On Tue, Jan 25, 2011 at 04:04:17PM +0530, Binand Sethumadhavan wrote:
2011/1/25 Arun Khan knura9@gmail.com:
Also please avoid 17 lines of PGP public key in each and every message. IMO it is as bad as legal disclaimers; instead post it on a public key server and give a link to it.
Just nitpicking; Nitesh Mistry's email contains a PGP signature - not the public key. To verify the signature, one needs the public key -
Absolutely right!
there are no instructions in the email on how to get it (I doubt if it is published in any keyserver either). So yes, you are right - the signature is completely useless.
Wrong. In all my emails, I mention my PGP key id below my name. So anyone can download it from a public keyserver and verify it. Anyone who knows about PGP would know how to do that. I don't give those instructions on how to do it, because there are zillions of websites that provide such instructions (hint: there is link on the contact page of my website - a narcissist, you might call me :P). Also because, writing those instructions in every email again would tick off some people on this list (and rightly so). Any MUA which supports PGP encryption/authentication would parse the signature instead of showing those lines in the email. If set up properly, it can also be made to automatically download the key with which message was signed without user intervention and only show relevant information like the owner of the key and the time of making the signature, etc.
Do not discard public key authentication/encryption as useless. They might be the last available avenues to protect privacy. IMHO, signing messages is a healthy practice.
PS: Yo! this list is back to normalcy. :D