Mailing List Archive

On Mon, 30 Jan 2012 18:40:08 -0500
Robert J. Hansen articulated:

> This comes fairly close to my own practices, with one significant
> exception: since it's almost impossible for me to know whether all the
> MUAs used on a mailing list support PGP/MIME, I feel it's better for
> mailing list traffic to be inline.

I take the opposite approach. Due to the way "inline" messes up the
format of a message, and obviously renders the "sig-delimiter" useless,
I prefer to use "PGP/MIME". Plus, so many morons, I could use
"intellectually challenged" if you prefer, fail to trim a replied to
messaged; ie, they leave all of the superfluous "inline" garbage plus
other parts of the replied to message intact rather than strip it out,
just adds to the annoyance factor.

Supporting the "inline" method is like supporting a grown child. If you
keep supporting him/her, they will never leave home. Stop supporting
them and they will leave. The same is true for "inline" PGP. If support
for it were to cease, it would also.

> Of course, I really feel it's better for mailing list traffic to not
> be signed at all, since usually all it gives us is a false sense of
> security. A signature from an unvalidated key belonging to an unknown
> person whom we don't know from Adam doesn't mean much, if anything at
> all.

I totally agree. I have never seen or heard any logical excuse for the
signing of list traffic. What am I going to do, attempt to use the
identity of another poster? What purpose would that serve anyway? As
you so eloquently pointed out, "A signature from an unvalidated
key belonging to an unknown person whom we don't know from Adam doesn't
mean much, if anything at all."

By the way, "unvalidated" is probably not a word; at least accord to
Merriam Webster <http://www.merriam-webster.com/dictionary/unvalidated>.

--
Jerry â™”

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
Never forget: 2 + 2 = 5 for extremely large values of 2.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Supporting the "inline" method is like supporting a grown child. If you
> keep supporting him/her, they will never leave home. Stop supporting
> them and they will leave. The same is true for "inline" PGP. If support
> for it were to cease, it would also.

That was the idea behind the question I posed about Enigmail inline default setting. I understand the replies but it's similar to iOS-devices and flash support. Only since adobe got some pressure from the market, flash is under development and has become a little more effective (and also superfluous, since HTML5 is working just fine).

Sometimes if the right parties decide to no longer support an old standard the software that does not support the new (better) standard will die or get improved but I'm not sure I wanna wait for Microsoft to properly program their mail-client. They obviously have enough money to through at that problem but decide not to.


>> Of course, I really feel it's better for mailing list traffic to not
>> be signed at all, since usually all it gives us is a false sense of
>> security. A signature from an unvalidated key belonging to an unknown
>> person whom we don't know from Adam doesn't mean much, if anything at
>> all.

You at least know that the person with that key is the author. That is some information. Should I still stop signing list mails? So far, I used to do that, because I though people then could check and if my key is signed by someone they know it's a lot of important information, right?

all the best, steve

On 31/01/12 16:23, Steve wrote:

> You at least know that the person with that key is the author. That is some information. Should I still stop signing list mails? So far, I used to do that, because I though people then could check and if my key is signed by someone they know it's a lot of important information, right?

Unless there is an official policy against signing list mail I'd suggest
you continue doing whatever you want. I myself intend to.

IMO, if there's one place you should be able to sign email, it's the
GnuPG users mailing list. It's called dogfooding.

--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4

On Tue, Jan 31, 2012 at 05:23:59PM +0100, Steve wrote in
<946FFFC5-A191-4073-9D69-FC7FDC6950B7@gpgtools.org>:
>>> Of course, I really feel it's better for mailing list traffic to not
>>> be signed at all, since usually all it gives us is a false sense of
>>> security. A signature from an unvalidated key belonging to an unknown
>>> person whom we don't know from Adam doesn't mean much, if anything at
>>> all.
>
>You at least know that the person with that key is the author. That is
>some information. Should I still stop signing list mails? So far, I used
>to do that, because I though people then could check and if my key is
>signed by someone they know it's a lot of important information, right?

I appreciate signed mails on this list (and any other lists). Most
problems these days on the internet are, in my opinion, related to people
being completely anonymous. If you stand behind your words, show so by
signing your posts.

Cheers,

Remco

On 01/31/2012 11:23 AM, Steve wrote:
> Sometimes if the right parties decide to no longer support an old
> standard the software that does not support the new (better)
> standard will die or get improved...

