Interesting reading:
| A (not so) Short Rant / FAQ on the Subject of Signed E-Mail and Public Key
| Infrastructure
|
| By
| Karsten M. Self <
[email protected]>
|
| You're probably reading this because you either stumbled across it at
| my website, or I sent it to you in response to an email you sent me
| saying you can't read my mail. The reason is that I'm using an open
| Internet standard, RFC 2015 encoding, to sign, or authenticate, my
| mail. This standard has existed since 1996, and can be freely
| implemented by any email software author. It provides means to both
| authenticate, and encrypt, email. You have a legal right to do this
| in many parts of the free world.
|
| By sending mail encoded per RFC 2015, I and others are creating
| compelling content under this standard. At some point it's sufficient
| that others will want to access it. By doing so, they are also
| (usually) availing themselves of practical crypto, including
| generating keys, getting these signed, and the other appurtenances of
| a viable public key infrastructure.
|
| Merely having a legal right to encryption doesn't mean you have the
| technical right. Merely having the technical capability doesn't mean
| you have (or know how to use) your keys. Merely having a key doesn't
| mean that it is signed, in use, well known, or part of a web of
| trust. If you find yourself with a need to produce authenticated or
| encrypted content, you're going to have to find, install, learn to
| use, and build the infrastructures necessary, for same. There's a
| saying among the Boy Scouts here, "be prepared".
|
| Hence the intentional role I and others play as goads to the online
| world.
|
| As to the immediate problem, the short answer is that:
| * Your mailer is broken.
| * This is your problem, not mine.
| * File a bug report with your vendor.
| * I'm going to continue signing my mail, and if you don't change
| your end of things, you're going to continue having problems
| reading it.
| In some cases (you're cute, my mom, or you're offering sufficient
| reasons per hour), I'll make exceptions, but this is on a
| case-by-case basis, and I'm intentionally leaving it as a PITA
| manual process so that each of us is reminded it's a bad idea:
| me, when I do it, you, when I forget and you're stuck with
| unreadable mail from me. GET A REAL MAILER.
| * No, this isn't a virus, a bomb, a bug, a worm, or any other
| executable code. And if it is, that's your problem, not mine.
| * If your IT or MIS department is brain-dead enough to actually
| strip off these attachments before you get your mail, I'm going
| to laugh at you in public. Sorry, this ain't the sympathy
| department. There's a nice rant below about why this is such a
| pathetic action though. You might enjoy reading it.
|
| The long answer is the rest of this document.
[..]
--
http://kmself.home.netcom.com/Rants/gpg-signed-mail.html
I tried several times to PGP sign all my emails in the past, using
Mutt and RFC 2015, but stopped because some mailers do not like that
at all, e.g. Outlook IIRC which is fairly widespread.
I basically go back and forth on the idea of doing it again and to
just ignore people who use non-standards compliant tools, but I guess
that I am not brave enough yet. This article almost convinced me to do
it again, but I know that at some point, somebody who I will have to
send email to (and make sure that the email is received and read) is
going to tell me that something is wrong with my emails...
It's not tomorrow that everyone will sign their emails.
--
Hugo Haas -
http://larve.net/people/hugo/