Hello,
I have installed GNU Privacy Guard on my Slackware system. How do I sign with my key for all the email that I send using mutt?
Thank you in advance for any help.
Subba Rao subba9@cablespeed.com ------------------------------------------------------------------------------ Old American Wild West saying: God created men but Colt made them equal. Today: Linus created Linux and Linux made IT companies equal.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 17 Jun 2003 12:44 am, Subba Rao wrote:
GLUG Meeting on 13th July, 4pm at KReSIT, IIT Campusm, Powai.
Hello,
I have installed GNU Privacy Guard on my Slackware system. How do I sign with my key for all the email that I send using mutt?
http://www.tldp.org/HOWTO/Mutt-GnuPG-PGP-HOWTO-1.html
should get you started. Though my advice is towards using Kmail/Evolution. Security that is not easy or is cumbersome tends to be unreliable. If you have resonable control over your PC, risks normally associated with GUI misdoings are usually minimal.
BTW how come so few on this lug sign there mails? Ignorance?
- -- Amit Upadhyay Senior Undergraduate Student Department of Mechanical Engg. Indian Institute of Technology Bombay Mumbai-76, India Phone: (91) 9820325940
On Jun 17, 2003 at 03:54, Amit Upadhyay wrote:
BTW how come so few on this lug sign there mails? Ignorance?
I don't know. Why do so few spell properly? Why do so few write incoherent messages? Why do so few follow standards?
To answer your question, probably because:
a) We don't care b) This is a mailing list c) It makes no difference either way.
On Tue, 17 Jun 2003, Amit Upadhyay wrote:
BTW how come so few on this lug sign there mails? Ignorance?
One generally does not sign mails to a mailing list unless the actual contents of the mail require it. As has already been noted in the past, some MUAs have trouble reading signed mails, treating the content as an attachment. It also unnecessarily adds to the weight of the message.
Philip
On Tue, Jun 17, 2003 at 03:54:21AM +0530, Amit Upadhyay wrote:
http://www.tldp.org/HOWTO/Mutt-GnuPG-PGP-HOWTO-1.html
should get you started. Though my advice is towards using Kmail/Evolution.
You can't use them when you are in a hurry and are logging in remotely or have no access to GUI or non-X windows supporting environments.
Security that is not easy or is cumbersome tends to be unreliable. If you have resonable control over your PC, risks normally associated with GUI misdoings are usually minimal.
That's true for almost anything (gui or not) if you know what you are doing. The more control a s/w gives you, the more responsible you have to be. GUIs are normally restrictive in terms of what they offer for configuration. (Note: normally, not always)
BTW how come so few on this lug sign there mails? Ignorance?
No. Trust ;-) A lot of it ...
On Tue, Jun 17, 2003 at 03:54:21AM +0530, Amit Upadhyay wrote:
should get you started. Though my advice is towards using Kmail/Evolution. Security that is not easy or is cumbersome tends to be unreliable. If you have resonable control over your PC, risks normally associated with GUI misdoings are usually minimal.
I've been using mutt for a long time now ... it's described by many in many different ways, but cumbersome and "not-easy" do not figure in that list. In fact shifing from Evolution to mutt has provided big gains in terms of time-savings with large volumes of mail. And that includes using GPG.
BTW, for the original poster, take a look at the following site: http://www.mutt.org/doc/manual/
But if you use the following for building your muttrc, there's very little reason to ever consult the manual! http://mutt.netliberte.org/
BTW how come so few on this lug sign there mails? Ignorance?
Interesting ... anyway, why do so many make sweeping statements about software that they do or do not like? When comparing software, if you like something over some other, say what you like about it ... no need to immediately put down the other party. Live and let live, man!
Sameer.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 17 Jun 2003 11:12 am, Sameer D. Sahasrabuddhe wrote:
I've been using mutt for a long time now ... it's described by many in many different ways, but cumbersome and "not-easy" do not figure in that list. In fact shifing from Evolution to mutt has provided big gains in terms of time-savings with large volumes of mail. And that includes using GPG.
That was a mail by someone who I considered, does not have the level of experience with mutt like you and others do. Talking about your list, do you have any plans to modify it and add me into it, who does consider it slightly difficult to use as against evolution/kmail, so that you do not use that argument again. To be efficient in using any software you need to invest some time, besides I don't think you can hold your productivity argument under a more rigorous analysis.
