IETF Logo Mail Archive

Re: pgp signing in van

Brian Trammell <trammell@tik.ee.ethz.ch> Mon, 09 September 2013 08:32 UTC

Return-Path: <trammell@tik.ee.ethz.ch>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F69F11E818E for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 01:32:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Iv3kHw+N+17j for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 01:31:49 -0700 (PDT)
Received: from smtp.ee.ethz.ch (smtp.ee.ethz.ch [129.132.2.219]) by ietfa.amsl.com (Postfix) with ESMTP id 3F0BE21F8CB4 for <ietf@ietf.org>; Mon, 9 Sep 2013 01:31:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.ee.ethz.ch (Postfix) with ESMTP id 57592D9305; Mon, 9 Sep 2013 10:31:48 +0200 (MEST)
X-Virus-Scanned: by amavisd-new on smtp.ee.ethz.ch
Received: from smtp.ee.ethz.ch ([127.0.0.1]) by localhost (.ee.ethz.ch [127.0.0.1]) (amavisd-new, port 10024) with LMTP id dcwwCFXhPiXD; Mon, 9 Sep 2013 10:31:48 +0200 (MEST)
Received: from [10.0.27.107] (cust-integra-122-165.antanet.ch [80.75.122.165]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: briant) by smtp.ee.ethz.ch (Postfix) with ESMTPSA id 15A0DD9300; Mon, 9 Sep 2013 10:31:48 +0200 (MEST)
Content-Type: multipart/signed; boundary="Apple-Mail=_3A438530-0AD7-4D51-B84E-B29BBAADA621"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: pgp signing in van
From: Brian Trammell <trammell@tik.ee.ethz.ch>
In-Reply-To: <522D03C4.5060807@isdg.net>
Date: Mon, 09 Sep 2013 10:31:54 +0200
Message-Id: <639FFAA8-AD56-4289-BC9F-676A03032BA3@tik.ee.ethz.ch>
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com> <522A71A5.6030808@gmail.com> <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com> <CAPv4CP_ySqyEa57jUocVxX6M6DYef=DDdoB+XwmDMt5F9eGn1A@mail.gmail.com> <18992.1378676025@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527BC7A@mbx-01.win.nominum.com> <522CF86C.9040909@stpeter.im> <522D03C4.5060807@isdg.net>
To: Hector Santos <hsantos@isdg.net>
X-Mailer: Apple Mail (2.1508)
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 08:32:02 -0000

hi Hector, Peter, all,

On 9 Sep 2013, at 1:09, Hector Santos <hsantos@isdg.net> wrote:

> 
> On 9/8/2013 6:21 PM, Peter Saint-Andre wrote:
>> On 9/8/13 3:50 PM, Ted Lemon wrote:
>>> 
>>> What's the upside to signing my email?   I know why I want
>>> everybody I know to sign my email, but what's the upside for me if
>>> I do it? Until there's a clear win, it's not going to happen.
>> 
>> There are two that I see:
>> 
>> 1. Since it's quite easy to send faked messages (and I have seen that
>> done on public lists in an effort to embarrass or impugn the sender),
>> signing one's messages makes it clear that the message really came
>> from you.
>> 
>> 2. Signing one's messages is a way of advertising that one is capable
>> of engaging in encrypted communication. (This might not be a welcome
>> analogy, but it's kind of like open carry for encryption.)
>> 
>> Peter
> 
> But until the MUAs across the board support it out of the box, I believe most people don't know about it or know what it means.  See attached small snippet showing the "Message Security Info" of your message according to the Thunderbird MUA.
> 
> I don't think we can even establish a standard practice with PGP and others, including with the recent standardized DKIM.  Where is the BCP for the MUAs, MDAs, MSAs?
> 
> There will always be victims (users with MUAs) who don't support this or that, but I think the IETF can finally begin considering ideal product development concepts for vendors to follow.

A first step -- and a way to get over the "but nobody I communicate with signs/encrypts" chicken-and-egg problem -- is actually using the tools ourselves. In a larger sense, if we're going to talk seriously about adding surveillance resistance to the criteria for a "better Internet", the more of us use these tools, the more likely we are to make useful recommendations for usage and management of these technologies.

This is the reason I've started using GPG again ten years after the last use of my old key. I must say at least that GPGMail (on the Mac) has gotten _much_ better in the intervening decade.

Best regards,

Brian

v2.23.0 | Report a Bug | By Email