This works if and only if the "right parties" are a large enough market
to push implementations around like that. Enigmail isn't. Assume we
have 50,000 installations. (This sounds like a lot, but it's a pale
shadow compared to GnuPG installations.) Of those, maybe 5,000 are
serious users and the rest are casual ones, people who saw it on Mozdev
and got intrigued and installed it and never really did anything with
it. Those 5,000 users don't represent a single bloc, though: they're
spread out through a whole lot of different communities, where they
represent extremely small minorities within those communities.

As a for-instance, on my old high school class's mailing list I'm pretty
sure I'm the only person who's even heard of Enigmail. If I were to
tell the list maintainers, "you need to upgrade your version of Mailman,
it's breaking my PGP/MIME signatures," the response I'd get would
probably be, "what's PGP/MIME, and why is it important, and why do all
your messages have those weird attachment things on them, anyway?"

> You at least know that the person with that key is the author. That
> is some information.

No, you don't.

A few years ago on PGP-Basics one user threw a screaming fit over how
many users were not signing our posts to the list. He insisted that
signatures were meaningful, that they proved the person with that
certificate is the author, and so on.

John Clizbe, John Moore and I conducted a little experiment. We created
a single certificate. All three of us used the exact same certificate
to sign our posts to PGP-Basics. The person who was most up in arms
about our lack of signing was placated, and thanked us for seeing the light.

It was another few months before anyone realized we were all using the
same certificate.

Honestly, up until that point I thought that maybe there was some
utility to mailing list signatures. Maybe. That experiment changed my
mind: I now see no utility to them for the vast majority of uses.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Jerry wrote:

> I totally agree. I have never seen or heard any logical excuse for the
> signing of list traffic.

I almost never sign anything unless I suspect the destination can at
least ignore the signature. The people with whom I send e-mail (a
diminishing population because most have moved to texting on cell
phones, or twitter or Facebook) have no interest in security, though
they sometimes act in a paranoid fashion about eavesdropping. But they
refuse to do anything about it. They cannot deal with MIME signatures
(at least those still using AOL), and cannot ignore them either.
They hate the inline signatures too. When I do sign, it is just to draw
attention to the fact I have a public key and can accept signed and
encrypted e-mail. And so far, other than complaints about extraneous
text in my emails, that is about it. I really get no use from it.

So signing to this list, and an occasional test that my stuff is still
working is the only use I get from gnupg and enigmail. The stuff I would
really prefer to send encrypted I cannot send that way because those to
whom I would send it could not read it (they have no software and no
public keys). And if they could, they would probably save it in clear
text somewhere, forward it, or whatnot.

I think PGP and gnupg are really great ideas, whose time has not yet
come. And by the time people realize its usefulness, the snooping
community will have made it impossible to use it anymore. People sending
encrypted e-mail will be disappeared. The time for that has not yet
come. I hope it is postponed until after I can no longer use a computer.

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 13:45:01 up 20 days, 21:11, 3 users, load average: 4.78, 4.89, 4.99

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Remco Rijnders wrote:

> I appreciate signed mails on this list (and any other lists). Most
> problems these days on the internet are, in my opinion, related to
> people being completely anonymous. If you stand behind your words,
> show so by signing your posts.
>
OK. I stand behind this post. But other than amusing myself, does it
really make any difference?


- --
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 14:05:01 up 20 days, 21:31, 3 users, load average: 4.52, 4.76, 4.84
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/

iD8DBQFPKDwqPtu2XpovyZoRAlfyAJ4k3TxXHBy8hSHorl6xowjoUl9vrwCbBuUr
ZU51SVdnmQg12VS77wVOpcc=
=7Cba
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Am Dienstag, 31. Januar 2012, 19:46:05 schrieb Robert J. Hansen:

> Enigmail isn't. Assume we
> have 50,000 installations. (This sounds like a lot, but it's a pale
> shadow compared to GnuPG installations.)

Do you mean "hidden" installations (used unnoticedly by a distribution's
update tool in the background) or actively planned instattations ("I need
GnuPG.")?

It is hard for me to believe that a serious user of GnuPG does not use it for
email. I use it at work for administration purposes (so without email) but for
most people I know it's the other way round: They use it for email only.

I admit that I do not use Thunderbird but is it's share among GnuPG users so
much smaller that among all users altogether?


> I now see no utility to them for the vast majority of uses.

But you admit that this depends on the current situation (described by: hardly
anyone uses it)?

