From cb27f1cb4676e7fccee2c7b5936b8b2691dbdee9 Mon Sep 17 00:00:00 2001 From: Mikaela Suomalainen Date: Wed, 9 May 2012 11:40:15 +0300 Subject: [PATCH] PGP/WhyDoISignEmails.html: Write clear explanation about why I sign my emails. --- PGP/Clearsigning.html | 14 +----- PGP/Clearsigning.html.md | 31 -------------- PGP/WhyDoISignEmails.html | 38 +++++++++++++++++ PGP/WhyDoISignEmails.html.md | 82 ++++++++++++++++++++++++++++++++++++ 4 files changed, 121 insertions(+), 44 deletions(-) delete mode 100644 PGP/Clearsigning.html.md create mode 100644 PGP/WhyDoISignEmails.html create mode 100644 PGP/WhyDoISignEmails.html.md diff --git a/PGP/Clearsigning.html b/PGP/Clearsigning.html index 2bbb9ab..de19b4d 100644 --- a/PGP/Clearsigning.html +++ b/PGP/Clearsigning.html @@ -1,13 +1 @@ -

Why do you GPG clearsign your emails instead of using PGP/MIME or something less spammy?

-

I am clearsigning my emails instead of using PGP/MIME, because I am on multiple mailing lists and most of them use mailing list software, which messes up with headers and this way make PGP/MIME signatures unverifiable.

-

But clearsigned signature looks ugly.

-

I know that clearsigned messages may look ugly to email clients, which don't support PGP, but they can at least be verified on all mailing lists.

-

I am on slow connection and your signature is too big for me.

-

I am sorry for that. But keep in mind that your email client would still download ther PGP/MIME signature (signature.asc) file even if I used PGP/MIME.

-

Which mailing lists do that?

-

At least the following:

-
    -

  1. Ubuntu mailing lists. See also bug 996581 at Launchpad.

    2. -

  2. Mozdev mailing lists.

    3. -

  3. GnuPG mailing lists.

    4. -
+ diff --git a/PGP/Clearsigning.html.md b/PGP/Clearsigning.html.md deleted file mode 100644 index 05432be..0000000 --- a/PGP/Clearsigning.html.md +++ /dev/null @@ -1,31 +0,0 @@ -Why do you GPG clearsign your emails instead of using PGP/MIME or something less spammy? ----------------------------------------------------------------------------------------- - -I am clearsigning my emails instead of using PGP/MIME, because I am on -multiple mailing lists and most of them use mailing list software, -which messes up with headers and this way make PGP/MIME signatures -unverifiable. - -But clearsigned signature looks ugly. -------------------------------------- - -I know that clearsigned messages may look ugly to email clients, which -don't support PGP, but they can at least be verified on all mailing lists. - -I am on slow connection and your signature is too big for me. -------------------------------------------------------------- - -I am sorry for that. But keep in mind that your email client would still -download ther PGP/MIME signature (signature.asc) file even if I used -PGP/MIME. - -Which mailing lists do that? ----------------------------- - -At least the following: - -1. [Ubuntu mailing lists](https://lists.ubuntu.com). See also [bug 996581 at Launchpad](https://bugs.launchpad.net/bugs/996581). - -2. [Mozdev mailing lists](https://www.mozdev.org/mailman/listinfo). - -3. [GnuPG mailing lists](http://lists.gnupg.org/mailman/listinfo/). diff --git a/PGP/WhyDoISignEmails.html b/PGP/WhyDoISignEmails.html new file mode 100644 index 0000000..c0cba66 --- /dev/null +++ b/PGP/WhyDoISignEmails.html @@ -0,0 +1,38 @@ +

Signing emails.

+

Why do you sign all your messages?

+

The signature is evidence that message comes from me. If I sign all my messages, I can say that I sign all my messages and possibly unsigned offensive content, which is spoofed to "come" from my address, isn't sent by me.

+

But it doesn't prove anything, you can just leave offensive content unsigned.

+

True, I could do that. But I don't have habit of writing offensive text and saying that it doesn't come from me.

+

Your signature doesn't mean anything anyway, because you aren't part of any trust web.

+
    +

  1. Some people at IRC lsign keys of each other, so I am in somekind of trustweb.

    2. +

  2. The signature can still prove that the email hasn't been modified after sending.

    3. +

  3. This can change in the future. My key doesn't have any signatures right now, because anyone else near here doesn't use PGP.

    4. +
+

Why you don't get signatures using CAcert?

+

According to "Locate assurer" feature at CAcert, the nearest assurer is 110KM away from me.

+

Why did you mention CAcert?

+

https://wiki.cacert.org/PgpSigning

+

Clearsigning/INLINE signing

+

Why do you GPG clearsign your emails instead of using PGP/MIME or something less spammy?

+
    +

  1. Some mailing list software mess up with headers and make PGP/MIME signatures unverifiable.

    +

    Which mailing lists do that?

    +

    At least the following:

    +
      +

    1. Ubuntu mailing lists. See also bug 996581 at Launchpad.

      2. +

    2. Mozdev mailing lists.

      3. +

    3. GnuPG mailing lists.

      4. +
    2. +

  2. INLINE messages are easier to verify manually (presuming that charset doesn't cause problems).

    3. +

  3. K9 Mail doesn't support PGP/MIME.

    4. +
+

But clearsigned signature looks ugly.

+

This is the problem of your email client. If you use Thunderbird or Icedove or Seamonkey, you can probably install Enigmail and that signature block gets hidden. If you use some other email client, please report bug for that package in your distribution or upstream bug tracker.

+

I am on slow connection and your signature is too big for me.

+

And what does that have to do with INLINE signature? In PGP/MIME you would download the same mess, but inside signature.asc file.

+

Other things

+

Why did you write this page?

+

Because I am fed up explaining myself on some mailing lists. This page will be linked in my email signature and I will ignore every question about things, which read on this page.

+

So you are just ignorant and want to spam people?

+

I want to raise awareness about PGP and that it's very easy to spoof emails from addresses of other people. As stated previously, I will also ignore claims like that.

diff --git a/PGP/WhyDoISignEmails.html.md b/PGP/WhyDoISignEmails.html.md new file mode 100644 index 0000000..7e59006 --- /dev/null +++ b/PGP/WhyDoISignEmails.html.md @@ -0,0 +1,82 @@ +# Signing emails. + +## Why do you sign all your messages? + +The signature is evidence that message comes from me. If I sign all my messages, +I can say that I sign all my messages and possibly unsigned offensive +content, which is spoofed to "come" from my address, isn't sent by me. + +### But it doesn't prove anything, you can just leave offensive content unsigned. + +True, I could do that. But I don't have habit of writing offensive text and saying that it doesn't come from me. + +## Your signature doesn't mean anything anyway, because you aren't part of any trust web. + +1. Some people at IRC lsign keys of each other, so I am in somekind of trustweb. + +2. The signature can still prove that the email hasn't been modified after sending. + +3. This can change in the future. My key doesn't have any signatures right now, because anyone else near here doesn't use PGP. + +### Why you don't get signatures using [CAcert]? + +According to "Locate assurer" feature at [CAcert], the nearest assurer is + 110KM away from me. + +#### Why did you mention [CAcert]? + +[https://wiki.cacert.org/PgpSigning](https://wiki.cacert.org/PgpSigning) + +[CAcert]:https://cacert.org/ + +# Clearsigning/INLINE signing + +## Why do you GPG clearsign your emails instead of using PGP/MIME or something less spammy? + +1. Some mailing list software mess up with headers and make PGP/MIME signatures unverifiable. + + Which mailing lists do that? + + At least the following: + + 1. [Ubuntu mailing lists](https://lists.ubuntu.com). See also [bug 996581 at Launchpad](https://bugs.launchpad.net/bugs/996581). + + 2. [Mozdev mailing lists](https://www.mozdev.org/mailman/listinfo). + + 3. [GnuPG mailing lists](http://lists.gnupg.org/mailman/listinfo/). + +2. INLINE messages are easier to verify manually (presuming that charset doesn't cause problems). + +3. [K9 Mail] doesn't support PGP/MIME. + +[K9 Mail]:https://github.com/k9mail/k-9 + + +## But clearsigned signature looks ugly. + +This is the problem of your email client. If you use [Thunderbird or Icedove or Seamonkey], +you can probably install [Enigmail] and that signature block gets hidden. +If you use some other email client, please report bug for that package in +your distribution or upstream bug tracker. + +[Thunderbird or Icedove or Seamonkey]:https://mozilla.org/thunderbird +[Enigmail]:http://enigmail.mozdev.org/home/index.php.html + +## I am on slow connection and your signature is too big for me. + +And what does that have to do with INLINE signature? In PGP/MIME you would + download the same mess, but inside signature.asc file. + +# Other things + +## Why did you write this page? + +Because I am fed up explaining myself on some mailing lists. This page will + be linked in my email signature and I will ignore every question about things, + which read on this page. + +## So you are just ignorant and want to spam people? + +I want to raise awareness about PGP and that it's very easy to spoof emails + from addresses of other people. As stated previously, I will also ignore + claims like that.