[prev in list] [next in list] [prev in thread] [next in thread]
List: kdepim-users
Subject: Re: [kdepim-users] Boyan Tabakov turned Green ! (PGP KGpg topic)
From: Anne Wilson <cannewilson () tiscali ! co ! uk>
Date: 2007-01-19 9:52:35
Message-ID: 200701190952.35624.cannewilson () tiscali ! co ! uk
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Friday 19 January 2007 08:46, Boyan Tabakov wrote:
> Below is the original message from Jean-Philippe, as well as my answer. The
> message was encrypted for me, but seems as a post to everyone...
>
It's worth pointing out that if you post to the author and to the list, the
ecryption/signing goes to both. If you really want to encrypt the message to
the author, the way around this is to send the message once to the person who
requires encryption, then Message > Send Again, changing the To line for the
list address.
> > for testing purposes, I have signed/acknowledged Anne Wilson, Boyan
> > Tabakov & Ingo Klocker - out of intuition these people should be what
> > they are, and not as recommended through some Accurate Verification
> > Process - Hence, Anne & Ingo "turned Green" on my screen as well!
>
> Thanks for the trust, but that is not a good practice.
Agreed. However, there is one not-so-small problem here. Unless there has
been a recent change, it is impossible to send encrypted messages to someone
who is not marked as trusted. I'm not sure whether this 'trust' marking is
what Jean-Philippe meant when he said 'signed/acknowledged'.
> > The killall question: what's the use for me to have a key, if I am not
> > part of a "web of trust"?
>
> Not much use, if any at all.
One reason I started using it is that some spam/virus emails substitute
addresses from an addressbook instead of the real sender. I had complaints
that I had sent a virus and had to explain how to look at headers and
identify the sender's IP and compare it with one known to be mine. This
doesn't go down well with most computer users. Signing it was one way of
giving them quick identification. I do, however, get some complaints that I
send 'attachments' in messages, and the recipients system doesn't allow them
to view the attachment. I've just got used to explaining that
the 'attachment' is my signature, and if they wish to ignore it, they can.
> Find someone, a friend, colegue, etc, who's
> using PGP and ask him/her to sign your key. Then everything starts working:
> the friend of my friend is my friend...
>
Not as easy as it should be. I tried to get a 'signing party' organised at my
local LUG, but no-one was interested. It's worth reminding, too, that you
are supposed to take some incontrovertible proof of identity, such as a
passport, when requesting signing.
Just a few thoughts to add to what Boyan has already said :-)
Anne
[Attachment #5 (application/pgp-signature)]
_______________________________________________
KDE PIM users mailing list
kdepim-users@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic