From ntte23456 at googlemail.com  Fri Aug  1 02:33:42 2008
From: ntte23456 at googlemail.com (Masatoshi Tsuboi)
Date: Fri, 01 Aug 2008 11:33:42 +0200
Subject: [Enigmail] PGP beginner
Message-ID: <4892D876.7030408@gmail.com>

Dear Receiver

I am sorry to send you this email, but
I enthusiastically try to use a PGP function, so that

I can understand this technology deeply...

# This is my first time to send using PGP.

Let me introduce a bit myself,
I am from Japan, 29years old, engineer.

If someone respond my email, it would be very nice.
I wanna really use encrypt function as well.

Regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/18fadfd9/attachment.bin>

From 2600denver at gmail.com  Fri Aug  1 03:34:15 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Fri, 01 Aug 2008 06:34:15 -0400
Subject: [Enigmail] My 1st digital signature
In-Reply-To: <4892A39B.9010800@bellsouth.net>
References: <4892A39B.9010800@bellsouth.net>
Message-ID: <4892E6A7.3050200@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Angel Rodriguez wrote:
> Hi, if you got this, please advise.
> 
> Thanks
UNTRUSTED Good signature from Angel Rodriguez
<a_rodriguez1948 at bellsouth.net>
Key ID: 0x1B996AF6 / Signed on: 08/01/2008 01:48 AM
Key fingerprint: 47EB 0D35 2AC7 D770 7E77 131A D1EF 325C 1B99 6AF6

Looks like the signature worked!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIkuanmBTzXUpNYqQRAhWEAJ46PonH0pFX4z/vxnACbgXf97JzPgCgszOz
K5DGgy9VsVYlDmmn4k62MNU=
=4ofm
-----END PGP SIGNATURE-----

From 2600denver at gmail.com  Fri Aug  1 03:35:25 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Fri, 01 Aug 2008 06:35:25 -0400
Subject: [Enigmail] PGP beginner
In-Reply-To: <4892D876.7030408@gmail.com>
References: <4892D876.7030408@gmail.com>
Message-ID: <4892E6ED.10004@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Masatoshi Tsuboi wrote:
> Dear Receiver
> 
> I am sorry to send you this email, but
> I enthusiastically try to use a PGP function, so that
> 
> I can understand this technology deeply...
> 
> # This is my first time to send using PGP.
> 
> Let me introduce a bit myself,
> I am from Japan, 29years old, engineer.
> 
> If someone respond my email, it would be very nice.
> I wanna really use encrypt function as well.
> 
> Regards,
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
Signing worked well!
UNTRUSTED Good signature from Masatoshi Tsuboi <ntte23456 at gmail.com>
Key ID: 0x56BC5A72 / Signed on: 08/01/2008 05:33 AM
Key fingerprint: FD5C AC3B 04F2 CC1C 5644 550A EF1B AD2E 56BC 5A72
My public key is attached if you want to try encrypting an email to me
(off-list).
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIkubsmBTzXUpNYqQRAuRUAJ41+v7LGKwls+NyGwFGqlp1z4iotACfY5MZ
okx52IUY0AU5tYI3ZedsDjk=
=6QB5
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgpkeys.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/8b4d3149/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgpkeys.asc.sig
Type: application/octet-stream
Size: 65 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/8b4d3149/attachment.obj>

From jorgeazevedo at multicubic.pt  Fri Aug  1 03:35:46 2008
From: jorgeazevedo at multicubic.pt (Multicubic - Jorge Azevedo)
Date: Fri, 01 Aug 2008 11:35:46 +0100
Subject: [Enigmail] PGP beginner
In-Reply-To: <4892D876.7030408@gmail.com>
References: <4892D876.7030408@gmail.com>
Message-ID: <4892E702.20906@multicubic.pt>

An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/766a4305/attachment.html>

From sean at rima.ws  Fri Aug  1 03:35:53 2008
From: sean at rima.ws (Sean Rima)
Date: Fri, 01 Aug 2008 11:35:53 +0100
Subject: [Enigmail] My 1st digital signature
In-Reply-To: <4892A39B.9010800@bellsouth.net>
References: <4892A39B.9010800@bellsouth.net>
Message-ID: <4892E709.4000303@rima.ws>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Angel Rodriguez wrote:
| Hi, if you got this, please advise.
|
| Thanks

Looks good:

OpenPGP Security Info

Good signature from Angel Rodriguez <a_rodriguez1948 at bellsouth.net>
Key ID: 0x1B996AF6 / Signed on: 01/08/08 06:48
Key fingerprint: 47EB 0D35 2AC7 D770 7E77 131A D1EF 325C 1B99 6AF6


Sean
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIkucJDif86V/dzTsRA7nQAJ4pl6R/4pmUrw1Bz3qZfvR0qOeScQCeNe5w
PmyQ5zqB34crsniiWqtJHkw=
=Nh8b
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug  1 03:37:57 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 01 Aug 2008 06:37:57 -0400
Subject: [Enigmail] My 1st digital signature
In-Reply-To: <4892A39B.9010800@bellsouth.net>
References: <4892A39B.9010800@bellsouth.net>
Message-ID: <4892E785.1070702@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Angel Rodriguez wrote:
> Hi, if you got this, please advise.

I "got this" without any problems:

Good signature from Angel Rodriguez <a_rodriguez1948 at bellsouth.net>
Key ID: 0x1B996AF6 / Signed on: 8/1/2008 1:48 AM
Key fingerprint: 47EB 0D35 2AC7 D770 7E77 131A D1EF 325C 1B99 6AF6

HTH

JOHN ;)
Timestamp: Friday 01 Aug 2008, 06:37  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIkueCAAoJEBCGy9eAtCsP0BoH/3t9dvqEjDweXPKuvVp6/d2y
EwH/TldwNtaXf3uNKzJAhu0Rsd588uhyx6TAUxb12oTrGnj5wUn5BYQg/8mdCD/d
uW4u9qejpwKjc7Ey0j3gJNqAKZwQs8JX/patQpv+c1Y7eoP69EZlddDotcTGZfI2
ZF/ZytkRIoHZaPQAPw/ZYhQw8gQ/fTC6Av/8YWJ1/pmOMdPK84WayynA8o02GeBy
RP/CKxqQhBck2QISJYR+LeG/ZEVxGEDJbEk2GEK+hc8AWYEmoGeA4bUhje2LgdIe
RJg2HdMnYX0d4Ntp6bcmj/RKlL/N2A+b2S5N3q8JQ8W37SMObQukeLbjod9/6mM=
=5jX3
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug  1 03:42:37 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 01 Aug 2008 06:42:37 -0400
Subject: [Enigmail] PGP beginner
In-Reply-To: <4892D876.7030408@gmail.com>
References: <4892D876.7030408@gmail.com>
Message-ID: <4892E89D.2030801@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Masatoshi Tsuboi wrote:

> I am sorry to send you this email, but
> I enthusiastically try to use a PGP function, so that

Why Apologize?  Glad to assist!

Good signature from Masatoshi Tsuboi <ntte23456 at gmail.com>
Key ID: 0x56BC5A72 / Signed on: 8/1/2008 5:33 AM
Key fingerprint: FD5C AC3B 04F2 CC1C 5644 550A EF1B AD2E 56BC 5A72

> If someone respond my email, it would be very nice.
> I wanna really use encrypt function as well.

By all means, Test Your Encryption ability by sending Me an Encrypted
Email directly.  Please do not Post an Encrypted Message to the List but
I will be happy to assist You in getting Set-Up & Testing Your ability
to both Sign & Encrypt.  :-D

Receiver ;)
Timestamp: Friday 01 Aug 2008, 06:42  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIkuiaAAoJEBCGy9eAtCsPjAcH/3aDdq4deV2jXGqx2Aaqi7cF
Z/oxfLUhdB+b5XPaejZWto6CqxQOPA2C22WNuis3qjDz8nzSIConyfqLzJlxu8Co
c/ue2m9LzjI8E+xXHQFkzP3bFuGhYlr15FB9NMkw8jUnvh+sqIiAN2hUec4Wi76M
rBaTo95xPvf00RbHukeHYshV9rksgKSy+0C9HOoqSrQaay44CvVmtdKnVtWT8gEV
K+t8frNsNIxeFHGNd+LfuEp28QTC9/9uDP4zRSPejrsMB4ZyQgFXWSVRkXonDYWh
ZTMT9qKzuWfzACNZE8XkR0Pp60l8fLIOfe9NFwYA9Avl4wF5saYAV/OSkzaH2+E=
=9nMh
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Fri Aug  1 09:31:55 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 01 Aug 2008 11:31:55 -0500
Subject: [Enigmail] My 1st digital signature
In-Reply-To: <4892A39B.9010800@bellsouth.net>
References: <4892A39B.9010800@bellsouth.net>
Message-ID: <48933A7B.7020206@Mozilla-Enigmail.org>

Angel Rodriguez wrote:
> Hi, if you got this, please advise.

Message received. Later.

kthxbai










Oh, 8-})  you probably also were wondering about this:

UNTRUSTED Good signature from Angel Rodriguez <a_rodriguez1948 at bellsouth.net>
Key ID: 0x1B996AF6 / Signed on: 2008-08-01 00:48
Key fingerprint: 47EB 0D35 2AC7 D770 7E77 131A D1EF 325C 1B99 6AF6

You look to be "Good to go." Well done.

If you would also like to test encryption, you may send me a message off-list
excrypted to 0x608D2A10 or 0x18BB373A and I will reply with a test encrypted to
your key.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/0b2dbdbd/attachment.bin>

From bill at wrcary.com  Fri Aug  1 10:39:53 2008
From: bill at wrcary.com (bill)
Date: Fri, 01 Aug 2008 12:39:53 -0500
Subject: [Enigmail] My 1st digital signature
In-Reply-To: <48933A7B.7020206@Mozilla-Enigmail.org>
References: <4892A39B.9010800@bellsouth.net>
	<48933A7B.7020206@Mozilla-Enigmail.org>
Message-ID: <48934A69.4020906@wrcary.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thank you. this is great!

