Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-02-23 17:00:40 +01:00
Code Issues Projects Releases Wiki Activity

PGP/WhyDoISignEmails: update.

Browse Source
This commit is contained in:
Mikaela Suomalainen 2012-08-11 10:41:03 +03:00
parent d7fa5bb849
commit 71138198bb
2 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
PGP/WhyDoISignEmails.html
View File

@ -4,12 +4,17 @@
<h3 id="but-it-doesnt-prove-anything-you-can-just-leave-offensive-content-unsigned.">But it doesn't prove anything, you can just leave offensive content unsigned.</h3>
<p>True, I could do that. But I don't have habit of writing offensive text and saying that it doesn't come from me.</p>
<h2 id="your-signature-doesnt-mean-anything-anyway-because-you-arent-part-of-any-trust-web.">Your signature doesn't mean anything anyway, because you aren't part of any trust web.</h2>
<ol class="incremental" style="list-style-type: decimal">
<li><p>Some people at IRC lsign keys of each other, so I am in somekind of trustweb.</p></li>
<li><p>The signature can still prove that the email hasn't been modified after sending.</p></li>
<li><p>This can change in the future. My key doesn't have any signatures right now, because anyone else near here doesn't use PGP.</p></li>
</ol>
<h3 id="why-you-dont-get-signatures-using-cacert">Why you don't get signatures using <a href="https://cacert.org/">CAcert</a>?</h3>
<p>Actually, I am, but my key is only signed by bots (see below).</p>
<p>You might have &quot;import-minimal&quot; or &quot;import-clean&quot; in your keyserver-options in your gpg.conf, so you don't see the signatures. If you don't have them, run</p>
<blockquote>
<p>gpg --keyserver pool.sks-keyservers.net --refresh-keys 0x4DB53CFE82A46728</p>
</blockquote>
<p>and signatures should appear.</p>
<p><em>NOTE</em>: My key contains information, that my preferred keyserver is pool.sks-keyservers.net, so it's used with --refresh-keys with my key even if you speify another keyserver. This isn't the case if you use very old version of my key.</p>
<h3 id="why-you-dont-get-signatures-from-some-bot-certificate-authority">Why you don't get signatures from some bot certificate authority?</h3>
<h4 id="pgp-global-directory"><a href="https://keyserver.pgp.com/vkd/GetWelcomeScreen.event">PGP Global Directory</a></h4>
<p>I have got signature from <a href="https://keyserver.pgp.com/vkd/GetWelcomeScreen.event">PGP Global Directory</a>, it wanted only to confirm my email addresses.</p>
<h3 id="cacert"><a href="https://cacert.org/">CAcert</a></h3>
<p>According to &quot;Locate assurer&quot; feature at <a href="https://cacert.org/">CAcert</a>, the nearest assurer is 110KM away from me.</p>
<h4 id="why-did-you-mention-cacert">Why did you mention <a href="https://cacert.org/">CAcert</a>?</h4>
<p><a href="https://wiki.cacert.org/PgpSigning">https://wiki.cacert.org/PgpSigning</a></p>

20
PGP/WhyDoISignEmails.html.md
View File

@ -12,13 +12,23 @@ True, I could do that. But I don't have habit of writing offensive text and sayi
## Your signature doesn't mean anything anyway, because you aren't part of any trust web.
1. Some people at IRC lsign keys of each other, so I am in somekind of trustweb.
Actually, I am, but my key is only signed by bots (see below).
2. The signature can still prove that the email hasn't been modified after sending.
You might have "import-minimal" or "import-clean" in your keyserver-options in your gpg.conf, so you don't see the signatures. If you don't have them, run
3. This can change in the future. My key doesn't have any signatures right now, because anyone else near here doesn't use PGP.
> gpg --keyserver pool.sks-keyservers.net --refresh-keys 0x4DB53CFE82A46728
### Why you don't get signatures using [CAcert]?
and signatures should appear.
*NOTE*: My key contains information, that my preferred keyserver is pool.sks-keyservers.net, so it's used with --refresh-keys with my key even if you speify another keyserver. This isn't the case if you use very old version of my key.
### Why you don't get signatures from some bot certificate authority?
#### [PGP Global Directory]
I have got signature from [PGP Global Directory], it wanted only to confirm my email addresses.
### [CAcert]
According to "Locate assurer" feature at [CAcert], the nearest assurer is
110KM away from me.
@ -29,6 +39,8 @@ According to "Locate assurer" feature at [CAcert], the nearest assurer is
[CAcert]:https://cacert.org/
[PGP Global Directory]:https://keyserver.pgp.com/vkd/GetWelcomeScreen.event
# Clearsigning/INLINE signing
## Why do you GPG clearsign your emails instead of using PGP/MIME or something less spammy?