[wellylug] Why do you/people digitally GPG sign your e-mails, sorry?

Jo Booth thegeek at mangee.net.nz
Wed Mar 15 22:09:03 NZDT 2006 

On 15/03/2006, at 15:11 , Jeremy Naylor wrote:

> Why do you/people digitally GPG sign your e-mails, sorry?

Habit I suppose.. Started signing most emails when I started using  
Mail.app on Tiger (Mac) - just cause I could...  And now that box is  
ticked by default.
If you had a key it'd encrypt to you default too.

Unfortunately encyption causes angst with people who get encypted  
mail and only set-up a GPG key for fun years ago. ;)  As someone  
recently said to me in response to an encrypted email:
> "PGP is only needed when being subversive [this] ain't subversive,  
> [Yet]."

PGP/GPG is good for making "plans":
>> "I have a plan. First I need your PGP key. Please send."
> $ gpg --search-keys mangee

At work some aspects of our work are required by IANZ to be digitally  
signed in some manner. In my years of issuing digitally signed  
documents to clients, i've only had one person actually tell me that  
they found it useful.. most, like you, treat it as a unwanted  
attachment or a extra few Kb in a pdf etc.
A scribbled signature on a piece of paper doesn't necessarily mean  
anything until it's witnessed - and even then - two scribbles on a  
piece of paper don't mean much more, despite the stock society puts  
in them.  Having a robust mechanism of associating a scribble (or a  
digital 'key') with a person, and a way to verify and conclusively  
trust that identify is a good thing for communiqués of all kinds.

Do my signed messages break into parts? I think they used to when I  
signed inline?

Jethro has a Content-Type: multipart/signed; part - same as me...
Some mail application might not recognise it as a "normal" mime type  
to render --- and not automatically opened on mail applications that  
don't render them automatically for fear of automatically running  
viruses? :/

My mailer just has an extra bit:
> This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Hrm.  :)

Jethro - the "expert" on keys: is there such a thing as group  
encryption -- like could you send an encrypted message to the list --  
and still have everyone have their own password/private key to  
decrypt?  Or would everyone have to share the same private key?

Just wondering.

-Jo.
[who has a PGP.sig attached, ready to be deleted, and a multipart/ 
signed to be opened]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20060315/f0584dd6/attachment.pgp

More information about the wellylug mailing list