BTW, for the original poster, take a look at the following site: http://www.mutt.org/doc/manual/
For someone who is currently switching to linux, I don't think it is a good practice. I have seen through at-least 3 people switch from windows to linux, and my strategy was to if possible, let them do nearly everything they have been doing on windows on day one. Once they get hooked up, they read, realize there is so much more available, and experiment.
Someone trying PGP may not be a newbie, but I took this as an opportunity to quell doubts regarding GUI mail clients when dealing with encryption. The concerns are genuine, they use an array of libraries/componenets and failure in any one of them may lead to compromise, but it seems both evolution and kmail have been spending significant amount of effort to see to these issues, and are quite safe today.
BTW how come so few on this lug sign there mails? Ignorance?
Interesting ... anyway, why do so many make sweeping statements about software that they do or do not like? When comparing software, if you like something over some other, say what you like about it ... no need to immediately put down the other party. Live and let live, man!
What are you talking about?
On Tuesday 17 Jun 2003 09:50 am, Ravindra Jaju wrote:
You can't use them when you are in a hurry and are logging in remotely or have no access to GUI or non-X windows supporting environments.
VNC with SSH is fast enough for me, but X is required.
Security that is not easy or is cumbersome tends to be unreliable. If you have resonable control over your PC, risks normally associated with GUI misdoings are usually minimal.
That's true for almost anything (gui or not) if you know what you are doing. The more control a s/w gives you, the more responsible you have to be. GUIs are normally restrictive in terms of what they offer for configuration. (Note: normally, not always)
I was talking about other GUI problems not related to control, for example accidental writing of mail in temp files by KHTML in case of X-crash was a problem in case of KMail till sometime back [don't know the exact details]. But still as suggestion for new users, decent GUI apps are preferable over powerful but arcane counterparts.
BTW how come so few on this lug sign there mails? Ignorance?
No. Trust ;-) A lot of it ...
I dint get you!! Please give some more hints.
BTW someone talked about MUA incompatibility issue, how relevant is that?
PS: This whole thing is about what is advisable to a new user, to make sure they do not switch back. If you are taking in anyother way, you may be missing the point.
- -- Amit Upadhyay Senior Undergraduate Student Department of Mechanical Engg. Indian Institute of Technology Bombay Mumbai-76, India Phone: (91) 9820325940
On Tue, Jun 17, 2003 at 05:35:30PM +0530, Amit Upadhyay wrote:
No. Trust ;-) A lot of it ...
I dint get you!! Please give some more hints.
It was meant to be partly humourous.
"I trust people so much that I don't care about signatures ..."
As others had mentioned, btw, it's not really necessary in mailing-lists. Especially when it's meant for mass consumption and some mail-clients don't know how to handle signed/encrypted messages.
It's ok to use pgp etc. in 1-to-1 and/or business mails.
Ravindra Jaju wrote:
"I trust people so much that I don't care about signatures ..."
*You* sign your email so that *others* can trust you. Your trusting everyone else is not a valid excuse for not signing your email :P
-Manish
On Tue, Jun 17, 2003 at 06:57:08PM +0530, Manish Jethani wrote:
Ravindra Jaju wrote:
"I trust people so much that I don't care about signatures ..."
"I trust people so much that I don't care about *their* signatures ..." is what I meant. I am just happy reading the mails without worrying about anything on an ML. :)
*You* sign your email so that *others* can trust you. Your trusting everyone else is not a valid excuse for not signing your email :P
To verify whether everything is in proper shape, you need to have the senders' public keys with you *before hand*. How would you do this for the first time? Or, in case of keys which are not signed by any trusted members in your key-ring?
Quite tedious, isn't it? Unless you take a lot of pains (best is to meet in person and take the other person's public key), there is always a possibility of a weak link somewhere. Even the phone line could be compromised (in case you plan to exchange that key over the phone), or the person on the other side might not be the one you are looking for. There has to be an element of trust *somewhere*!
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 17 Jun 2003 7:46 pm, Ravindra Jaju wrote:
*You* sign your email so that *others* can trust you. Your trusting everyone else is not a valid excuse for not signing your email :P
To verify whether everything is in proper shape, you need to have the senders' public keys with you *before hand*. How would you do this for the first time? Or, in case of keys which are not signed by any trusted members in your key-ring?
