PGP/GnuPG keysigning at BLU meeting?

mike ledoux mwl+blu at alumni.unh.edu
Wed Oct 10 10:45:47 EDT 2001 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 10 Oct 2001, Robert Brown wrote:

>I use pgp 2.6.X and pgpsendmail.  I do not use gpg because I thought that
>I cannot use the public keyservers with it.  Is this correct?

That is not the case.  I regularly use gpg with the public keyservers
at pgp.mit.edu and certserver.pgp.com.  This is with gpg 1.0.6, older
versions may not have this functionality.

>Also, is there something like pgpsendmail for gpg?  I noticed that the
>messages below have attachments.  Is there a way to automatically encrypt
>and/or sign all messages sent, perhaps as an S/MIME attachment?  (Are the
>attachments below S/MIME attachments?  I have never seen one so I don't
>know.)

S/MIME (RFC2311)[1] and PGP are two unrelated standards.  For PGP,
there are two different ways that people use it in mail--the old
PGP/MIME format (RFC2015)[2] and the new OpenPGP format (RFC2440)[3].
There is currently some debate over which of these PGP formats should
be used, with (basically) the Mutt guys on the PGP/MIME side, and the
rest of the world on the OpenPGP side.

This message is in OpenPGP format, which has several advantages over
PGP/MIME, IMNSHO.  The most important of these to me is that an
OpenPGP formatted message can be easily dealt with even if your MUA
doesn't support OpenPGP directly (just pipe the message through gpg or
pgp), whereas PGP/MIME is very difficult to deal with if your MUA
doesn't support it.  The only MUAs that I am aware of that support
PGP/MIME are Mutt and (ex)mh.  My understanding is that both of those
can deal with either format, but generate PGP/MIME by default.

The message you quoted (with Content-type: application/pgp-signature)
was in PGP/MIME format.  PGP/MIME signatures still allow most people
to read the message, but make it somewhat more difficult to verify the
signature due to lack of support in common software.  You can't simply
pipe a PGP/MIME message to gpg and have it do the right thing.

HTH,

- -- 
mwl+blu at alumni.unh.edu             OpenPGP KeyID 0x57C3430B
Holder of Past Knowledge           CS, O-
Put your wasted CPU cycles to use: http://www.distributed.net/
"The voters have spoken... the bastards"

[1] http://www.faqs.org/rfcs/rfc2311.html
[2] http://www.faqs.org/rfcs/rfc2015.html
[3] http://www.faqs.org/rfcs/rfc2440.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7xF8j5rgdHFfDQwsRAs/8AJoDSVyg6/I3pKAqyU+nsnXFMCfwowCgkGtV
k9NP+gnWnOKGTDuB/08d59M=
=b7B+
-----END PGP SIGNATURE-----

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

More information about the Discuss mailing list