[49823] in North American Network Operators' Group
Re: Evil PGP sigs thread must die. was Re: Stop it with putting your e-mail body in my MUA OT
daemon@ATHENA.MIT.EDU (Scott Francis)
Wed Jul 10 15:20:07 2002
Date: Wed, 10 Jul 2002 12:13:10 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: Andy Dills <andy@xecu.net>
Cc: nanog@nanog.org
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Andy Dills <andy@xecu.net>, nanog@nanog.org
In-Reply-To: <Pine.BSF.4.44.0207101439450.3792-100000@thunder.xecu.net>
Errors-To: owner-nanog-outgoing@merit.edu
--gQt10JDuGyDb0HQ5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jul 10, 2002 at 03:01:00PM -0400, andy@xecu.net said:
[snip]
> > Signing post means only that you know with some certainty the bozo
> > to hold responsible. I want to own up to my bozoesk, arrogant and
> > stupid ramblings.
>=20
> Ah, and that's where the arrogance comment came from. You assume that the
> members of nanog care. I'm not trying to call you an arrogant person, and
> I recognize that you're not being blatantly arrogant, it's more of a
> passive assumption. The passive assumption is that your words are
> important enough that somebody might want to verify them. So, does EVERY
> email need to be pgp signed?
If it's important enough to post in the first place, it's worth taking the
minimal effort required to sign it. I cannot understand the source of the
surprisingly vehement reaction against the PGP/MIME standard and PGP signing
in general. I would have thought this audience, at least, would understand
the importance of promoting the use of cryptography in general.
Perhaps I was being naive.
> When was the last time somebody on this list bothered to check the
> validity of a pgp signed message which they received via nanog?
Every single one that's signed, I check. But then, my MUA does it
automagically.
[Content-type: text/political]
It's just Good Standard Practice. It frequently takes a while for the slower
vendors to catch up to standards, but in this case, I think it's a good ide=
a to
push the vendors as much as possible towards adoption of support for the
OpenPGP standard and strong crypto in general.
It may not be personally important to every person for every message at this
point in time, but the more common crypto is, the less likely we are to find
it de jure or de facto outlawed. The legal history of crypto in the United
States, if nowhere else, should provide incentive in this area.
--
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--gQt10JDuGyDb0HQ5
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9LIdFWaB7jFU39ScRApGDAJ9K4BCteNb2CEsG4/l8PjvkC4oqWQCgr1I+
Ssr1JPPn7cf5NEJeItD6Siw=
=hij/
-----END PGP SIGNATURE-----
--gQt10JDuGyDb0HQ5--
