[49831] in North American Network Operators' Group
Re: Evil PGP sigs thread must die. was Re: Stop it with putting your e-mail body in my MUA OT
daemon@ATHENA.MIT.EDU (Scott Francis)
Wed Jul 10 16:02:48 2002
Date: Wed, 10 Jul 2002 13:00:50 -0700
From: Scott Francis <darkuncle@darkuncle.net>
To: Andy Dills <andy@xecu.net>
Cc: nanog@nanog.org
Mail-Followup-To: Scott Francis <darkuncle@darkuncle.net>,
Andy Dills <andy@xecu.net>, nanog@nanog.org
In-Reply-To: <Pine.BSF.4.44.0207101536210.3792-100000@thunder.xecu.net>
Errors-To: owner-nanog-outgoing@merit.edu
--i7PFf0A+xzvFOD9h
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Jul 10, 2002 at 03:45:41PM -0400, andy@xecu.net said:
[snip]
> Yes, but once again you must consider content, given that most mail
> clients don't automatically verify signatures. Most of us will have to
And _therein_ lies the problem. And if the clued among us do not pressure
vendors to Do The Right Thing, history has proven they will Do The Profitab=
le
Thing instead.
> Lest anybody confuse my argument, I think PGP signatures are a good thing.
> I just don't think people need to sign everything they send. And I'm
> talking about posts to Nanog here, not private communication. In private
> communication, it's reasonable to sign most everything sent with official
> business purpose.
As I mentioned before - sign everything. It's just a good habit to be in, a=
nd
there are no good arguments against it (except for the preceding one about
MUAs not supporting PGP commands, and _that_ can be changed with pressure
from those purchasing the software. Which (surprise!) many of us are either
in charge of, or have influence over.)
> If the majority of mail clients automatically verified pgp signatures, I
> would be totally in favor of signing every single email. But the simple
So _help create that majority_. Sitting around complaining on NANOG that su=
pport
doesn't exist will not improve the situation. Let your vendor know that this
is an important^W^Wa critical feature for you.
> fact is that not only do most mail clients not support that, many mail
> clients can't even display the signed text inline! Surely a compromise is
> needed for now.
As the mutt homepage says: All mail clients suck. This one sucks less.
If we want things to Not Suck, the only way it's going to happen is if we
put some effort into making it so.
--=20
-=3D Scott Francis || darkuncle (at) darkuncle (dot) net =3D-
GPG key CB33CCA7 has been revoked; I am now 5537F527
illum oportet crescere me autem minui
--i7PFf0A+xzvFOD9h
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
iD8DBQE9LJJyWaB7jFU39ScRAkqvAJ9mOJPEgWvDUkwxgyd2+Nes4L2GLQCeLwzr
/l6t2zpVxytkycTFKDhOO1c=
=qvG/
-----END PGP SIGNATURE-----
--i7PFf0A+xzvFOD9h--