John Clizbe wrote:
> Angel Rodriguez wrote:
>> Hi, if you got this, please advise.
> 
> Message received. Later.
> 
> kthxbai
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Oh, 8-})  you probably also were wondering about this:
> 
> UNTRUSTED Good signature from Angel Rodriguez <a_rodriguez1948 at bellsouth.net>
> Key ID: 0x1B996AF6 / Signed on: 2008-08-01 00:48
> Key fingerprint: 47EB 0D35 2AC7 D770 7E77 131A D1EF 325C 1B99 6AF6
> 
> You look to be "Good to go." Well done.
> 
> If you would also like to test encryption, you may send me a message off-list
> excrypted to 0x608D2A10 or 0x18BB373A and I will reply with a test encrypted to
> your key.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiTSmkACgkQIZgn4NEZd2WbQgCgyqvzuJ2l0M3JllaqASxKMB0e
8DgAoKeKSm6b/0K3H0hLQGFMTqfgxUy+
=qv20
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bill.vcf
Type: text/x-vcard
Size: 293 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080801/bafc59c3/attachment-0001.vcf>

From atokhy at gmail.com  Sun Aug  3 11:39:30 2008
From: atokhy at gmail.com (Aaron Tokhy)
Date: Sun, 03 Aug 2008 14:39:30 -0400
Subject: [Enigmail] First time using Enigmail
Message-ID: <4895FB62.6040106@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is my first email send using GnuPG.  I followed the instructions on
http://enigmail.mozdev.org/documentation/quickstart-ch3.php so I assume
sending this test email to the mailing list is ok.  I created this new
email account so I can use it to send confidential email for my job in
case I do not have access to my work email.  I assume public key
authentication should be more than enough to encrypt/sign mail :).  I do
have a few questions on email habits to reduce on spam received...

Is it a good idea to create 2 email accounts, a sender and a reply-to
email account to reduce on spam?  If I create accounts, say atokhy-send
at dev null.com and atokhy at dev null.com, use atokhy-send to send
email, using atokhy in the reply-to header, think this would help
against stupid bots that only look at the To: part of the email?
Hopefully most email clients honor reply-to.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiV+2EACgkQO3nEAs/Ru1kmHwCeIJr5M3Yz52VUdYT0YnkbGgXA
NsUAn0GT/W/OnAZHMM+pSeLFX3GztqeV
=iplm
-----END PGP SIGNATURE-----

From jshmoe12 at gmail.com  Sun Aug  3 12:07:16 2008
From: jshmoe12 at gmail.com (jshmoe12 at gmail.com)
Date: Sun, 03 Aug 2008 15:07:16 -0400
Subject: [Enigmail] new to enigmail and would like to discuss security and
	enigmail.
Message-ID: <489601E4.7030808@gmail.com>

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOAyjuBfMfsNTNEAf/do+FF/ykt+mPWKtPca8fdpbJlB/uPj9p7CiWT2g6dSYf
0ym+S/9xahGeQcRSLha5kqonBlYK/t3+d8XCwhBlA6RelNuPJgBU872K1NL69ibh
e1tcxABeWnR5XoopwQPwF6zWbvFTnTRhZu7Jdx2wZhPQXxedlCOL/weu2mZw4IEE
tbNCIhOBegL+cgNXBd9Paisb0zJDWbmMajdkFDK4Ks2exd2ACoYbJEZm8wALGH3I
bJXq1XIAXH5lPkHYABAOhe3lkVvJjbWfIosLIxiYDBfAx6pj98yriPYqwmX4syko
ZhPjuQFwfCSB6HwWKnc+45fJTja5XRXO0jZkW99udgf/fnHvd4k94AFM/6/NoqTM
iX25nEkULZur39xOyYMjzQJGTdhfh8v8En9QtYuZi7nCcgD98oPzmny4quPig6T7
1xK0sXoYML8+Sa2hKH53qATWnyVf+DGHbsevv6YXgB5a+50tn6peqgOmXhKudO2t
1lnuWxZNTYkqxiPEQmKSMKiQffrcUNrunZ5dPM9lA8ExoXT1RZOI1rbLT5EHXTcl
aw/ExCLy2paMpbU7UEQ2FGUhQQZfIc3svQOlpY91ETJ79pDBpkBJieQaHrPtrWUC
JyH7E2v3e5EGo/Vu24wIKpZ8ORD+9zoZnV7Yy+1p9NFJuqvXAMY0ZMln1DdVJD0Y
SIUCDgNdKrQaKBLkUBAIAIL9yO7WyT3E8W2C8r61vRU4odpN053MGRUD0IqPhJc4
mjxJXqXUHUvkM7uRzUkJDA/C4t7BWmQPNUQX6vAmNIKkRpn5VSSUdOmFMYJhqlm9
eLDPsAEB8pQSiD0jBGX8dJf6uN2zYqQu8LPCgdGK7lx5mR6CKxqFjfO+DTwwMEmy
fhRwtkEXOhI0K6GdTDMMS+PAY5+s8FOrC7Ab6rTKhlzf3My6ndLYvMXVx92aCSgs
r/I3NlRPzDwSjXl9K4wO0oOqxobxXuj2Xz0KHzZ8H9YKrmR/g3syiRHDcULx6BVb
g8cbT2/iFCFCE4wwsbE2+Eksd1hCPZDVDUHV9Vyg+OwIAL7nLumF35CdhexPK4Ki
9S+ggE7KrUa3ImREQJWsxWRJze29ZfkJJgI6wrGMLqDQ9otEYLONNJybm6F+Eor1
eAu9ctiLetBQfxYH3FFb0MuQkaZaWD4jRqpqODl/3zyt6lBX7uQv9dVNWfngDQ31
yyQMRMgm6gJ+YjX36q47GN/79vO73+0TDphP28mWCpbwBa7JqXpHoiRd/tyyuyWP
F5ioAx5q9yOEnHIIGKThajqifMuvsvEVdR3G086iFgf9+CZgZGT05FUzez6kdgPh
b3kJwqBg0Rb6URk19e9Eep6mTKr0Xn+AKT8ZQL9p/VOhVrnBs/l92z/3pDzZUTEH
D/jSwQcBJdN5EdSbKKCsYhFjb7BovaQGRiHCjAwLZlG3e9eSiJ6XIKM3dvCDcB2Z
JrkHcsjkfiOtQRpvwD6sdh6km0Pbo7OiOMqA++qcvdjwN1ZljyFfd9nKHheTau43
rEeC3j8TDZtk9YN7VII1wZV4FenwnrjhEE2f52LeMP0CIoxZbLNkknBeH/f//42v
Mx+6t0DZF/xBn3MvaWB4ZDsf9IBm+5ZP1Sp432Eja4Rq5Y5l+k8RhFRNr0dawuoN
YtUDYYvL7bxZE+SaS2Yjud8X5eymGHNVgc2f340UfI3lxlqGNL9CsPSNq9P7sdYU
7WZkWFoZYZdzHPCP8FOYjMoAPZQWAj47m3Y6tZoEHeu6SApqCjt8J/SSUckzsWi5
ajToiw8BxUCuL3lGKUk39ZrpgRVYjnnneA2mQ7WRYp1azIrdrGeCw5msyZAtbuBw
CSyelq+kNap2DbCYNFtX/lJuLoQ+mMCC/hI8bW1RgLdyugltETOOVL4yK3igGFk4
C8R1HDwFiZViyVk0c+smu0OB3y8k2ZBfkRuON7JeCPosw/p8uLuYsoMoSNc9uFOC
4yT5MP3DWnR0YrQEoPKHozhbATnHkkddN1Nzrw==
=sar1
-----END PGP MESSAGE-----

From jshmoe12 at gmail.com  Sun Aug  3 12:25:50 2008
From: jshmoe12 at gmail.com (jshmoe12 at gmail.com)
Date: Sun, 03 Aug 2008 15:25:50 -0400
Subject: [Enigmail] help with how to use enigmail correctly
Message-ID: <4896063E.9080905@gmail.com>

do i have to attach my public key with all my emails also if anyone
would like to help me i would appreciate it very much.

