--===============1469283083== Content-Type: multipart/signed; boundary="nextPart13760413.Aq06kQpU7m"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit --nextPart13760413.Aq06kQpU7m Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 19 January 2007 08:46, Boyan Tabakov wrote: > Below is the original message from Jean-Philippe, as well as my answer. T= he > message was encrypted for me, but seems as a post to everyone... > It's worth pointing out that if you post to the author and to the list, the= =20 ecryption/signing goes to both. If you really want to encrypt the message = to=20 the author, the way around this is to send the message once to the person w= ho=20 requires encryption, then Message > Send Again, changing the To line for th= e=20 list address. > > for testing purposes, I have signed/acknowledged Anne Wilson, Boyan > > Tabakov & Ingo Klocker - out of intuition these people should be what > > they are, and not as recommended through some Accurate Verification > > Process - Hence, Anne & Ingo "turned Green" on my screen as well! > > Thanks for the trust, but that is not a good practice.=20 Agreed. However, there is one not-so-small problem here. Unless there has= =20 been a recent change, it is impossible to send encrypted messages to someon= e=20 who is not marked as trusted. I'm not sure whether this 'trust' marking is= =20 what Jean-Philippe meant when he said 'signed/acknowledged'. > > The killall question: what's the use for me to have a key, if I am not > > part of a "web of trust"? > > Not much use, if any at all.=20 One reason I started using it is that some spam/virus emails substitute=20 addresses from an addressbook instead of the real sender. I had complaints= =20 that I had sent a virus and had to explain how to look at headers and=20 identify the sender's IP and compare it with one known to be mine. This=20 doesn't go down well with most computer users. Signing it was one way of=20 giving them quick identification. I do, however, get some complaints that = I=20 send 'attachments' in messages, and the recipients system doesn't allow the= m=20 to view the attachment. I've just got used to explaining that=20 the 'attachment' is my signature, and if they wish to ignore it, they can. > Find someone, a friend, colegue, etc, who's=20 > using PGP and ask him/her to sign your key. Then everything starts workin= g: > the friend of my friend is my friend... > Not as easy as it should be. I tried to get a 'signing party' organised at= my=20 local LUG, but no-one was interested. It's worth reminding, too, that you= =20 are supposed to take some incontrovertible proof of identity, such as a=20 passport, when requesting signing. Just a few thoughts to add to what Boyan has already said :-) Anne --nextPart13760413.Aq06kQpU7m Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBFsJTjkFAvMr/nNX8RAov2AJ0RXqSeSsUom3Q6HSHPXRPvx4MXSgCeJv0G xfKZCMsWIZBD1GzOQskXMpc= =WXfD -----END PGP SIGNATURE----- --nextPart13760413.Aq06kQpU7m-- --===============1469283083== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ KDE PIM users mailing list kdepim-users@kde.org https://mail.kde.org/mailman/listinfo/kdepim-users --===============1469283083==--