilla-enigmail.org, John Clizbe wrote:
MFPA wrote:
Hi John
On Thursday 25 February 2010 at 12:17:36 AM, you wrote:
It is also a good idea to send your key to the keyservers.
But is, of course, a matter
On 2/25/10 9:24 AM, MFPA wrote:
Some people hate the idea and get *very* upset if their key does end
up on the servers.
What you're advocating here is DRM on the honor system. Don't copy
the key, don't distribute the key, don't upload the key, don't do
anything with the key, without the
On Thu, 2010-02-25 at 14:24 +, MFPA wrote:
My point was that not everybody wishes/chooses to send their keys to
the keyservers.
Some people hate the idea and get *very* upset if their key does end
up on the servers.
In my case, the reason that I uploaded my keys to public keyservers was
On Thu, 2010-02-25 at 15:23 -0500, Robert J. Hansen wrote:
On 2/25/10 9:24 AM, MFPA wrote:
Some people hate the idea and get *very* upset if their key does end
up on the servers.
What you're advocating here is DRM on the honor system. Don't copy
the key, don't distribute the key, don't
On Thu, 2010-02-25 at 15:23 -0500, Robert J. Hansen wrote:
On 2/25/10 9:24 AM, MFPA wrote:
Some people hate the idea and get *very* upset if their key does end
up on the servers.
What you're advocating here is DRM on the honor system. Don't copy
the key, don't distribute the key, don't
My error. I didn't CC the following message to the mailing list.
On Thu, 2010-02-25 at 02:38 -0800, Paul Richard Ramer wrote:
I won't add to the other good replies, except for this. Concerning
the
revocation certificate that you would be behooved to create, you
should
take care to protect
On 2/25/10 1:04 PM, John Clizbe said:
MFPA wrote:
On Thursday 25 February 2010 at 3:53:23 AM, in
mid:4b85f433.1040...@mozilla-enigmail.org, John Clizbe wrote:
MFPA wrote:
Hi John
On Thursday 25 February 2010 at 12:17:36 AM, you wrote:
It is also a good
On 2/25/10 8:29 PM, Yawar Amin wrote:
I interpret that word, public, differently. To me just because a key
_can_ be made public doesn't mean it automatically _should_.
What in life is automatic, besides death and taxes?
We are not talking about automatic here. We are talking instead about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tobias Holz escribió:
Hey Folks,
i succesfully installed gnupg on my Win7 machine. I want to use it
with Thunderbird to encrypt personal eMails.
I'm not a Windows user, so I'll explain what I'll do in Linux, but I
suppose it'll be pretty similar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Tobias Holz wrote:
Hey Folks,
i succesfully installed gnupg on my Win7 machine. I want to use it
with Thunderbird to encrypt personal eMails.
Now I've got some questions:
1) What does happen if I lose my private key? Can I burn it to a CD/DVD?
Tobias Holz wrote:
Hey Folks,
i successfully installed gnupg on my Win7 machine. I want to use it
with Thunderbird to encrypt personal eMails.
Now I've got some questions:
1) What does happen if I lose my private key? Can I burn it to a CD/DVD?
If you lose your secret key or forget your
77 matches
Mail list logo