thanks in advance

From 2600denver at gmail.com  Sun Aug  3 12:37:03 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Sun, 03 Aug 2008 15:37:03 -0400
Subject: [Enigmail] new to enigmail and would like to discuss security
 and	enigmail.
In-Reply-To: <489601E4.7030808@gmail.com>
References: <489601E4.7030808@gmail.com>
Message-ID: <489608DF.8010403@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jshmoe12 at gmail.com wrote:
> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> hQIOAyjuBfMfsNTNEAf/do+FF/ykt+mPWKtPca8fdpbJlB/uPj9p7CiWT2g6dSYf
> 0ym+S/9xahGeQcRSLha5kqonBlYK/t3+d8XCwhBlA6RelNuPJgBU872K1NL69ibh
> e1tcxABeWnR5XoopwQPwF6zWbvFTnTRhZu7Jdx2wZhPQXxedlCOL/weu2mZw4IEE
> tbNCIhOBegL+cgNXBd9Paisb0zJDWbmMajdkFDK4Ks2exd2ACoYbJEZm8wALGH3I
> bJXq1XIAXH5lPkHYABAOhe3lkVvJjbWfIosLIxiYDBfAx6pj98yriPYqwmX4syko
> ZhPjuQFwfCSB6HwWKnc+45fJTja5XRXO0jZkW99udgf/fnHvd4k94AFM/6/NoqTM
> iX25nEkULZur39xOyYMjzQJGTdhfh8v8En9QtYuZi7nCcgD98oPzmny4quPig6T7
> 1xK0sXoYML8+Sa2hKH53qATWnyVf+DGHbsevv6YXgB5a+50tn6peqgOmXhKudO2t
> 1lnuWxZNTYkqxiPEQmKSMKiQffrcUNrunZ5dPM9lA8ExoXT1RZOI1rbLT5EHXTcl
> aw/ExCLy2paMpbU7UEQ2FGUhQQZfIc3svQOlpY91ETJ79pDBpkBJieQaHrPtrWUC
> JyH7E2v3e5EGo/Vu24wIKpZ8ORD+9zoZnV7Yy+1p9NFJuqvXAMY0ZMln1DdVJD0Y
> SIUCDgNdKrQaKBLkUBAIAIL9yO7WyT3E8W2C8r61vRU4odpN053MGRUD0IqPhJc4
> mjxJXqXUHUvkM7uRzUkJDA/C4t7BWmQPNUQX6vAmNIKkRpn5VSSUdOmFMYJhqlm9
> eLDPsAEB8pQSiD0jBGX8dJf6uN2zYqQu8LPCgdGK7lx5mR6CKxqFjfO+DTwwMEmy
> fhRwtkEXOhI0K6GdTDMMS+PAY5+s8FOrC7Ab6rTKhlzf3My6ndLYvMXVx92aCSgs
> r/I3NlRPzDwSjXl9K4wO0oOqxobxXuj2Xz0KHzZ8H9YKrmR/g3syiRHDcULx6BVb
> g8cbT2/iFCFCE4wwsbE2+Eksd1hCPZDVDUHV9Vyg+OwIAL7nLumF35CdhexPK4Ki
> 9S+ggE7KrUa3ImREQJWsxWRJze29ZfkJJgI6wrGMLqDQ9otEYLONNJybm6F+Eor1
> eAu9ctiLetBQfxYH3FFb0MuQkaZaWD4jRqpqODl/3zyt6lBX7uQv9dVNWfngDQ31
> yyQMRMgm6gJ+YjX36q47GN/79vO73+0TDphP28mWCpbwBa7JqXpHoiRd/tyyuyWP
> F5ioAx5q9yOEnHIIGKThajqifMuvsvEVdR3G086iFgf9+CZgZGT05FUzez6kdgPh
> b3kJwqBg0Rb6URk19e9Eep6mTKr0Xn+AKT8ZQL9p/VOhVrnBs/l92z/3pDzZUTEH
> D/jSwQcBJdN5EdSbKKCsYhFjb7BovaQGRiHCjAwLZlG3e9eSiJ6XIKM3dvCDcB2Z
> JrkHcsjkfiOtQRpvwD6sdh6km0Pbo7OiOMqA++qcvdjwN1ZljyFfd9nKHheTau43
> rEeC3j8TDZtk9YN7VII1wZV4FenwnrjhEE2f52LeMP0CIoxZbLNkknBeH/f//42v
> Mx+6t0DZF/xBn3MvaWB4ZDsf9IBm+5ZP1Sp432Eja4Rq5Y5l+k8RhFRNr0dawuoN
> YtUDYYvL7bxZE+SaS2Yjud8X5eymGHNVgc2f340UfI3lxlqGNL9CsPSNq9P7sdYU
> 7WZkWFoZYZdzHPCP8FOYjMoAPZQWAj47m3Y6tZoEHeu6SApqCjt8J/SSUckzsWi5
> ajToiw8BxUCuL3lGKUk39ZrpgRVYjnnneA2mQ7WRYp1azIrdrGeCw5msyZAtbuBw
> CSyelq+kNap2DbCYNFtX/lJuLoQ+mMCC/hI8bW1RgLdyugltETOOVL4yK3igGFk4
> C8R1HDwFiZViyVk0c+smu0OB3y8k2ZBfkRuON7JeCPosw/p8uLuYsoMoSNc9uFOC
> 4yT5MP3DWnR0YrQEoPKHozhbATnHkkddN1Nzrw==
> =sar1
> -----END PGP MESSAGE-----
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 
Why did you encrypt this message? I can't read it.
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlgjfmBTzXUpNYqQRAlNqAKCerJWpUq6oLAFtTLk2De14RfcSLwCgg5wV
VSc5QlU/RFYCHL8W/LuMCUw=
=iJKP
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug  3 12:38:16 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 15:38:16 -0400
Subject: [Enigmail] new to enigmail and would like to discuss security
 and	enigmail.
In-Reply-To: <489601E4.7030808@gmail.com>
References: <489601E4.7030808@gmail.com>
Message-ID: <48960928.9040509@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

jshmoe12 at gmail.com wrote:
> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> hQIOAyjuBfMfsNTNEAf/do+FF/ykt+mPWKtPca8fdpbJlB/uPj9p7CiWT2g6dSYf

<snipped>
> -----END PGP MESSAGE-----

gpg: armor header: Version: GnuPG v1.4.6 (GNU/Linux) gpg: armor header:
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.or g gpg:
public key is 1FB0D4CD gpg: public key is 2812E450 gpg: encrypted with
ELG-E key, ID 2812E450 gpg: encrypted with ELG-E key, ID 1FB0D4CD gpg:
decryption failed: secret key not available

Please _DO NOT_ send Encrypted Messages to a Public List!

I cannot emphasize strongly enough how rude this is to the other List
Members.  In addition to the wasted bandwidth downloading a Message that
is impossible to Decrypt; to inject a 'Private' Message into a learning
environment creates potential confusion & concern among those who are
not familiar enough with Encryption to realize what has occurred.

Should You wish to Test Encryption capabilities then feel free to
exchange encrypted messages directly with any Member of this Forum.  I
am quite sure that all would be willing to assist in this manner without
inconveniencing the other 100+ Members of this List.  :-\

That said; Why are You still using 1.4.6 when 1.4.9 is the current
Version of GnuPG and several Security Fixes have been implemented since
1.4.6 was released?

JOHN >:o
Timestamp: Sunday 03 Aug 2008, 15:37  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlgknAAoJEBCGy9eAtCsPMQUIAJE29FTMTwFOS/YQBl0dEXZg
MxQUwVVenctAuSwNaLm+fTkOgBBwu/670j3ywl3GXUzibCE2OaZukCwMcpq22h6M
fRr3hS5Fa5MGJBya9WUzk1gPa/MF3qf2aDquSnfdAtXOlCsGHab/3ae1qSGhobDo
ZaVwnO9ffNyHfH931BwU7OHCjPIlB2ZQiL743GOOUs7oWpq8ym0Maw5ShkOJls65
WGKh3WbYBwiDsMxNHENrI4jn99uj0xnTGh8PVxFS9YEOhEjGdlHAKlxGMfWMHuMf
6clTuDLps2ql7etlhq2fKe68uah78WDgaq8M3m7m4N2aMA0mQMMMJf76e5CBsck=
=43Np
-----END PGP SIGNATURE-----

From 2600denver at gmail.com  Sun Aug  3 12:38:56 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Sun, 03 Aug 2008 15:38:56 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <4896063E.9080905@gmail.com>
References: <4896063E.9080905@gmail.com>
Message-ID: <48960950.6090707@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jshmoe12 at gmail.com wrote:
> do i have to attach my public key with all my emails also if anyone
> would like to help me i would appreciate it very much.
> 
> thanks in advance
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 
No, but if somebody wants to send you an encrypted email then they will
need your public key. Upload your key to pgp.mit.edu and then link to
your key in your signature. Also, if you upload your key to the
keyservers, then people can automatically download it from within their
mail client.
Comrade Ringo Kamens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlglQmBTzXUpNYqQRAlQYAKDJG5htiF7c7hzphDatnMSM3Q/S+ACfTQtQ
0fquyOpv4psH8zGHSLb8fUg=
=gq3Z
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug  3 12:46:16 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 15:46:16 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <4896063E.9080905@gmail.com>
References: <4896063E.9080905@gmail.com>
Message-ID: <48960B08.1070408@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

jshmoe12 at gmail.com wrote:
> do i have to attach my public key with all my emails also if anyone
> would like to help me i would appreciate it very much.

You do not need to attach Your Key to every missive.  This is why it is
good to Upload Your Key to the Keyservers.  Doing that allows the
Recipient to retrieve & import Your Key from the Signature.  If You
prefer to not avail Yourself of the Keyservers then Publish Your Key
somewhere on the Web that is accessible [BigLumber.com, Your Web Site,
etc.] and provide the Link to Your Key in either the Comment Lines of
Your Armor Block, the Message Header [Enigmail provides for this] or
within the 'Regular Signature' to Your Email.

I would be more that willing to assist You with Testing Encryption, Your
Enigmail/GnuPG Set-Up and any other facet of Encryption.  Please contact
Me directly at the Address in the 'From' field of this Message.

> thanks in advance

You are more than Welcome.  This is the proper method of Testing
Encryption once You feel You are ready & have things properly
configured.  :-D

JOHN ;)
Timestamp: Sunday 03 Aug 2008, 15:46  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlgsGAAoJEBCGy9eAtCsPDxIH/1wb9c14Yzhn98zdJfAd7eqk
FOcZCVm6vhfgjsF2xqg+CZfs/39Oe/ZZnWIliZ+sGIVXIRWUOr2v3d0f3lQauPQW
1dTkJz6G2P8UPoQQndUo7a4OFP8My2OjbOK0qkj5oNVAzzchqvZrxCoXJ7tpB9AC
VDDEwv3nqNAPdvjvIAFwBApZhsitzwIUMLXyhrg662UmD6LS20WR28ArHfgRRhfk
CpRT2sEEiNX8yB3CJI1/r28FiUY8XvgwhfjxvfJc/zQ8BVM51skXNrq7E88MxVGS
p2At7KorkupAuca1Q/1g9uzizVPEBfOX0oh80Niz0qwVVa3xHTQuuAxgb5pROC8=
=F6vy
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 12:58:54 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 12:58:54 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48960B08.1070408@bellsouth.net>
References: <4896063E.9080905@gmail.com> <48960B08.1070408@bellsouth.net>
Message-ID: <48960DFE.9040904@gmail.com>

John W. Moore III wrote:
> * * * Edited for length
>
> I would be more that willing to assist You with Testing Encryption, Your
> Enigmail/GnuPG Set-Up and any other facet of Encryption.  Please contact
> Me directly at the Address in the 'From' field of this Message.
>
> > thanks in advance
>
> You are more than Welcome.  This is the proper method of Testing
> Encryption once You feel You are ready & have things properly
> configured.  :-D
>
> JOHN ;)
> Timestamp: Sunday 03 Aug 2008, 15:46  --400 (Eastern Daylight Time)
John, would you post a link for the latest version of GnuPGP?  Thanks - Tom