Quite tedious, isn't it? Unless you take a lot of pains (best is to meet in person and take the other person's public key), there is always a possibility of a weak link somewhere. Even the phone line could be compromised (in case you plan to exchange that key over the phone), or the person on the other side might not be the one you are looking for. There has to be an element of trust *somewhere*!
Umm. The beauty is, you don't need all that. Nobody knows me, they know my key; there is no me, just the key. You can create artificial identities but can't fake others [Thank you Phil].
Once you start talking to the key, you don't need to trust anything else.
B-)
I started signing stuff after someone as a joke superseded my article in a local news group. One ML moderator edited my comment, it is not cool either. Archives stay forever [unless someone deletes them :P ], with no idea who all has write access on them. I just like complete control.
- -- 0x7089C8D9 :-)
On Tue, 17 Jun 2003, Amit Upadhyay wrote:
[snip]
I got this from your signature:
------------ Output from gpg ------------ gpg: Signature made Tue 17 Jun 2003 20:41:40 IST using DSA key ID 7089C8D9 gpg: Can't check signature: public key not found
How can I trust that it is really you who sent the mail? Whether I should care is a totally different issue.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wednesday 18 Jun 2003 9:27 am, Philip S Tellis wrote:
------------ Output from gpg ------------ gpg: Signature made Tue 17 Jun 2003 20:41:40 IST using DSA key ID 7089C8D9 gpg: Can't check signature: public key not found
How can I trust that it is really you who sent the mail? Whether I should care is a totally different issue.
Almost missed it! Well, what it's saying is that you don't have my public key yet. For convenience I have attached it, you can get it from http://www.rootshell.be/~upadhyay too, and call me up to confirm the fingerprints. But as jaju maintains, beyond a level you have to "trust" something.
- -- Amit Upadhyay Senior Undergraduate Student Department of Mechanical Engg. Indian Institute of Technology Bombay Mumbai-76, India Phone: (91) 9820325940
On Tue, Jun 17, 2003 at 05:35:30PM +0530, Amit Upadhyay wrote:
That was a mail by someone who I considered, does not have the level of experience with mutt like you and others do.
You just assume that? I don't see a single line in the poster's original query which indicates that. In fact, if one were forced to draw conclusions (albeit foolishly), one could conclude that (s)he is not newbie considering she is using slackware - a distribution considered by quite a few people to be advanced.
For someone who is currently switching to linux, I don't think it is a good practice. I have seen through at-least 3 people switch from windows to linux, and my strategy was to if possible, let them do nearly everything they have been doing on windows on day one. Once they get hooked up, they read, realize there is so much more available, and experiment.
IMO, valid conclusions based on hypothesis which does not apply here.
BTW how come so few on this lug sign there mails? Ignorance?
Interesting ... anyway, why do so many make sweeping statements about software that they do or do not like? When comparing software, if you like something over some other, say what you like about it ... no need to immediately put down the other party. Live and let live, man!
What are you talking about?
He's talking about the Guns N'Roses song, of course. :->
PS: This whole thing is about what is advisable to a new user, to make sure they do not switch back. If you are taking in anyother way, you may be missing the point.
At the risk of sounding redundant, people will talk another way because not everyone (certainly not me) can judge the level of experience the user has with mutt.
Amit Upadhyay Senior Undergraduate Student Department of Mechanical Engg. Indian Institute of Technology Bombay Mumbai-76, India Phone: (91) 9820325940
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tuesday 17 Jun 2003 10:26 pm, Bhargav Bhatt wrote:
GLUG Meeting on 13th July, 4pm at KReSIT, IIT Campusm, Powai.
On Tue, Jun 17, 2003 at 05:35:30PM +0530, Amit Upadhyay wrote:
That was a mail by someone who I considered, does not have the level of experience with mutt like you and others do.
You just assume that? I don't see a single line in the poster's original
Yeah I did. You have problems with that? What are you going to do about it, tell your mama, or just cry in the rain?
Get a life dude!
- -- Amit Upadhyay Senior Undergraduate Student Department of Mechanical Engg. Indian Institute of Technology Bombay Mumbai-76, India Phone: (91) 9820325940
-
Amit Upadhyay -
Bhargav Bhatt -
Manish Jethani -
Philip S Tellis -
q u a s i -
Ravindra Jaju -
Sameer D. Sahasrabuddhe -
Satya -
Subba Rao