Try google groups - http://groups.google.com
------Original Message------ From: Surya Sharma Sender: linuxers-bounces@mm.ilug-bom.org.in To: Linuxers ILUG BOM ReplyTo: GNU/Linux Users Group, Mumbai, India Subject: [ILUG-BOM] Mailing lists Sent: Sep 20, 2010 8:10 PM
I'd like to setup a mailing list for my college discussion. For now, it needs to be a private / closed mailing list. Does anyone know where I could set one up or if any site offers free this for free? Maximum number of members is 15 - 20.
There's freelists, but it publicly lists the conversations
Surya
On Mon, Sep 20, 2010 at 10:44 AM, Prakash N. Shetty prithvis@gmail.com wrote:
Try google groups - http://groups.google.com
Aren't google groups posts searchable?
Mohan S N
------Original Message------ From: Surya Sharma Sender: linuxers-bounces@mm.ilug-bom.org.in To: Linuxers ILUG BOM ReplyTo: GNU/Linux Users Group, Mumbai, India Subject: [ILUG-BOM] Mailing lists Sent: Sep 20, 2010 8:10 PM
I'd like to setup a mailing list for my college discussion. For now, it needs to be a private / closed mailing list. Does anyone know where I could set one up or if any site offers free this for free? Maximum number of members is 15 - 20.
There's freelists, but it publicly lists the conversations
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/20/2010 08:33 PM, Mohan Nayaka wrote:
On Mon, Sep 20, 2010 at 10:44 AM, Prakash N. Shetty prithvis@gmail.com wrote:
Try google groups - http://groups.google.com
Aren't google groups posts searchable?
not always , depends on which type of settings you choose.
- -- With Regards, Gaurav Paliwal http://gauravpaliwal.com/blog
On Monday 20 September 2010 08:34 PM, Gaurav Paliwal wrote:
-- With Regards, Gaurav Paliwal http://gauravpaliwal.com/blog -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJMl3gSAAoJECoIdN941HMN12oIAMH5Ap9APFoHJFcjc/O4gzHY 3QSybvT2LfaJcKlmC88wwkf5flwGRuaO+fnZbneF2bTiR4mkMiWDL5TWdZO+XNsq 3Kkbv2Q8V9T5dQpbBbMzFIQYovElavJNgzfu7ZdRdXBkAjdeeWJdFWigjQ85M8Aw 9z6fwpq/XwiANZRAUIPNgTME4L5gWc7crGI3c/21XftrzfC4MTbHknLsQd1H2+JC BjVpg3rL1FbWIohQz1hIcA4FMRbL8ZjVLKEFrzfm08qKXURl1pBJtoXzJzr41xDB I5hhoL40HZ/dwSZNuY8eDtm9cSCY28ktQ14EM1bZYYB0l4i0muXIv+WixVZUluU= =Hol7 -----END PGP SIGNATURE-----
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
On Monday 20 September 2010 10:04:02 pm Rony wrote:
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
that signature is created using the senders private key and the msg so it will be diffrent for diffrent msgs.
? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature.
the reciver has the senders public key (from some key server or so). to the recivier the msg and the sig will not match and hence infer that the sender is being impersonated or the msg was tampered with in transit.
have a look at this http://en.wikipedia.org/wiki/Pretty_Good_Privacy
On Monday 20 Sep 2010, Rony wrote:
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
Signing a message establishes 3 things:
1. That the contents of the message have not been tampered with in any way. Alternatively, if the signature doesn't verify, it establishes that the contents HAVE been tampered with.
2. Non-repudiability. In theory, a properly-signed message establishes that the message was created by the person to whom the key belongs. The person cannot later deny authorship of the message.
3. Ownership and time stamp. Related to (2), a properly-signed message establishes the person as the originator of the message. You may want to do this if you are, for example, proposing an original and useful idea in a message -- once it's signed, no one will be able to later claim they published the idea before you.
BTW, GPG/PGP-signing a message also automatically timestamps it.