From jmoore3rd at bellsouth.net  Sun Aug  3 13:04:14 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 16:04:14 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48960DFE.9040904@gmail.com>
References: <4896063E.9080905@gmail.com> <48960B08.1070408@bellsouth.net>
	<48960DFE.9040904@gmail.com>
Message-ID: <48960F3E.90007@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> John, would you post a link for the latest version of GnuPGP?  Thanks - Tom

http://www.gnupg.org/download/

JOHN ;)
- --
http://tinyurl.com/6hztec

Timestamp: Sunday 03 Aug 2008, 16:03  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlg87AAoJEBCGy9eAtCsPlbgH/inp7jdQC70S2JDHhG2bRr77
bXvXw0SZXaDaivk7jku2PLiHfOb+pcAN1Xsc1OJl50fzXfhQM5Vr59b8WGG2nuEz
hc0N5pqAglBiA+TNcjpLROouVbDdvxrjs8I0ITS8LAwIo/2dyy6XbfZvDY25jkKR
t7nHeSSQaRSG3YzGlwkK9WhWqKQodl75ceN+x4t30hOu33MIg7cCVkjN7Gs/ACyO
Gz3m1p/p7IqI2Cbp3V37Nm6wQ4cYDLIBKXNoUcWny3OfsYAogCaRr2yEMPDxcq3S
/LSYshWWlM94QIIkTwByr12PrJW58qDIzSioSK0q6pAty8MMdq+53qPdAunu2v8=
=cq7D
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 13:24:13 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 13:24:13 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48960F3E.90007@bellsouth.net>
References: <4896063E.9080905@gmail.com>
	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>
	<48960F3E.90007@bellsouth.net>
Message-ID: <489613ED.1080502@gmail.com>

John W. Moore III wrote:
> Tom Hwy101 wrote:
>
> > John, would you post a link for the latest version of GnuPGP?  
> Thanks - Tom
>
> http://www.gnupg.org/download/
>
> JOHN ;)
WoW! That was 'Fast' (I just got my finger off the Send key) 8-)  
Question(s): what about 2.o (I saw there)


    GnuPG 2.0

GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and 
S/MIME

being it mentions OpenPGP (using with Thunderbird 2.x) XP Pro...

And, I have a question about How the eMails are showing -have Pix to 
Help since Easier to See then Newbie describe Badly - Want me to Post to 
Here (link to ImageShack) or Sent to You? Either is Fine with Me - 
Thanks - Tom


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080803/f581d8ad/attachment.html>

From jmoore3rd at bellsouth.net  Sun Aug  3 13:33:29 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 16:33:29 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <489613ED.1080502@gmail.com>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>
	<489613ED.1080502@gmail.com>
Message-ID: <48961619.9060400@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> WoW! That was 'Fast' (I just got my finger off the Send key) 8-) 
> Question(s): what about 2.o (I saw there)
> 
> 
>     GnuPG 2.0
> 
> GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and
> S/MIME
> 
> being it mentions OpenPGP (using with Thunderbird 2.x) XP Pro...

I would ignore it for now and stick with the 1.4.9 w/Windows Installer
located roughly mid-way down the page.  Click on the 'FTP' along the
right hand side.
> 
> And, I have a question about How the eMails are showing -have Pix to
> Help since Easier to See then Newbie describe Badly - Want me to Post to
> Here (link to ImageShack) or Sent to You? Either is Fine with Me -

Either way.  BTW, You are Composing with HTML & Inline Encrypt/Sign
doesn't always 'play nice' with HTML.

JOHN ;)
Timestamp: Sunday 03 Aug 2008, 16:33  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlhYXAAoJEBCGy9eAtCsPoLIH+wZOArs4u3Zlt4q0dxawKDJE
rOMWkewBrK3ljgzZXmRQ2lypU3rZ4amhCpIcQ/qEZpaKiM1UxcidChFaUG5qBGzs
xt7zkDtN2Y4F5pQ6/nUO9psWnvvzbJq4tI12vDdQEXQHi3ZvbuXMNS8DVhtzYG6o
UlewBSBF12UJU2fyfNYFyBU9tXvJHPNAZgEktmWGHpEMElQaKF2Xd35dzTSAR5zS
9VhaSewChUbvpo3J+d8JaHtgpdPpGWOhrabcMToJasmWHOfBMt8fgK0iVewb0HLy
QoHQF3wszvJOhpHlkzG3UwOj15oIf1Df43Pg1Bqw3LS72BmGCRK7fBPx5vCBDlc=
=ZmNE
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 13:47:26 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 13:47:26 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48961619.9060400@bellsouth.net>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>
	<48961619.9060400@bellsouth.net>
Message-ID: <4896195E.8000101@gmail.com>

John W. Moore III wrote:
> Tom Hwy101 wrote:
>
> > WoW! That was 'Fast' (I just got my finger off the Send key) 8-)
> > Question(s): what about 2.o (I saw there)
>
>
> >     GnuPG 2.0
>
> > GnuPG 2.0 is the new modularized version of GnuPG supporting OpenPGP and
> > S/MIME
>
> > being it mentions OpenPGP (using with Thunderbird 2.x) XP Pro...
>
> I would ignore it for now and stick with the 1.4.9 w/Windows Installer
> located roughly mid-way down the page.  Click on the 'FTP' along the
> right hand side.
Got it! - Thanks for Reminder about Where & to Watch for Windows 
Installer  8-)
> > And, I have a question about How the eMails are showing -have Pix to
> > Help since Easier to See then Newbie describe Badly - Want me to Post to
> > Here (link to ImageShack) or Sent to You? Either is Fine with Me -
Here is Pix Question:

[url=http://img103.imageshack.us/my.php?image=3wonderou8.jpg]
[img=http://img103.imageshack.us/img103/8297/3wonderou8.th.jpg][/url]
(choose the set for eMail - holler if you want the Forum set)
>
> Either way.  BTW, You are Composing with HTML & Inline Encrypt/Sign
> doesn't always 'play nice' with HTML.
OPPS! I forgot to set Preferences for this - Please accept my Apology 
for the Oversight!
>
> JOHN ;)
> Timestamp: Sunday 03 Aug 2008, 16:33  --400 (Eastern Daylight Time)
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail



From jmoore3rd at bellsouth.net  Sun Aug  3 15:54:10 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 18:54:10 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <4896195E.8000101@gmail.com>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>
	<4896195E.8000101@gmail.com>
Message-ID: <48963712.1040608@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> [url=http://img103.imageshack.us/my.php?image=3wonderou8.jpg]

OK, if I understand Your Question correctly You wish to know why the
'Enigmail Bar' displays My Signature in 'Blue' with the statement:

UNTRUSTED Good Signature from John W. Moore III

even though You have manually Set the Trust for Me at 'Fully'?

This has to do with the complexity of the word 'Trust' and it's multiple
meanings with regard to PGP/GPG.  Without delving into the PGP
terminology of 'Implicit' Trust let Me try and explain it this way;
GnuPG offers 4 different 'Trust Models'.  For simplicity sake I suggest
that You add this line to Your gpg.conf File:

trust-model pgp

This will Set GnuPG to compute/calculate using the PGP Trust Model.  I
won't waste space here by Pasting in the relevant portions of the Manual
which explain the various Trust Models available within GnuPG.  If You,
or anyone else, is truly interested/curious then a review of the Manual
will be sufficient.  The addition of this Setting should change the
Enigmail Bar display to 'Green' and remove the word 'Untrusted' from the
Sig Verification.

There is another method that could be followed in lieu of 'assigning'
Trust to My [or any other] Key.  You could Sign the Key & for this I
recommend Signing with a Local/Non-Exportable Signature.  This will also
confer Your 'Trust' in the validity of My Key.

You are surely asking; then what does the actual assignment of 'Trust'
from the menu shown in the image do?  Well, by assigning Trust to the
Key You will also prevent being shown all the 'y/N' Questions that GnuPG
asks whenever attempting to Encrypt to an Untrusted Key.  You may also
circumvent this by checking the box under OpenPGP/Enigmail Preferences
indicating 'Always Trust Keys' or by the addition of a similar line in
gpg.conf. [trust-model always]

The link to the 2nd image appears to be just a thumbnail of the 1st
[larger] image.

I hope this Answers Your Question.  If not or You have additional
Questions please Ask them and I shall try and be more concise.  The
benefit of asking here on the Enigmail List is that Others will also
respond and between all the answers I am sure things will be clarified
for a lot of folks who either haven't asked or didn't think to ask.  :)

JOHN ;)
Timestamp: Sunday 03 Aug 2008, 18:54  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIljcPAAoJEBCGy9eAtCsPhdwH+wetV/8cjLERNZE5+Cd+QgXx
SekPtf3YeLKpf9nZm5HV1oW6r3I2JL9HNomXUkbIWhnDQzYnJE0K+Als4NaLn6dW
7tNSep9aUqbZJfUjMpWkikwmj1HtRXzXR+Ewkf6GO9HhDiw5TazEmmp+jdaxcSYS
eqcjP9S+mSa0IHTFV+l3MZmBc6p2zr/vMwgQrcrEBpskhCsBgt23APErHvJ1m9jn
2M3MhwUInqVkSpVlKjbAW0HSwpCiGUjOuE/Zw2lxXOKgmx+XvEJ+UAQ5SmxtHMoL
Lv3x4ktqatltaGBynwvKQS846a9Z/f5SvHUbL7jWWhYh4FuepQZs7nYwRUZTqGs=
=x6T3
-----END PGP SIGNATURE-----

From 2600denver at gmail.com  Sun Aug  3 16:10:32 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Sun, 03 Aug 2008 19:10:32 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
Message-ID: <48963AE8.1080805@gmail.com>

I got myself in quite a hole this time. I have been using
Thunderbird+Enigmail with gnupg on my Ubuntu 8.04 machine for a few
months now. Today, I had the wise idea to also install gnupg2 because it
looked cooler. This broke enigmail, so I removed it (all using apt-get)
but now even regular gnupg won't work. Here's the error I get when
trying to decrypt messages

Error - secret key needed to decrypt message

gpg command line and output:
/usr/bin/gpg --charset utf8  --batch --no-tty --status-fd 2
--keyserver-options auto-key-retrieve --keyserver pgp.mit.edu -d
--use-agent
gpg: problem with the agent - disabling agent use
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: Invalid passphrase; please try again ...
gpg: can't query passphrase in batch mode
gpg: encrypted with 4096-bit ELG-E key, ID 4EBC57BB, created 2008-06-29
      "Ringo Kamens (This is only for mail to the email listed)
<2600denver at gmail.com>"
gpg: public key decryption failed: bad passphrase

My key manager shows my private key is there, so it's something with the
GPG-agent. I googled around and I can run enigmail just fine if I do a
unset GPG_AGENT_INFO from the command line and launch thunderbird from
there. Is there a way to get my normal Thunderbird launcher to work
again? I also tried turning the gpg-agent use in my preferences on and
off but neither seemed to fix anything.