I hope that the law will pledge big companies in the near future to sign their
emails and offer encryption at no additional cost. Then most normal users will
encounter cryptography regularly and thus the number of people who use it
should increase a lot.


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814

> From: "Robert J. Hansen" <rjh@sixdemonbag.org>
> To: gnupg-users@gnupg.org
> Cc:
> Date: Tue, 31 Jan 2012 13:46:05 -0500
> Subject: Re: PGP/MIME use (was Re: META)
> I now see no utility to them for the vast majority of uses.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

One, albeit rather unimportant, use is to help people with whom
you would like to regularly communicate access and check your
key a bit more easily, especially for people with multiple keys.
Given the fingerprint (often in the e-mail signature), the GPG
key can be downloaded and immediately tested against the GPG
signature. Granted, very little utility, but still greater than
zero 8-).

- --Avi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (MingW32) - GPGshell v3.78
Comment: Most recent key: Click show in box @ http://is.gd/4xJrs

iL4EAREKAGYFAk8oSc1fGGh0dHA6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbS9wa3Mv
bG9va3VwP29wPWdldCZoYXNoPW9uJmZpbmdlcnByaW50PW9uJnNlYXJjaD0weDBE
NjJCMDE5RjgwRTI5RjkACgkQDWKwGfgOKfm6YAD/XdrMCwcMNPXAML/ybu6fN8im
yMvIfJ4uPW2ekdzC14wA/RVAh0f1Mwpz2okn9uY2sv9E0Be5+ULY5GKLxcRtb0qQ
=DRzx
-----END PGP SIGNATURE-----

----
User:Avraham

pub 3072D/F80E29F9 1/30/2009 Avi (Wikimedia-related key) <avi.wiki@gmail.com>
   Primary key fingerprint: 167C 063F 7981 A1F6 71EC  ABAA 0D62 B019 F80E 29F9

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, 31 Jan 2012, remco@webconquest.com wrote:

> Most problems these days on the internet are,
> in my opinion, related to people being completely
> anonymous. If you stand behind your words, show
> so by signing your posts.

If the idea is more important than who said it, signing
(in both the non-technical literary sense and the crypto
sense) is extra. After all, not everything is a contest.
Alternatively, if a comment is likely to be seen as a
contest (whether by some person or some Big Brother),
again signing is extra. And in any case there is always
the virtue of modesty.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Tuesday 31 January 2012 at 6:02:27 PM, in
<mid:4F282CB3.3040106@lists.grepular.com>, gnupg@lists.grepular.com
wrote:


> IMO, if there's one place you should be able to sign
> email, it's the GnuPG users mailing list. It's called
> dogfooding.

OK, but should we *clearsign* our messages to the list?


- --
Best regards

MFPA mailto:expires2012@rocketmail.com

After all is said and done, a lot more will be said than done.
-----BEGIN PGP SIGNATURE-----

iQCVAwUBTyhtUKipC46tDG5pAQrVygP8DzWjMR6H/Qo+FKhUaONQjz8GKiWs5dX4
jBccVhN+1UbVhADvIYcq4Ws1wM0ZmrBFHxxGBvkWvqprV7piwYdv4QCTD3cihqM8
SA0ScsbzFizBoMGf4WRttoUDzsfDlaobkJQuTTFVW3L3gXfxtL2PSB7uv01IGKzI
qBZE5Xw+duI=
=CHkV
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> One, albeit rather unimportant, use is to help people with whom you
> would like to regularly communicate access and check your key a bit
> more easily, especially for people with multiple keys.

Putting a kludge in email headers or a "OpenPGP Key ID: 0xD6B98E10" in
the sigblock seems to be a more efficient method of achieving this end.
Given this is an awful heavyweight way to achieve an end that's just as
correctly achieved via lightweight means, I don't see this as a reason
to sign messages. To add a sigblock, sure. :)

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Warning: do not take *any* of the numbers here seriously. They may be
completely divorced from reality. These numbers are like Monopoly money
-- completely fake, but still useful to illuminate important lessons
about the real thing.

This email is also quite long, and I apologize for that. I haven't the
time to make it shorter.

On 1/31/2012 2:25 PM, Hauke Laging wrote:
> Do you mean "hidden" installations (used unnoticedly by a
> distribution's update tool in the background) or actively planned
> instattations ("I need GnuPG.")?

Either/or. Enigmail's users are a small fraction of GnuPG's no matter
how you slice it.

> It is hard for me to believe that a serious user of GnuPG does not
> use it for email.

This sounds like a No True Scotsman fallacy. If someone uses GnuPG but
not for email, does that disqualify them from being a serious user? Is
your definition of 'serious user' structured in a way as to implicitly
select for email users?

> I admit that I do not use Thunderbird but is it's share among GnuPG
> users so much smaller that among all users altogether?

Welcome to the world of Fermi problems, where your answers are as
accurate as your prejudices. How many piano tuners are in Chicago?
Well, there are about five million people in Chicago, an average
household is somewhere between two and four people, maybe one in twenty
has a piano that gets tuned once a year, one piano tuner can do maybe
four in a day and doesn't like to work more than five days a week... uh,
well, there are maybe between 125 and 250 piano tuners. More or less.
Sorta. If our prejudices are accurate then our result will be.

You can estimate GnuPG and Enigmail users in the same way. On average,
each and every Linux installation has GnuPG installed. How many Linux
users are there worldwide? Well, in the United States there are about
300,000,000 people, and probably 200,000,000 use computers on a regular
basis. (Note that I'm not asking how many *computers* are in the United
States, but how many *users*.) Linux might account for half a percent
of mindshare, so ... my prejudice is that there are about a million
GnuPG users in the United States. They might not even know it, but
they're part of the userbase.

Enigmail's 50,000 users is just a slender few percent of GnuPG's user
base. (And believe it or not, this is an apples-to-apples comparison:
all Enigmail users compared to all GnuPG users.)

The knowing-users comparison is different. Essentially all of
Enigmail's users are knowing users. You have to first download
Thunderbird, then download Enigmail. (GnuPG is already on your system.)
You've taken two deliberate steps to put Enigmail on your system: the
odds are very good that you know Enigmail is there and you want the
capability it provides. So of our 50,000 users, probably close to all
of them know they're our users. GnuPG is a little different: of a
million Linux users in the United States, how many of them actually
think about how many times GnuPG is being used behind the scenes to
validate their software downloads and sign packages and whatnot?
Somewhere between one in ten and one and three? So against our 50,000
'knowing' users, GnuPG would still crush us with between 100,000 and
350,000 'knowing' users.

>> I now see no utility to them for the vast majority of uses.
>
> But you admit that this depends on the current situation (described
> by: hardly anyone uses it)?

Of course not.

Even if *everyone* used email crypto, signatures would still be largely,
and maybe entirely, useless.

I don't know where this myth began that messages are somehow trustworthy
because they sport signatures. That's not how the world works.

(Well, I suppose it *can* work, the same way you can choose to blindly
trust anyone who speaks Occitan with a lisp and has a strange
fascination with argyle. However, just as you might think someone who
would trust completely based on such criteria to be foolish, I think
people who believe signatures create trust are just as foolish.)

Signatures extend trust's reach: they can't create it. My friend Raven
used to live just up the highway from me. We regularly got together for
tea. When we were sitting face to face, I trusted the integrity of what
she was saying. Now that she's far away, if/when we need to guarantee
the integrity of our message we use GnuPG to do so. The trust we had in
a face-to-face communication has had its reach extended to cross
thousands of miles. But if she and I hadn't met before, if we didn't
have a shared experience upon which to build trust, then signatures
would be meaningless. The reach of trust has been extended, sure, but
that doesn't help much when there isn't trust.

Let's have another example here. I woke up at about eight in the
morning on 9/11. I was living in California and I was moving that day.
All my belongings had already moved out: I had no television, no radio,
nothing, just myself, a sleeping bag and a laptop. I woke up that
morning, made myself a cup of coffee, studied the maps for the day's
drive out East, and before I walked out to my car I figured I'd check my
email one last time. I had one email from a friend of mine in the UK.
It read exactly:

Your country's at war. All of us are backing you.

The message was not signed. I tried to hit CNN.com, but the site
wouldn't load. Slashdot.org, same. In fact, *all* websites were pretty
much down. I shrugged and figured the ISP must've turned off my account
a little early. I walked outside -- it was a beautiful day, the birds
were singing, clear skies. Nobody was screaming or wailing: it was a
day just like any other.

I shrugged off Roger's message. I figured someone was playing games
with me. I dropped off my housekeys in my landlord's dropbox and began
driving. It wasn't until I was leaving San Jose that I saw a bunch of
flags flying, and between that and Roger's email, well -- I stopped at
my favorite watering hole to check in with the morning crew and see if
they'd heard anything, and that's when I discovered what had happened.