Regards,
-- Raj
On Mon, Sep 20, 2010 at 10:04:02PM +0530, Rony wrote:
On Monday 20 September 2010 08:34 PM, Gaurav Paliwal wrote:
-- With Regards, Gaurav Paliwal http://gauravpaliwal.com/blog -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJMl3gSAAoJECoIdN941HMN12oIAMH5Ap9APFoHJFcjc/O4gzHY 3QSybvT2LfaJcKlmC88wwkf5flwGRuaO+fnZbneF2bTiR4mkMiWDL5TWdZO+XNsq 3Kkbv2Q8V9T5dQpbBbMzFIQYovElavJNgzfu7ZdRdXBkAjdeeWJdFWigjQ85M8Aw 9z6fwpq/XwiANZRAUIPNgTME4L5gWc7crGI3c/21XftrzfC4MTbHknLsQd1H2+JC BjVpg3rL1FbWIohQz1hIcA4FMRbL8ZjVLKEFrzfm08qKXURl1pBJtoXzJzr41xDB I5hhoL40HZ/dwSZNuY8eDtm9cSCY28ktQ14EM1bZYYB0l4i0muXIv+WixVZUluU= =Hol7 -----END PGP SIGNATURE-----
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJMl3gSAAoJECoIdN941HMN12oIAMH5Ap9APFoHJFcjc/O4gzHY 3QSybvT2LfaJcKlmC88wwkf5flwGRuaO+fnZbneF2bTiR4mkMiWDL5TWdZO+XNsq 3Kkbv2Q8V9T5dQpbBbMzFIQYovElavJNgzfu7ZdRdXBkAjdeeWJdFWigjQ85M8Aw 9z6fwpq/XwiANZRAUIPNgTME4L5gWc7crGI3c/21XftrzfC4MTbHknLsQd1H2+JC BjVpg3rL1FbWIohQz1hIcA4FMRbL8ZjVLKEFrzfm08qKXURl1pBJtoXzJzr41xDB I5hhoL40HZ/dwSZNuY8eDtm9cSCY28ktQ14EM1bZYYB0l4i0muXIv+WixVZUluU= =Hol7 -----END PGP SIGNATURE-----
Kindly start a seperate thread for this as it is not relevant to the topic under discussion.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
No you can't , even if you try, it will show to the receiver that it is a bad signature ( the message is being tempered ).
- -- With Regards, Gaurav Paliwal http://gauravpaliwal.com/blog
On Tuesday 21 Sep 2010, Gaurav Paliwal wrote:
I am just curious to know the advantage of using the PGP signature. Does it authenticate you better or result in no bouncing or rejection of mails by spam guards? Suppose I copy and paste the text in a fake email like the one below, I will appear to have the same authentic signature. So what is the safety or advantage?
No you can't , even if you try, it will show to the receiver that it is a bad signature ( the message is being tempered ).
Actually you can copy the whole mail, along with signature, and send it to someone else. However, the signature will then be of the original sender, while the message will appear to come from you, so the recipient would know that some skulduggery is afoot.
Incidentally, Gaurav, signing messages with a key that is not available on the keyservers is useless.
Regards,
-- Raj
On Tuesday 21 September 2010 11:20 AM, Raj Mathur (राज माथुर) wrote:
No you can't , even if you try, it will show to the receiver that it is a bad signature ( the message is being tempered ).
Actually you can copy the whole mail, along with signature, and send it to someone else. However, the signature will then be of the original sender, while the message will appear to come from you, so the recipient would know that some skulduggery is afoot.
Incidentally, Gaurav, signing messages with a key that is not available on the keyservers is useless.
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it? As recipients who use this feature?
On Tue, Sep 21, 2010 at 9:56 PM, Rony gnulinuxist@gmail.com wrote:
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it? As recipients who use this feature?
1. If you alter GPG signature, as already said, it will be shown as 'bad signature'. 2. You need to use clients like Evolution, mutt, Thunderbird (Enigmail) and so on.. 3. What is point of complaining again?
Thanks.
On Tue, Sep 21, 2010 at 12:31 PM, Kartik Mistry kartik.mistry@gmail.com wrote:
On Tue, Sep 21, 2010 at 9:56 PM, Rony gnulinuxist@gmail.com wrote:
...
As recipients who use this feature?
- If you alter GPG signature, as already said, it will be shown as
'bad signature'. 2. You need to use clients like Evolution, mutt, Thunderbird (Enigmail) and so on..