Any help is appreciated, I would like my email back  : p
Comrade Ringo Kamens

From rbrt_ryn at yahoo.com  Sun Aug  3 16:55:00 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Sun, 03 Aug 2008 17:55:00 -0600
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48963AE8.1080805@gmail.com>
References: <48963AE8.1080805@gmail.com>
Message-ID: <48964554.6030308@yahoo.com>

Ringo Kamens wrote:
> --use-agent

In T'Bird go to the OpenPGP preferences advanced tab and make sure "Use
gpg-agent for passphrases" is NOT checked.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080803/7f63224d/attachment.bin>

From 2600denver at gmail.com  Sun Aug  3 17:17:19 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Sun, 03 Aug 2008 20:17:19 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48964554.6030308@yahoo.com>
References: <48963AE8.1080805@gmail.com> <48964554.6030308@yahoo.com>
Message-ID: <48964A8F.2040907@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Ryan wrote:
> Ringo Kamens wrote:
>> --use-agent
> 
> In T'Bird go to the OpenPGP preferences advanced tab and make sure "Use
> gpg-agent for passphrases" is NOT checked.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
I tried that before but it didn't work, so I must have been doing
something else wrong because it worked. Thanks so much!
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlkqPmBTzXUpNYqQRAh41AJ4xGdUGLWs8tI7VyCw9Wxh+nVoDKwCgkiat
sWL/D4PeFxEfgDYvPdR1m5w=
=Y+KY
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 17:58:34 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 17:58:34 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48963712.1040608@bellsouth.net>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>	<4896195E.8000101@gmail.com>
	<48963712.1040608@bellsouth.net>
Message-ID: <4896543A.4090308@gmail.com>

John W. Moore III wrote:
> Tom Hwy101 wrote:
>
> > [url=http://img103.imageshack.us/my.php?image=3wonderou8.jpg]
Well, this ImageShack is a bit confusing -glad you found one you could 'see'
> * * *
> GnuPG offers 4 different 'Trust Models'.  For simplicity sake I suggest
> that You add this line to Your gpg.conf File:
>
> trust-model pgp
>
> * * * You may also circumvent this by checking the box under 
> OpenPGP/Enigmail Preferences
> indicating 'Always Trust Keys' or by the addition of a similar line in
> gpg.conf. [trust-model always]
I found this in the pgp.conf ... but line preceded by "#" ...
>
> The link to the 2nd image appears to be just a thumbnail of the 1st
> [larger] image.
>
> * * *
Great Explanation John! - I believe I follow most of it ( I will have to 
look at Trust in the various manuals one day)
Here are 3 lines of Config (1 before, line in Question, 1 line after)

#verify-options show-photos
#trust-model always  <<<<<< Found this -noting #-should I modify to Add: 
pgp or add Full Txt end No "#"?
#comment Latest Build: http://groups.yahoo.com/group/GPG_cvsBuilds

or should I post all of the Config ? (I wasn't sure if there were things 
that shouldn't be posted...



From atokhy at gmail.com  Sun Aug  3 18:36:21 2008
From: atokhy at gmail.com (Aaron Tokhy)
Date: Sun, 03 Aug 2008 21:36:21 -0400
Subject: [Enigmail] GnuPG Key Test
Message-ID: <48965D15.3030102@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

This is my first email send using GnuPG.  I followed the instructions on
http://enigmail.mozdev.org/documentation/quickstart-ch3.php so I assume
sending this test email to the mailing list is okay.  I created this new
email account so I can use it to send confidential email for my job in
case I do not have access to my work email.  Public key authentication
should be more than enough to encrypt/sign mail :).

This is my first test.  My key is 0xCFD1BB59 on pool.sks-keyservers.net.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiWXRUACgkQO3nEAs/Ru1njegCg9PFEzMIiUD/e0H39AkyfJOt7
5CEAnjhQMQjYh6HBECY1gCx3KDKKFUHL
=Kfqa
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug  3 20:11:24 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 23:11:24 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <4896543A.4090308@gmail.com>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>	<4896195E.8000101@gmail.com>	<48963712.1040608@bellsouth.net>
	<4896543A.4090308@gmail.com>
Message-ID: <4896735C.1020805@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> #verify-options show-photos
> #trust-model always  <<<<<< Found this -noting #-should I modify to Add:

> #comment Latest Build: http://groups.yahoo.com/group/GPG_cvsBuilds

Just remove the '#' from the front of the line and make sure that the
line begins flush with the left side of the page.  The '#' just comments
out the line which is fancy talk for saying all lines beginning with a #
are ignored.  Removal of the # makes the line active.

There is nothing wrong with Posting the entire contents of the gpg.conf
as it contains nothing 'secret'.  All gpg.conf is is a pre-configured
File of command line options.  Do not add anything to the line, just
remove the # symbol.

JOHN ;)
Timestamp: Sunday 03 Aug 2008, 23:11  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlnNZAAoJEBCGy9eAtCsPAN4IAIrde4zBoWl6vQhijdEqF3Lg
kcIyxFyYGvH3jaA9C60JkqrUh/mG4/4hgoHT9UzhRwt+mUu+V//RtbbYc+IsaR0+
zx7Eq0L2NMGgeL2Ph/AmUZy67SMtzXt2DfVSJYLgEaltJMS8j+5wtHr9ssnNx8Ts
hVUZfFx9doPzn3RjwqwG311/7KbfEmMoLirsSECcKlpYiOBjkb/prHdBQEhwp3D0
I5bvHJBXEE6hoUHBH3rnF3ZrnP3WgYH2QzeP2KrK0CG66fHLcG0IbwGxVrt91H+R
Q08li10cKN6NteeY3TnDvE4d1qglX9PYwLgpaXMRCrHMvSI69HnTVF/9FTsbLlo=
=+Vfr
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug  3 20:26:06 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 23:26:06 -0400
Subject: [Enigmail] GnuPG Test Key
Message-ID: <489676CE.9090209@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Aaron Tokhy wrote:

> > This is my first email send using GnuPG.  I followed the instructions on
> > http://enigmail.mozdev.org/documentation/quickstart-ch3.php so I assume
> > sending this test email to the mailing list is okay.

Good signature from Aaron Tokhy <atokhy at gmail.com>
Key ID: 0xCFD1BB59 / Signed on: 8/3/2008 9:36 PM
Key fingerprint: 3421 D962 BE04 F55F DB15 B2C7 3B79 C402 CFD1 BB59

Looks Good!  Key automatically retrieved because You had the foresight
to Upload to the Keyservers.   :-D

JOHN  ;)
Timestamp: Sunday 03 Aug 2008, 23:13  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlnbLAAoJEBCGy9eAtCsPvgEH/3RQDwAUgRWIJZyhAi2LW5az
4Ik93aFj4OOCzJSnX8i60pU5WipYopDAci1AKF4lpD6f2CHqgouLSZX4w5O8ArAd
NtobXedft1uCitH8j7LgQ7fEg6qspX1cG2/Ez3XhjyvSzA/nt5G5AOmU8XUkOX0T
OqAGEiYCSlM8FzGFxxdZ+WwSFG/GaMqCHaktUNBtCzL5vuqpLdVqvz1AmrDfs5eh
faL8s8953M5wvxGn7Ys3hCXlOvXZpGHhl+TvC3jdHcAiRjSem5qAI8mSuvnpWPIl
PT4d2VZ5C2hkg4BKihvRwJeHyMG1OcuVzvNWxHel7mLJiVxCx2BgLvuiYw7jeEg=
=e5Qv
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 20:37:44 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 20:37:44 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <4896735C.1020805@bellsouth.net>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>	<4896195E.8000101@gmail.com>	<48963712.1040608@bellsouth.net>	<4896543A.4090308@gmail.com>
	<4896735C.1020805@bellsouth.net>
Message-ID: <48967988.50708@gmail.com>

John W. Moore III wrote:
> Tom Hwy101 wrote:
> * * *
> There is nothing wrong with Posting the entire contents of the gpg.conf
> as it contains nothing 'secret'.  All gpg.conf is is a pre-configured
> File of command line options.  Do not add anything to the line, just
> remove the # symbol.
default-key 0xDB56ED1C94C79CCD
default-recipient-self
encrypt-to 0xDB56ED1C94C79CCD
keyserver pool.sks-keyservers.net
keyserver-options auto-key-retrieve include-revoked include-subkeys 
repair-pks-subkey-bug import-clean export-clean 
allow-multisig-verification honor-pka-record
photo-viewer c:\program files\gpgshell\gpgview.exe %i /title 0x%k
openpgp
#load-extension c:\gnupg\lib\idea.dll
ask-cert-level
default-cert-level 3
#keyserver ldap://keyserver.pgp.com
# keyserver ldap://pgp.surfnet.nl:11370
expert
verbose
verbose
verbose
#require-cross-certification
#keyserver http://sks.dnsalias.net:11371
#export options-export minimal
#hkp://wwwkeys.nl.pgp.net
#keyserver hkp://blackhole.pca.dfn.de
#verify-options show-photos
#trust-model always  <<<<<< Besided removing '#' & 'always' I would have 
to add ' pgp'   or  should I just make another line at the end...???
#comment Latest Build: http://groups.yahoo.com/group/GPG_cvsBuilds
require-secmem
#auto-key-locate hkp://blackhole.pca.dfn.de
#for-your-eyes-only
enable-dsa2
#cert-digest-algo SHA256
verify-options  pka-lookups pka-trust-increase
personal-cipher-preferences S4 S2 S10 S9 S8 S7 S3 S1
personal-digest-preferences H10 H9 H8 H11 H6 H3 H2
personal-compress-preferences Z3 Z2 Z1
force-mdc
ignore-crc-error
import-options import-clean
no-mdc-warning
ask-cert-expire
no-mangle-dos-filenames

From jmoore3rd at bellsouth.net  Sun Aug  3 20:54:47 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 03 Aug 2008 23:54:47 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48967988.50708@gmail.com>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>	<4896195E.8000101@gmail.com>	<48963712.1040608@bellsouth.net>	<4896543A.4090308@gmail.com>	<4896735C.1020805@bellsouth.net>
	<48967988.50708@gmail.com>
Message-ID: <48967D87.4050602@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:



> #keyserver ldap://keyserver.pgp.com
> # keyserver ldap://pgp.surfnet.nl:11370

All the additional 'keyserver' lines preceded with # can be deleted.
All that they offer You is the ability to change the preferred keyserver
'on the fly' and You can accomplish this from within Enigmail.

