[linux-elitists] Fwd: PGP signature attachments!

Karsten M. Self kmself@ix.netcom.com
Fri Sep 7 12:01:29 PDT 2001


on Fri, Sep 07, 2001 at 10:51:00AM -0700, Aaron Lehmann (aaronl@vitelus.com) wrote:
> On Fri, Sep 07, 2001 at 10:44:55AM -0700, Wil Cooley wrote:
> > How the hell do you respond to someone like this?
> 
> Try Karsten's canned response:
> 
> 
> 	A (not so) Short Rant / FAQ on the Subject of 
> 	Signed E-Mail and Public Key Infrastructure
> 
> 	Karsten M. Self <kmself@ix.netcom.com>
> 
> 
> 	    You're probably reading this because you either stumbled across it
> 	    at my website, or I sent it to you in response to an email you sent
> 	    me saying you can't read my mail.  In the latter case, the short
> 	    answer is that:

LOL!

Thanks for posting that, Aaron.

I'm honing that rant (it was re-honed for the rant-o-matic), and would
welcome feedback.

In particular, it could use some tightening up and probably stand to
take a (slightly) less aggressive stance.  The key messages I'd like to
get across are:

  - I'm going to keep doing this.  This has both a personal benefit and
    an evangelistic effort.

  - Authentication and encryption are useful and good, with enumerable
    benefits (enumerated in the current long version).  Widespread
    support is useful and good.  This is a functioning, open, free,
    standard (or draft thereof).

  - Your mailer's lack of support, or your organization's inability to
    handle email attachments, indicates something *very* wrong with the
    world.  Seek appropriate redress from vendor(s) and/or management.

  - This isn't a virus.  It's not an HTML attachment (I'm hearing this
    claim more and more lately).  Stop accusing me of things I'm not
    doing, and justify the basis for your claim(s).

  - Specifically:  you, as a reader, are responsible for validating the
    reliability of your sources.  I don't send unsigned mail (barring a
    very occasional slip).  If you get signed mail from me, you should
    verify the signature.  If you get unsigned mail that *claims* to be
    from me, you should alert me of the fact.  It may be an error.  It
    may be someone trying to spoof me.

  - PKI isn't bulletproof.  There are ways the system can be
    compromised.  But it's a far better assurance than cleartext or
    unsigned content.

Cheers.

-- 
Karsten M. Self <kmself@ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010907/690ddc3d/attachment.pgp 


More information about the linux-elitists mailing list