Imagine what would've happened if Roger had sent me that as a *signed*
email. I would've trusted it completely, right? I wouldn't have
dropped off my housekeys, I would've called my landlord and asked for a
few days extension, and not had to deal with the challenges of a
cross-country move during 9/11 and the days immediately after.

Now that you know the history (an unsigned message I disregarded) and
you've imagined one alternate history (a signed message that I would've
heeded), imagine a second alternate history. In this second alternate
history, MFPA sends me a signed message telling me "Your country's at
war, all of us are backing you."

Would I trust that? Of course not. I don't know MFPA. He's never
bought me a beer. We have no shared context of trust, so there's no way
for a signature to extend the reach of that nonexistent trust. The
signature on the message means exactly nothing.

The best MFPA could hope for would be to say, "Your country's at war,
all of us are backing you, nytimes.com is still up and responsive, check
there for details" -- but even then I'm not trusting MFPA. He's giving
me a way to independently verify his claim, which is pretty much the
polar opposite of asking me to take things on trust.

Finally, one last thought experiment:

During my time percolating through graduate school I used a coffeeshop
across the street from my building as my office. (My official office
was literally a converted janitor's closet that now housed five TAs.)
One semester I had to bounce a large number of students on academic
honesty violations: some of them were extremely upset. My nightmare
scenario then involved one of them visiting the coffeeshop at the same
time as me and posting incredibly offensive things on University forums
using my name. It would be easy to do and *very* hard to fight: after
all, the IP address would track back to the same coffeeshop I
frequented, and the timestamps would correlate to the time I was in there.

For a while I considered signing everything, so I could then deny making
those posts. "I didn't write that! I sign everything! That has a
bad/missing signature!"

And then I imagined my dean answering, "That proves nothing: after all,
if I was posting this stuff I wouldn't sign it, either."

... Anyway.

I apologize again for the length of this post. Too long by half, I know.

The takeaway here is:

* Signatures extend the reach of trust, they don't
create new trust
* Unless there's a pre-existing trust relationship
signatures mean either nothing or so close to it
I can't tell the difference
* Signatures on mailing lists are mostly (and maybe
entirely) useless because of how few members have
pre-existing trust relationships with others
* Don't ask people to trust what you say: give them
a way to independently verify what you say and
you can skip the headache of trying to establish
trust

Hope these thoughts help. Thanks for reading.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Tue, 31 Jan 2012 19:04:57 -0500
Robert J. Hansen articulated:

> And then I imagined my dean answering, "That proves nothing: after
> all, if I was posting this stuff I wouldn't sign it, either."

Don't apologize, I loved you post. One of the better one's I have read
in a while. It appears that your Dean was a sharp individual.

You analogy is interesting too. In the '50s in the USA, there was a
movement to require individuals to take a "loyalty oath" It was at the
height of the McCarthy era. The theory was that it would root out
communist. Finally, it dawned upon these intellectually challenged jerks
that a real communist would have no problem taking such an oath since
it would be to their advantage to do so. Sometimes you just have to
shout, WTF.

--
Jerry â™”

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
What if there had been room at the inn?
Linda Festa on the origins of Christianity

On Tue, Jan 31, 2012 at 02:08:26PM -0500, Jean-David wrote in
<4F283C2A.6070102@verizon.net>:
>Remco Rijnders wrote:
>
>> I appreciate signed mails on this list (and any other lists). Most
>> problems these days on the internet are, in my opinion, related to
>> people being completely anonymous. If you stand behind your words,
>> show so by signing your posts.
>>
>OK. I stand behind this post. But other than amusing myself, does it
>really make any difference?

To me it does some. Knowing that we know that you are really Jean-David
Beyer and that it probably is not a made up name, makes it far more likely
that you'll consider your words before posting them online and that it is
also less likely that you'd be trolling just for the fun of it.

Please note that I am in any way suggesting you'd be trolling otherwise,
but a properly signed post for which a trust path from my key to yours
exists does make a difference to me. A small one perhaps and you might not
find it worth signing your posts for my convenience / peace of mind, but
if you do sign it, I do appreciate it :-)

Am Mittwoch, 1. Februar 2012, 01:04:57 schrieb Robert J. Hansen:

> > It is hard for me to believe that a serious user of GnuPG does not
> > use it for email.
>
> This sounds like a No True Scotsman fallacy. If someone uses GnuPG but
> not for email, does that disqualify them from being a serious user?