> verbose
> verbose
> verbose

GnuPG can handle up to 3 instances of 'verbose' with the difference
being that the more instances present the more information that GnuPG
provides for every transaction.  NOTE: using 3 instances of 'verbose'
will _prevent_ the Enigmail Key Manager from being able to display Photo
ID's if present on a Key.

> #trust-model always  <<<<<< Besided removing '#' & 'always' I would have
> to add ' pgp'   or  should I just make another line at the end...???

Just remove the # prefix from this line and add another line for
trust-model pgp
> #comment Latest Build: http://groups.yahoo.com/group/GPG_cvsBuilds

The above line can be deleted.

> #for-your-eyes-only

Removing the # prefix on the above line simply causes Decrypted Messages
to display in PGP using the Tempest resistant Screen/Font.  You can
delete this line too as it has no function in GnuPG /except/ to irritate
PGP Users.  :-D

> #cert-digest-algo SHA256

The line above is an example of the format used to force the use of a
specific Hash function.  In the Manual this command/option is listed
under "Things You Usually Don't Want To Do"

> personal-cipher-preferences S4 S2 S10 S9 S8 S7 S3 S1
> personal-digest-preferences H10 H9 H8 H11 H6 H3 H2
> personal-compress-preferences Z3 Z2 Z1

The above 3 lines can be safely commented out [prefix with #] or
deleted.  For the vast majority of Users they will serve only to
confuse. :-\

All the other lines look fine.  FWIW, there is no harm done by having
'blank lines' inside gpg.conf.

All commands represented here + many others may be found in the Manual.
 The only thing to take note of is that when placing the command/option
in gpg.conf You do _not_ use the -- prefix.

I hope this is the feedback You desired by Posting the contents of Your
gpg.conf.

JOHN ;)
Timestamp: Sunday 03 Aug 2008, 23:54  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIln2AAAoJEBCGy9eAtCsP/SEIAKVdmmtmoybm37PsXPJKRqPR
JdlvBdTvcJrfMT57yo8Kmq6l7Jp9bT+z3iSH+29QzWcjOH2L/rIOTlH0YcFubeGy
ZzF4N4B7waRmM/xNJVQKAwERtVlHEet/UOMiJeKFwwmva1zwJWiWz33iAsIFmJHz
yROvTDRhCb/EqzfH4biNCjXPOKfwNvxoF78vzzlNHe6m3NvMDp2U43OFW3ttpvDV
4rJqvmsVh+mtEUZN6mNKuyxqZazEE/uau4JRXRaSV6E1AsVwYs5On8+K77A+P1HD
WwVNBkCN2ryQDKokJRnvhBnMbcFa0HoavCEkvWXFVn3JhiclAXvsd75yCGzCTUs=
=2ONI
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 21:30:38 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 21:30:38 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48967D87.4050602@bellsouth.net>
References: <4896063E.9080905@gmail.com>	<48960B08.1070408@bellsouth.net>	<48960DFE.9040904@gmail.com>	<48960F3E.90007@bellsouth.net>	<489613ED.1080502@gmail.com>	<48961619.9060400@bellsouth.net>	<4896195E.8000101@gmail.com>	<48963712.1040608@bellsouth.net>	<4896543A.4090308@gmail.com>	<4896735C.1020805@bellsouth.net>	<48967988.50708@gmail.com>
	<48967D87.4050602@bellsouth.net>
Message-ID: <489685EE.8030304@gmail.com>

John W. Moore III wrote:
> *  *  *
> I hope this is the feedback You desired by Posting the contents of Your
> gpg.conf.
Thanks John - I (Tom Still Newbie) will make the Changes - Appreciate 
the Help!

(I have to move my keys to where they should be/to be found, then I 
should be signing soon)

From rjh at sixdemonbag.org  Sun Aug  3 21:47:24 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 03 Aug 2008 22:47:24 -0600
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48960950.6090707@gmail.com>
References: <4896063E.9080905@gmail.com> <48960950.6090707@gmail.com>
Message-ID: <489689DC.9050606@sixdemonbag.org>

Ringo Kamens wrote:
> No, but if somebody wants to send you an encrypted email then they will
> need your public key. Upload your key to pgp.mit.edu and then link to
> your key in your signature. Also, if you upload your key to the
> keyservers, then people can automatically download it from within their
> mail client.

Friends don't let friends use pgp.mit.edu.  It's a horribly broken
keyserver and should not be used.

pool.sks-keyservers.net is an all-around better choice.



From rjh at sixdemonbag.org  Sun Aug  3 21:50:13 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 03 Aug 2008 22:50:13 -0600
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48963AE8.1080805@gmail.com>
References: <48963AE8.1080805@gmail.com>
Message-ID: <48968A85.8050000@sixdemonbag.org>

Ringo Kamens wrote:
> Today, I had the wise idea to also install gnupg2 because it
> looked cooler. This broke enigmail, so I removed it (all using apt-get)
> but now even regular gnupg won't work. Here's the error I get when
> trying to decrypt messages

First, GnuPG 2.0 gives you _absolutely no new capabilities_ over GnuPG
1.4.x, at least as far as OpenPGP goes.  For this reason (and others),
most of us on this list advise against using GnuPG 2.0.

Second, turn off "Use gpg-agent" in the Enigmail preferences window.


From original.hwy101 at gmail.com  Sun Aug  3 22:02:29 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 22:02:29 -0700
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <489689DC.9050606@sixdemonbag.org>
References: <4896063E.9080905@gmail.com> <48960950.6090707@gmail.com>
	<489689DC.9050606@sixdemonbag.org>
Message-ID: <48968D65.2040009@gmail.com>

Robert J. Hansen wrote:
> Ringo Kamens wrote:
>   
>> No, but if somebody wants to send you an encrypted email then they will
>> need your public key. Upload your key to pgp.mit.edu and then link to
>> your key in your signature. Also, if you upload your key to the
>> keyservers, then people can automatically download it from within their
>> mail client.
>>     
>
> Friends don't let friends use pgp.mit.edu.  It's a horribly broken
> keyserver and should not be used.
>
> pool.sks-keyservers.net is an all-around better choice.
>
>   
So, we should remove pgp.mit.edu from any Key Server Lists?  Just 
Checking if that is the Consensus

From rjh at sixdemonbag.org  Sun Aug  3 22:09:43 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 03 Aug 2008 23:09:43 -0600
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48968D65.2040009@gmail.com>
References: <4896063E.9080905@gmail.com>
	<48960950.6090707@gmail.com>	<489689DC.9050606@sixdemonbag.org>
	<48968D65.2040009@gmail.com>
Message-ID: <48968F17.6030300@sixdemonbag.org>

Tom Hwy101 wrote:
> So, we should remove pgp.mit.edu from any Key Server Lists?  Just 
> Checking if that is the Consensus

No.  The general consensus among the Enigmail team is "unless you know
what you're doing and why, stick with the defaults."  If you want to
tinker, that's fine, we encourage tinkering... but if you want Enigmail
to Just Work(TM), then stick with the defaults.


From original.hwy101 at gmail.com  Sun Aug  3 22:09:46 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 22:09:46 -0700
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48964A8F.2040907@gmail.com>
References: <48963AE8.1080805@gmail.com> <48964554.6030308@yahoo.com>
	<48964A8F.2040907@gmail.com>
Message-ID: <48968F1A.2040600@gmail.com>

Ringo Kamens wrote:
> Robert Ryan wrote:
> > Ringo Kamens wrote:
> >> --use-agent
> > In T'Bird go to the OpenPGP preferences advanced tab and make sure "Use
> > gpg-agent for passphrases" is NOT checked.
I was looking in my OpenPGP, to check, and I do not have that item at all.
While I guess that is good (can't be checked) is this normal?

Thanks

From 2600denver at gmail.com  Sun Aug  3 22:27:01 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Mon, 04 Aug 2008 01:27:01 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48968F1A.2040600@gmail.com>
References: <48963AE8.1080805@gmail.com>
	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>
	<48968F1A.2040600@gmail.com>
Message-ID: <48969325.9080209@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Hwy101 wrote:
> Ringo Kamens wrote:
>> Robert Ryan wrote:
>> > Ringo Kamens wrote:
>> >> --use-agent
>> > In T'Bird go to the OpenPGP preferences advanced tab and make sure "Use
>> > gpg-agent for passphrases" is NOT checked.
> I was looking in my OpenPGP, to check, and I do not have that item at all.
> While I guess that is good (can't be checked) is this normal?
> 
> Thanks
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 
You have to click enable advanced options and then go to the advanced tab.
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlpMlmBTzXUpNYqQRArY1AJ9bG+rIKpZnq2FDZjSybTM94IJozwCgyNaj
qZMV35CSKLLQ4VdOv4yD3DI=
=dT8v
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 22:32:02 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 22:32:02 -0700
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48969325.9080209@gmail.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>
	<48969325.9080209@gmail.com>
Message-ID: <48969452.8040007@gmail.com>

Ringo Kamens wrote:
> Tom Hwy101 wrote:
> > Ringo Kamens wrote:
> >> Robert Ryan wrote:
> >>> Ringo Kamens wrote:
> >>>> --use-agent
> >>> In T'Bird go to the OpenPGP preferences advanced tab and make sure 
> "Use
> >>> gpg-agent for passphrases" is NOT checked.
> > I was looking in my OpenPGP, to check, and I do not have that item 
> at all.
> > While I guess that is good (can't be checked) is this normal?
>
> > Thanks
> > _______________________________________________
> > Enigmail mailing list
> > Enigmail at mozdev.org
> > https://www.mozdev.org/mailman/listinfo/enigmail
>
> You have to click enable advanced options and then go to the advanced tab.
> CRK
This just gets better - I don't have the an 'Advanced Options' to enable.

