[linux-elitists] Fwd: PGP signature attachments!
Karsten M. Self
Fri Sep 7 12:01:29 PDT 2001
on Fri, Sep 07, 2001 at 10:51:00AM -0700, Aaron Lehmann (firstname.lastname@example.org) wrote:
> On Fri, Sep 07, 2001 at 10:44:55AM -0700, Wil Cooley wrote:
> > How the hell do you respond to someone like this?
> Try Karsten's canned response:
> A (not so) Short Rant / FAQ on the Subject of
> Signed E-Mail and Public Key Infrastructure
> Karsten M. Self <email@example.com>
> You're probably reading this because you either stumbled across it
> at my website, or I sent it to you in response to an email you sent
> me saying you can't read my mail. In the latter case, the short
> answer is that:
Thanks for posting that, Aaron.
I'm honing that rant (it was re-honed for the rant-o-matic), and would
In particular, it could use some tightening up and probably stand to
take a (slightly) less aggressive stance. The key messages I'd like to
get across are:
- I'm going to keep doing this. This has both a personal benefit and
an evangelistic effort.
- Authentication and encryption are useful and good, with enumerable
benefits (enumerated in the current long version). Widespread
support is useful and good. This is a functioning, open, free,
standard (or draft thereof).
- Your mailer's lack of support, or your organization's inability to
handle email attachments, indicates something *very* wrong with the
world. Seek appropriate redress from vendor(s) and/or management.
- This isn't a virus. It's not an HTML attachment (I'm hearing this
claim more and more lately). Stop accusing me of things I'm not
doing, and justify the basis for your claim(s).
- Specifically: you, as a reader, are responsible for validating the
reliability of your sources. I don't send unsigned mail (barring a
very occasional slip). If you get signed mail from me, you should
verify the signature. If you get unsigned mail that *claims* to be
from me, you should alert me of the fact. It may be an error. It
may be someone trying to spoof me.
- PKI isn't bulletproof. There are ways the system can be
compromised. But it's a far better assurance than cleartext or
Karsten M. Self <firstname.lastname@example.org> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010907/690ddc3d/attachment.pgp
More information about the linux-elitists