Of course not. I just don't believe that there are many examples of this type
out there. To me a serious user is one who actively signs, encrypts, and/or
verifies data and knows what he is doing. He has created a key and verified at
least one. Everything else seems like special use to me.


> Linux might account for half a percent
> of mindshare, so ... my prejudice is that there are about a million
> GnuPG users in the United States. They might not even know it, but
> they're part of the userbase.

That's not what I would call a serious user. Counting that way some big
distributors would just have to add Enigmail to their (graphical) default
installation and to you the numer of Enigmail "users" would get boosted by a
factor of 100 without any real change.


> (GnuPG is already on your system.)

That's not true for a certain quite popular OS. How many Windows users install
GnuPG without Enigmail? Given the huge difference in Linux and Windows users
this affects the calculation a lot.


> GnuPG would still crush us with between 100,000 and
> 350,000 'knowing' users.

Knowing is not the point to me.


> That's not how the world works.

> if/when we need to guarantee the integrity of our message

The world (at least the part I am familiar with) relies (implicitely) even
more on the integrity of a message than on trust. If you get an important
information, question or order and have doubts about the integrity of the
message then you will do some checks, no matter how much you trust. Of course,
doubts are much lower today than they should be. That's how a part of online
crime works.

On the other hand is the proof of the integrity of a message often enough even
if you do not know the person. Quite often people have to make manual
signatures without being knows to the person who demands for that. Often the
content is less important than the possibility to hold someone responsible for
it.

Another point: I get most of my (both private and professional) emails from
people I know.


> The reach of trust has been extended, sure, but
> that doesn't help much when there isn't trust.

Right. I would put it this way:
A signature cannot raise the trust in a message content above the trust in the
sender / signer. But a missing signature can (and usually will) lower the
trust in the message content below the trust in the (non-proven) sender.


> Imagine what would've happened if Roger had sent me that as a *signed*
> email.

> In this second alternate history, MFPA sends me a signed message

And which of these scenarios is more probable? Who will after starting to sign
emails start to send emails to people he is not familiar with? The first
szenario is an improvement for you, the second does not make a difference
(except for some wasted bandwith). Leaving out the cost it would not make
sense to do without signatures.


> time as me and posting incredibly offensive things on University forums
> using my name.

> For a while I considered signing everything,

Which is BTW not so easy. Many people use webmail. And there are reasons for
not importing private keys onto work PCs. I am often too lazy to plug in the
smartcard reader. But in the signature I apologize for not signing the mail.
;-) And if the content was important I would use the smartcard, of course.


> so I could then deny making
> those posts. "I didn't write that! I sign everything! That has a
> bad/missing signature!"

You probably wouldn't even have to because everyone who is in regular contact
with you would know that. On the other hand: Signing in a web forum seems kind
of extreme (and unsafe with respect to breaking the signature by automatic
text formatting). :-)


> And then I imagined my dean answering, "That proves nothing: after all,
> if I was posting this stuff I wouldn't sign it, either."

Would not make much sense to use the name but not sign it, though.


> * Signatures on mailing lists are mostly (and maybe
> entirely) useless because of how few members have
> pre-existing trust relationships with others

The ability to hold someone responsible for his messages (which usually
requires a signature but a signature is not enough to ensure that) is not the
same like trust but an important point, too.


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814

On 2/1/12 10:47 AM, Hauke Laging wrote:
> Of course not. I just don't believe that there are many examples of
> this type out there. To me a serious user is one who actively signs,
> encrypts, and/or verifies data and knows what he is doing. He has
> created a key and verified at least one. Everything else seems like
> special use to me.

Then yes, you are selecting for email users. There are quite a lot of
people who use GnuPG primarily for themselves -- for instance, a system
administrator who signs each backup, a lawyer who encrypts files when in
transit on a flash drive, etc.

The overwhelming majority of the users you see are using email, yes, but
only because email is the method by which you come to see them. Users
who never announce their usage (the system administrator, the lawyer,
etc.) are completely invisible to you.

I can't give an estimate on the number of 'invisible' users: they're
invisible to me, too. But I'm not going to believe they don't exist, or
that they don't exist in good numbers.

> That's not what I would call a serious user.

A 'serious user' is, to me, someone who will send angry emails if things
break. If a program can fail and not have an immediate adverse effect
on a user, the program is not important to the user and the user can be
said to not be a "serious user."