From 2600denver at gmail.com  Sun Aug  3 22:43:44 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Mon, 04 Aug 2008 01:43:44 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48969452.8040007@gmail.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>	<48969325.9080209@gmail.com>
	<48969452.8040007@gmail.com>
Message-ID: <48969710.6080907@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Hwy101 wrote:
> Ringo Kamens wrote:
>> Tom Hwy101 wrote:
>> > Ringo Kamens wrote:
>> >> Robert Ryan wrote:
>> >>> Ringo Kamens wrote:
>> >>>> --use-agent
>> >>> In T'Bird go to the OpenPGP preferences advanced tab and make sure
>> "Use
>> >>> gpg-agent for passphrases" is NOT checked.
>> > I was looking in my OpenPGP, to check, and I do not have that item
>> at all.
>> > While I guess that is good (can't be checked) is this normal?
>>
>> > Thanks
>> > _______________________________________________
>> > Enigmail mailing list
>> > Enigmail at mozdev.org
>> > https://www.mozdev.org/mailman/listinfo/enigmail
>>
>> You have to click enable advanced options and then go to the advanced
>> tab.
>> CRK
> This just gets better - I don't have the an 'Advanced Options' to enable.
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 
Are you going up to OpenPGP and then preferences? What OS are you
running on? It's expert settings, not advanced settings. Do you know
what version of GNUPG you're using? Thunderbird? Enigmail? Did you
install from the xpi or from a repository such as the Ubuntu repository?
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlpcPmBTzXUpNYqQRArnkAKCSQPumYSVatY60p6jIXmhLJrFP+ACcChNF
dGIQCcuoKTWNVvOa+gC02zI=
=rpx4
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sun Aug  3 22:51:48 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 04 Aug 2008 01:51:48 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48963AE8.1080805@gmail.com>
References: <48963AE8.1080805@gmail.com>
Message-ID: <489698F4.7010802@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ringo Kamens escribi?:
> I got myself in quite a hole this time. I have been using
> Thunderbird+Enigmail with gnupg on my Ubuntu 8.04 machine for a few
> months now. Today, I had the wise idea to also install gnupg2 because it

  I think my ubuntu 8.04 came with GnuPG 2 by default (and with firefox
3.0 BETA too... I was not happy with that, but since I use it just to
try to get used to it...).

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIlpjzAAoJEMV4f6PvczxAb18H/is29AJmhx5PXr/syxdRwodK
e79rSEZCgT1s9/nz4aHjijzN6VoP3ns1xyo2uqEfO/amLOhiXZz48wsNynGhqkxF
T/0xueJeSCm35iJ+rEzoxzU+aHRjLCcZ0AOLch04xm9jJi5amkjhFKjC8jMrDF85
iPYzL2pu+fZ0vO40wASfrY+oLHLA6sB2GVU7z+Jx4QCoBa54/xv1ofqukJnqdDi7
vUN0kaPTK5+TJCmA5jJYPnY98eOSVVR0NEItbUVD2udb3cQ9d7Ua1WtUWhre4wTi
lnDLVttg42gVGUx0U+NF/qCwRuCKntba/jp+E6vUdxWmD3A+1kJsc6Qn7kAWX/o=
=2V0d
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sun Aug  3 23:00:29 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sun, 03 Aug 2008 23:00:29 -0700
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48969710.6080907@gmail.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>	<48969325.9080209@gmail.com>	<48969452.8040007@gmail.com>
	<48969710.6080907@gmail.com>
Message-ID: <48969AFD.7050301@gmail.com>

Ringo Kamens wrote:
> Tom Hwy101 wrote:
> > Ringo Kamens wrote:
> >> Tom Hwy101 wrote:
> >>> Ringo Kamens wrote:
> >>>> Robert Ryan wrote:
> >>>>> Ringo Kamens wrote:
> >>>>>> --use-agent
> >>>>> In T'Bird go to the OpenPGP preferences advanced tab and make sure
> >> "Use
> >>>>> gpg-agent for passphrases" is NOT checked.
> >>> I was looking in my OpenPGP, to check, and I do not have that item
> >> at all.
> >>> While I guess that is good (can't be checked) is this normal?
> >>> Thanks
> >>> _______________________________________________
> >>> Enigmail mailing list
> >>> Enigmail at mozdev.org
> >>> https://www.mozdev.org/mailman/listinfo/enigmail
> >> You have to click enable advanced options and then go to the advanced
> >> tab.
> >> CRK
> > This just gets better - I don't have the an 'Advanced Options' to 
> enable.
> > _______________________________________________
> > Enigmail mailing list
> > Enigmail at mozdev.org
> > https://www.mozdev.org/mailman/listinfo/enigmail
>
> Are you going up to OpenPGP and then preferences? What OS are you
> running on? It's expert settings, not advanced settings. Do you know
> what version of GNUPG you're using? Thunderbird? Enigmail? Did you
> install from the xpi or from a repository such as the Ubuntu repository?
> CRK
ah - totally different system:  XP Pro -Sev Pack 2, *Enigmail version 
0.95.6 (20080101), Thunderbird version 2.0.0.16 (20080708) ran from 
AddOn Page using Thunderbird.
*

From John at Mozilla-Enigmail.org  Sun Aug  3 23:04:33 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Mon, 04 Aug 2008 01:04:33 -0500
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48960950.6090707@gmail.com>
References: <4896063E.9080905@gmail.com> <48960950.6090707@gmail.com>
Message-ID: <48969BF1.5060307@Mozilla-Enigmail.org>

Ringo Kamens wrote:
> No, but if somebody wants to send you an encrypted email then they will
> need your public key. Upload your key to pgp.mit.edu and then link to
> your key in your signature. Also, if you upload your key to the
> keyservers, then people can automatically download it from within their
> mail client.

Really BAD choice of keyserver.

pgp.mit.edu works fine for older keys. It runs the PGP Key Server (pks). PKS
does not handle V4 key features well. Notable examples of mangled features
are multiple subkeys, a revoked subkey (tag 0x28), duplicate keyids, direct
key signatures (tag 0x1F), revocation signatures on userids (tag 0x30), or
photo IDs. There is also no development or maintenance being done on the pks
platform.

PKS is neither RFC 2440 nor RFC 4880 compliant.

Better to use the SKS keyserver pool - pool.sks-keyservers.net.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080804/42505092/attachment.bin>

From John at Mozilla-Enigmail.org  Sun Aug  3 23:11:45 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Mon, 04 Aug 2008 01:11:45 -0500
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48968D65.2040009@gmail.com>
References: <4896063E.9080905@gmail.com>
	<48960950.6090707@gmail.com>	<489689DC.9050606@sixdemonbag.org>
	<48968D65.2040009@gmail.com>
Message-ID: <48969DA1.50804@Mozilla-Enigmail.org>

Tom Hwy101 wrote:
> Robert J. Hansen wrote:
>> Ringo Kamens wrote:
>>   
>>> No, but if somebody wants to send you an encrypted email then they will
>>> need your public key. Upload your key to pgp.mit.edu and then link to
>>> your key in your signature. Also, if you upload your key to the
>>> keyservers, then people can automatically download it from within their
>>> mail client.
>>
>> Friends don't let friends use pgp.mit.edu.  It's a horribly broken
>> keyserver and should not be used.
>>
>> pool.sks-keyservers.net is an all-around better choice.

Light-years better technology wise

> So, we should remove pgp.mit.edu from any Key Server Lists?  Just 
> Checking if that is the Consensus

No, it's a fair alternative (4th choice for me) for finding older keys

Some folks still use it as the place to upload their keys. I wouldn't, and I
said that before I ran my own keyserver.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080804/150e7951/attachment.bin>

From 2600denver at gmail.com  Sun Aug  3 23:14:16 2008
From: 2600denver at gmail.com (Ringo Kamens)
Date: Mon, 04 Aug 2008 02:14:16 -0400
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48969BF1.5060307@Mozilla-Enigmail.org>
References: <4896063E.9080905@gmail.com> <48960950.6090707@gmail.com>
	<48969BF1.5060307@Mozilla-Enigmail.org>
Message-ID: <48969E38.3040101@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:
> Ringo Kamens wrote:
>> No, but if somebody wants to send you an encrypted email then they will
>> need your public key. Upload your key to pgp.mit.edu and then link to
>> your key in your signature. Also, if you upload your key to the
>> keyservers, then people can automatically download it from within their
>> mail client.
> 
> Really BAD choice of keyserver.
> 
> pgp.mit.edu works fine for older keys. It runs the PGP Key Server (pks). PKS
> does not handle V4 key features well. Notable examples of mangled features
> are multiple subkeys, a revoked subkey (tag 0x28), duplicate keyids, direct
> key signatures (tag 0x1F), revocation signatures on userids (tag 0x30), or
> photo IDs. There is also no development or maintenance being done on the pks
> platform.
> 
> PKS is neither RFC 2440 nor RFC 4880 compliant.
> 
> Better to use the SKS keyserver pool - pool.sks-keyservers.net.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
Thanks for letting me know that, I didn't know it was so outdated. Why
is it still up?
CRK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIlp44mBTzXUpNYqQRAtT1AKCH0qdxeazP77R1g5Q7NUCg55J6XgCgohsY
2ykfLUPuAJXPiemIQTuyQjE=
=Mrtz
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Sun Aug  3 23:29:20 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Mon, 04 Aug 2008 01:29:20 -0500
Subject: [Enigmail] help with how to use enigmail correctly
In-Reply-To: <48969E38.3040101@gmail.com>
References: <4896063E.9080905@gmail.com>
	<48960950.6090707@gmail.com>	<48969BF1.5060307@Mozilla-Enigmail.org>
	<48969E38.3040101@gmail.com>
Message-ID: <4896A1C0.7010205@Mozilla-Enigmail.org>

Ringo Kamens wrote:
> John Clizbe wrote:
>> Ringo Kamens wrote:
>>> Upload your key to pgp.mit.edu 
> 
>> Really BAD choice of keyserver.
> 
>> pgp.mit.edu works fine for older keys. 
> 
>> PKS is neither RFC 2440 nor RFC 4880 compliant.
> 
>> Better to use the SKS keyserver pool - pool.sks-keyservers.net.