So that is the catch... In gmail, it just resembles a block of gibberish accompanying the email.
Thanks, Mohan S N -- Faithless is he that says farewell when the road darkens. -- J. R. R. Tolkien
On Tue, Sep 21, 2010 at 10:08 PM, Mohan Nayaka mohansn@gmail.com wrote:
So that is the catch... In gmail, it just resembles a block of gibberish accompanying the email.
firegpg was good. However, it doesn't work with Gmail anymore.
On Tue, Sep 21, 2010 at 10:19:16PM +0530, Kartik Mistry wrote:
On Tue, Sep 21, 2010 at 10:08 PM, Mohan Nayaka mohansn@gmail.com wrote:
So that is the catch... In gmail, it just resembles a block of gibberish accompanying the email.
firegpg was good. However, it doesn't work with Gmail anymore.
I miss it too :-(
On Tuesday 21 September 2010 10:08 PM, Mohan Nayaka wrote:
On Tue, Sep 21, 2010 at 12:31 PM, Kartik Mistrykartik.mistry@gmail.com wrote:
On Tue, Sep 21, 2010 at 9:56 PM, Ronygnulinuxist@gmail.com wrote:
...
As recipients who use this feature?
- If you alter GPG signature, as already said, it will be shown as
'bad signature'. 2. You need to use clients like Evolution, mutt, Thunderbird (Enigmail) and so on..
So that is the catch... In gmail, it just resembles a block of gibberish accompanying the email.
Bang on spot ! :-)
On Tuesday 21 Sep 2010, Mohan Nayaka wrote:
So that is the catch... In gmail, it just resembles a block of gibberish accompanying the email.
You can always download from gmail into a Real E-mail Client.
Regards,
-- Raj
On Tuesday 21 September 2010 10:01 PM, Kartik Mistry wrote:
On Tue, Sep 21, 2010 at 9:56 PM, Ronygnulinuxist@gmail.com wrote:
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it? As recipients who use this feature?
- If you alter GPG signature, as already said, it will be shown as
'bad signature'. 2. You need to use clients like Evolution, mutt, Thunderbird (Enigmail) and so on.. 3. What is point of complaining again?
I am not complaining, Just trying to understand its necessity. I use thunderbird but can't make out any difference.
On Tue, Sep 21, 2010 at 10:49 PM, Rony gnulinuxist@gmail.com wrote:
- You need to use clients like Evolution, mutt, Thunderbird
(Enigmail) and so on..
I am not complaining, Just trying to understand its necessity. I use thunderbird but can't make out any difference.
See. I wrote Thunderbird (Enigmail).
You need to install 'Enigmail' add-on..
On Tuesday 21 Sep 2010, Rony wrote:
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it? As recipients who use this feature?
As a recipient, I pay attention to security advisories that are signed by the PGP keys of the package maintainers.
As a recipient, I try to avoid stealing ideas that I first saw in a PGP- encrypted mail.
As a recipient, I know that I can send PGP-encrypted mail to senders of signed messages.
As a recipient, if my boss mails me to rm -rf / on the corporate servers, I ignore it unless it is PGP-signed.
Of course, as others have also pointed out, as a recipient I use a client that can automatically detect and validate PGP signatures, and warn me in case of problems.
Regards,
-- Raj
2010/9/21 Rony gnulinuxist@gmail.com:
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it?
The point is, you can choose to verify the GPG signature if you need to, by opening it in a GPG aware email client.
On Wednesday 22 September 2010 12:20 PM, Anurag wrote:
2010/9/21 Ronygnulinuxist@gmail.com:
The whole process looks like the md5 sum generated from a Cd/DVD ISO. The md5 can be cross checked manually using md5sum. In case of emails, the regular email client of the recipient does not make any difference between a real or fake PGP signature, so what is the point in adding it?
The point is, you can choose to verify the GPG signature if you need to, by opening it in a GPG aware email client.
Now it is clear. Thanks everyone for your inputs.
-
Anurag -
Gaurav Paliwal -
Kartik Mistry -
Mohan Nayaka -
Nitesh Mistry -
Prakash N. Shetty -
Raj Mathur (राज माथुर) -
Rony -
Yohan Pereira