If GnuPG breaks, a whole lot of the Linux experience breaks. You get
warnings left and right about installing packages with bad signatures,
important updates don't happen, etc. This will result in a lot of angry
people strangling whoever is responsible for breaking their PC.

Yes, this definition means that you're a serious user of your OS kernel.
And why wouldn't you be? You demand your PC make thousands of kernel
calls each second. Is that not serious use?

> Counting that way some big distributors would just have to add
> Enigmail to their (graphical) default installation and to you the
> numer of Enigmail "users" would get boosted by a factor of 100
> without any real change.

Think about what you're saying:

(a) a major distro would have to ditch their email client for
Thunderbird
(b) a user would have to download and install Enigmail, since
it's not a standard part of Thunderbird

Ubuntu will be switching to Thunderbird in 12.04, apparently, so that
takes care of (a). I doubt we will see a huge surge in Enigmail users
as a result, though, since (b) is unchanged.

As soon as both Thunderbird *and* Enigmail are part of a standard Linux
installation, let me know. I'd love to know about it. Until then, I
think Enigmail is going to remain a niche player.

>> (GnuPG is already on your system.)
>
> That's not true for a certain quite popular OS.

Quite in context, please. In context, that sentence obviously referred
to Linux users. Quoting people out-of-context to score points is a pet
peeve of mine.

>> GnuPG would still crush us with between 100,000 and 350,000
>> 'knowing' users.
>
> Knowing is not the point to me.

Well, clearly the install base isn't the point, you've already said
those aren't what you'd call 'serious users'. And if users who know of,
are aware of, who pay attention to, how GnuPG works behind the scenes
aren't relevant to you, then what is? Each benchmark I use to represent
a class of users, you reject as being not what you're talking about, so
please tell me precisely what you *are* talking about.

> And which of these scenarios is more probable? Who will after
> starting to sign emails start to send emails to people he is not
> familiar with?

Quite a lot, apparently. There are a whole lot of people on this
mailing list. I'm sending a message to all of them, including people I
don't even know.

Your question: "Who will after starting to sign emails start to send
emails to people he is not familiar with?"

The answer is Facebook. Google+. eHarmony. Match.com. JDate.
Bear411. ChristianSingles.com. The list goes on and on and on. (Note:
my mention of any service is not an endorsement. If so, I'd be a weird
mess of contradictions: a nice Jewish boy who happens to be a
Pentecostal bear...)

People love to talk and to meet new people. You can't stop people from
talking to each other. It's part of the human experience. Something
about creating social connections tickles something deep in our brains.
It's like a drug. It's so much part of the human experience that we do
it even when it's risky and dangerous, and for those who *don't* love to
talk and meet new people we hang words like "misanthrope" or "hermit"
off them -- words with powerful connotations of psychological dysfunction.

> You probably wouldn't even have to because everyone who is in regular
> contact with you would know that.

Yes, but that's completely irrelevant. I don't mean to be callous, but
you've missed a very important point.

The people who would be complaining about my conduct would be people who
don't know me from the wind. *They're* the ones who would have to be
persuaded I was on the up-and-up. Persuading them would be an uphill
road to hoe.

What would the Dean say to them? "I've known Rob for three years and
he's never once expressed any sentiments like this?" They'd point out
that yes, I've never expressed sentiments like that openly around the
Dean because those opinions are so offensive they'd get me canned.

Best case scenario, the aggrieved parties would demand the Dean make a
full investigation. The Dean would know there would be no investigation
that could either clear me or condemn me: there's simply not enough
evidence to draw conclusions either way. The Dean would know that I was
on the up and up, but since trust isn't transitive, he couldn't convince
the concerned college community I was on the up and up.

So the Dean would quietly relieve me of teaching duties, give me a
research job in some office somewhere that I didn't have to interact
with anyone, keep me out of public view, and he'd tell the affected
people "the investigation is underway, and until it's resolved we've
relieved him of teaching duties." Then in a semester or two I'd be
quietly reinstated as a TA.

Welcome to politics. That's how it works.

>> And then I imagined my dean answering, "That proves nothing: after
>> all, if I was posting this stuff I wouldn't sign it, either."
>
> Would not make much sense to use the name but not sign it, though.

Sure it would. Deniability.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, 1 Feb 2012 16:47, mailinglisten@hauke-laging.de said:

> That's not true for a certain quite popular OS. How many Windows users install
> GnuPG without Enigmail? Given the huge difference in Linux and Windows users
> this affects the calculation a lot.

