[NTLUG:Discuss] GPG and Signing

[Chris Cox]

MadHat wrote:
...
> 
> But what is the use of signing the message?  Its isn't like using
> passwords, its like putting your thump print on every piece of
> snail-mail you send to all your friends, family and coworkers so they
> know it is you.  Here is another issue.  I don't have his public key, so
> I can't verify it is him anyway.  The only way I can get his public key
> right now is via email or a server, but how do I know that the key is
> valid?  So signing to anyone you haven't given your key to in a secure
> manner is useless anyway.

I don't sign my messages generally anymore.  Just causes too many
issues as you have already mentioned.  I was just pointing out that
some clients allow you to enable signing by default (well... I actually
used that plugin thing back when I was signing my messages).  Forged
messages are a way of life nowadays... so signed messages could indeed be
a real security issue.

Nice to register your key with an accessible key server though if
you do sign.


.....
> 
>>Sounds to me like you're a evolution-loving-whiner :-)
> 
> 
> No, I bitch when I don't use evolution as well.  I just use this because
> it is easier at work.

It's certainly gotten better.  But not to the point where I'd switch.
If I have to use something that looks like Outlook, I use Outlook
running under wine.  And then it's only because I need to tie into
Exchange.  (everyone can uncover their eyes now... I'm done talking
about Outlook)

> 
>>Oh well.  It's called evolution for a reason.
> 
> 
> evolution take time, that's the problem.  The Ximian guys said the
> problem is S/MIME and it is "not supported at this time".  I told them
> their product was "not usable at this time", we'll see what they ahve to
> say.

I'd be surprised if they respond (knowing a bit about those fellows).