A quick data point. From March to May, after the release of Gpg4win
2.1, we had an average of more than 600 downloads per day from the
primary server. That is more than 50000 in 3 months. In June we even
reached 800 per days. Unfortunately I don't have any newer numbers
available.

And there are also the users of gnupg 1.4 - I don't run statistics on
ftp.gnupg.org, thus I can't tell you any numbers.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 01/02/12 16:19, Robert J. Hansen wrote:

> As soon as both Thunderbird *and* Enigmail are part of a standard Linux
> installation, let me know. I'd love to know about it. Until then, I
> think Enigmail is going to remain a niche player.

Has there been a concerted effort to make Enigmail an integral part of
Thunderbird, distributed with it? If yes, what are the reasons that it
has been rejected so far? If no, why not?

--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4

On Wed, 1 Feb 2012 17:40, gnupg@lists.grepular.com said:

> Has there been a concerted effort to make Enigmail an integral part of
> Thunderbird, distributed with it? If yes, what are the reasons that it
> has been rejected so far? If no, why not?

The Mozillas don't like OpenPGP. To them it is probably too much
anarchy compared to S/SMIME. Ask the Mammon.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, 01 Feb 2012 17:55:05 +0100
Werner Koch articulated:

> The Mozillas don't like OpenPGP. To them it is probably too much
> anarchy compared to S/SMIME. Ask the Mammon.

Windows users prefer S/MIME. I know I use it on my Windows machines
because it does not require me to install more applications. It works
seamlessly in Outlook, which is probably its biggest asset. Perhaps the
Mozilla folks, realizing that Microsoft users are probably its largest
base audience prefer to stick with what its main constituency want. Just
a guess and my own 2ï¿ .

--
Jerry â™”

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Wed, 1 Feb 2012 18:19, jerry@seibercom.net said:

> Windows users prefer S/MIME. I know I use it on my Windows machines
> because it does not require me to install more applications. It works

But users need to pay their Internet tax to Verislime et al. Or, tinger
with CAcert root certificates.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 2/1/12 11:40 AM, gnupg@lists.grepular.com wrote:
> Has there been a concerted effort to make Enigmail an integral part
> of Thunderbird, distributed with it?

I don't know what you mean by a "concerted effort." Maybe five Enigmail
users count under your definition, maybe fifty: maybe two people within
Mozilla, or maybe nobody has to be within Mozilla, etc. All I can say
is that at various times people have tried to push for this, but so far
without success. There seem to be two major reasons for this:

* S/MIME is already irrelevant to the vast majority of
Thunderbird users, and providing OpenPGP would just
introduce a redundant irrelevant capability

* Enigmail requires a binary that's not maintained by
Mozilla, which is released on its own schedule, and
is licensed under terms other than those Mozilla
prefers


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gnupg-users-bounces@gnupg.org wrote on 02/01/2012 10:51:46 AM:
> ----- Message from "Robert J. Hansen" <rjh@sixdemonbag.org> on Wed,
> 01 Feb 2012 11:19:08 -0500 -----
>
> To:
>
> gnupg-users@gnupg.org
>
> Subject:
>
> Re: PGP/MIME use
>
> On 2/1/12 10:47 AM, Hauke Laging wrote:
> > Of course not. I just don't believe that there are many examples of
> > this type out there. To me a serious user is one who actively signs,
> > encrypts, and/or verifies data and knows what he is doing. He has
> > created a key and verified at least one. Everything else seems like
> > special use to me.
>
> Then yes, you are selecting for email users. There are quite a lot of
> people who use GnuPG primarily for themselves -- for instance, a system
> administrator who signs each backup, a lawyer who encrypts files when in
> transit on a flash drive, etc.
>
> The overwhelming majority of the users you see are using email, yes, but
> only because email is the method by which you come to see them. Users
> who never announce their usage (the system administrator, the lawyer,
> etc.) are completely invisible to you.
>

I would be one who fits in the other case. I've never signed an
e-mail--no one at our organization does. (Not that I wouldn't like to,
but nearly all those with whom I communicate wouldn't have any use for nor
comprehension of the signature.) However, I've written scripts to
routinely sign files for transmission to our bank. I would definitely
count us as serious users. We would be very upset if the bank started
rejecting transmissions due to the lack of a valid signature. Seeing that
our bank is a very large one, I'm sure there are plenty of others who also
sign their business transmissions using GPG.

Michael