> Thanks for letting me know that, I didn't know it was so outdated. Why
> is it still up?

Marc Horowitz, the creator of PKS, stopped having anything to do with PKS in
2005 as I recall.

PKS was then taken over by volunteers who setup shop @ SourceForge. About this
time SKS caught on and PKS looked like it was too much effort to fix the known
bugs that caused damage let alone move ahead to RFC 2440 and the updated draft.

Folks dumped PKS and started moving to SKS.

Why is pgp.mit.edu still up?  Common reason in software: inertia.

PS: Please try to trim the quoted part of replies

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080804/bb60723c/attachment.bin>

From faramir.cl at gmail.com  Mon Aug  4 00:01:02 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 04 Aug 2008 03:01:02 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48969AFD.7050301@gmail.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>	<48969325.9080209@gmail.com>	<48969452.8040007@gmail.com>	<48969710.6080907@gmail.com>
	<48969AFD.7050301@gmail.com>
Message-ID: <4896A92E.3060409@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tom Hwy101 escribi?:
> Ringo Kamens wrote:

>> Are you going up to OpenPGP and then preferences? What OS are you
>> running on? It's expert settings, not advanced settings. Do you know
>> what version of GNUPG you're using? Thunderbird? Enigmail? Did you
>> install from the xpi or from a repository such as the Ubuntu repository?
>> CRK
> ah - totally different system:  XP Pro -Sev Pack 2, *Enigmail version
> 0.95.6 (20080101), Thunderbird version 2.0.0.16 (20080708) ran from
> AddOn Page using Thunderbird.

  I think he mention Ubuntu repository because Ubuntu uses programs
adjusted to work better with Ubuntu, while most other OS just use the
"official" versions available at the software download page. I have the
same OS and Thunderbird and Enigmail versions than you, and I do have
the "show expert options" option. I go to OpenPGP->Preferences-> Show
Expert Settings to enable them...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIlqktAAoJEMV4f6PvczxAYHMIAKtrgrctRHZJf8UJ8iCEWkxJ
7m6yFC8K9FDCS4VKjv91EydVfrNQjCb5rAxbEz8dkNCPWst6V6T6RHHMlQiJqA9i
uIxNLs1OH3ajEMk4LHKg3Q4v2HCfAs8p9CysL5GxC46rTvHXensFC7oT7nuKHAUa
WIArfcXyEnOOgXc8l6ttN8JactWsbvEICCgyCkCy9W6daGkQ6Rggt7AOBxOxKoM1
lUD+KI79oP61Cct+tIsK9F/q7JY0+SEGdloKcYXtMNxq7Bwuu3oZqZwyY4AjLElA
bey4mEt6LNuF/f2T3LGM86NTEFeIkiCQpi2g9czHpLpx4K40zSIr4NFxzBvvuFE=
=kkc7
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Mon Aug  4 01:25:58 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 04 Aug 2008 04:25:58 -0400
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48968F1A.2040600@gmail.com>
References: <48963AE8.1080805@gmail.com>
	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>
	<48968F1A.2040600@gmail.com>
Message-ID: <4896BD16.4040908@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

>> > In T'Bird go to the OpenPGP preferences advanced tab and make sure "Use
>> > gpg-agent for passphrases" is NOT checked.
> I was looking in my OpenPGP, to check, and I do not have that item at all.
> While I guess that is good (can't be checked) is this normal?

Have You checked the box under Preferences that says "Display Expert
Settings"?

JOHN ;)
Timestamp: Monday 04 Aug 2008, 04:25  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIlr0TAAoJEBCGy9eAtCsPjpYH/R1EWs4+7ayRWY+M8cb7EY5B
hEykUzo5go6idvU95x7hHxy2sPkcWZgsA5H8qcJEpSVLjDvYV10FRHuhkzwNzVki
u2o1SWl7zzrmU6llxrtnkgbOihq3QDkJP6WbGdCwg4IhWBu8dPFB+QdSuk9ZexSf
CLVEUvNOWQQ5iC+tS6Zkeq+3+9xDjQJQHjemnjuekCLbMckKj3Y8c1ySC/L2SeuK
zwMq6ao3FiywArSaS6jf7ksgSy18pxeQ/k2OQvmu8xsSBUucn4XtsmTPjverJpWb
qvirzuDUrkWgL7fLObmUw4ZixoaQV7z+KXSMvPXfI7naJDBEcsIPBO7vL+JWSa8=
=XImv
-----END PGP SIGNATURE-----

From jshmoe12 at gmail.com  Mon Aug  4 04:33:45 2008
From: jshmoe12 at gmail.com (jshmoe12 at gmail.com)
Date: Mon, 04 Aug 2008 07:33:45 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
Message-ID: <4896E919.8040703@gmail.com>

So let me get this right. When i send encrypted and signed mail I have
to first send the public key unencrypted to whom ever I am sending the
encrypted mail. Then in the future they will have my public key
logged. So whenever I send them encrypted mail they will be able to
read it. Also a signature does not give the mail any security.
correct? it just ensures that the encrypted mail in the receivers
mailbox has a header stating who the mail is from, otherwise if it
didnt have a signature they wouldnt be able to see who it was from at
all, it would all be encrypted, right?
    Also can people decrypt my encrypted emails without having gnupg
installed? Can they just install the enigmail addon to thunderbird? or
can they use other decryptors to decrypt enigmail mail? I thought I
had heard about a firefox addon as well that would add functionality
to g-mail. Let me know if this is a rumor.
    Well thank you in advance. I know i sound kinda noobish, but i can
assure you I am a very computer literate ubuntu linux using computer
networking student. Also if anyone wants to talk about computer
security I would enjoy nothing more.
Thank You,
jshmoe12

From jeandavid8 at verizon.net  Mon Aug  4 05:22:42 2008
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Mon, 04 Aug 2008 08:22:42 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <4896E919.8040703@gmail.com>
References: <4896E919.8040703@gmail.com>
Message-ID: <4896F492.5080607@verizon.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jshmoe12 at gmail.com wrote:
> So let me get this right. When i send encrypted and signed mail I have
> to first send the public key unencrypted to whom ever I am sending the
> encrypted mail.

You could do that, but a much better way is to put your public key on a
public key server from which anyone can get it.

> Then in the future they will have my public key
> logged. So whenever I send them encrypted mail they will be able to
> read it.

They do not really need your public key to read an encrypted e-mail you send
them. You need their public key to do so.

They need your public key to verify that your signature is really yours. And
knowing that the public key they have that they think is yours is _really_
yours is another matter entirely.

> Also a signature does not give the mail any security.
> correct?

If the receiver really has your public key and knows it is yours, and you
sign something, then the person receiving it will know that it has not been
tampered with, either accidentally (noise or other errors in transmission)
or on purpose (someone deliberately changing the contents of the e-mail).
That is a form of security. It does not hide the contents, though.

Hiding the contents is the main point of encryption.

Signing and encrypting are two different operations. They happen to use the
same tools, though in slightly different ways.

> it just ensures that the encrypted mail in the receivers
> mailbox has a header stating who the mail is from, otherwise if it
> didnt have a signature they wouldnt be able to see who it was from at
> all, it would all be encrypted, right?

No. All e-mails, AFAIK, have a From: header that implies who it is from. But
they are so easily forged that they cannot be relied upon. They also have
one or more Sender: fields that also helps you determine who it is from. It
seems to me that Sender: fields are more difficult to forge, but perhaps are
not reliable either. The signature assures you that it is from who you think
it is from -- that is if you obtained the sender's public key in a
trustworthy manner.

>     Also can people decrypt my encrypted emails without having gnupg
> installed?

Not really. They could have PGP installed. There can be compatibility issues
if you are not careful. But you need something and I recommend GPG.

> Can they just install the enigmail addon to thunderbird?

I do not think so. Unless the install of enigmail automatically obtains
gnupg. Some package managers may do this for you.

> or
> can they use other decryptors to decrypt enigmail mail? I thought I
> had heard about a firefox addon as well that would add functionality
> to g-mail. Let me know if this is a rumor.

I never use Firefox for e-mail. In theory, I suppose it is possible. I do
not know in practice.

>     Well thank you in advance. I know i sound kinda noobish, but i can
> assure you I am a very computer literate ubuntu linux using computer
> networking student. Also if anyone wants to talk about computer
> security I would enjoy nothing more.



- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 08:05:01 up 2 days, 10:57, 4 users, load average: 4.23, 4.07, 4.03
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFIlvSSPtu2XpovyZoRApAbAKCkBHvgGXAdS8aIoV9IFCsEaJQX/ACfZVia
ktwwVD7ZsFcZgid7W95Pgu8=
=gPjc
-----END PGP SIGNATURE-----

From rasmith1959 at yahoo.com  Mon Aug  4 07:01:50 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Mon, 04 Aug 2008 09:01:50 -0500
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48969AFD.7050301@gmail.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>	<48969325.9080209@gmail.com>	<48969452.8040007@gmail.com>	<48969710.6080907@gmail.com>
	<48969AFD.7050301@gmail.com>
Message-ID: <48970BCE.8000707@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tom Hwy101 wrote:

|>
|> Are you going up to OpenPGP and then preferences? What OS are you
|> running on? It's expert settings, not advanced settings. Do you know
|> what version of GNUPG you're using? Thunderbird? Enigmail? Did you
|> install from the xpi or from a repository such as the Ubuntu repository?
|> CRK
| ah - totally different system:  XP Pro -Sev Pack 2, *Enigmail version
| 0.95.6 (20080101), Thunderbird version 2.0.0.16 (20080708) ran from
| AddOn Page using Thunderbird.

On the OpenPGP menu select preferences.  Then in the preferences window
click on the basic tab if you're not already there, and towards the
bottom you'll see the display expert settings option.  Just place a
check mark in the box beside that line to enable it.

- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIlwvNAAoJEG7cp55ZD5UOefAP/jeA+bPsLoODfyNWoxUQL/Xx
2adY3KXKnJw2wsv83kYj3rQa2tsCEty8tHLIpDmPICpmo0QR0wy7WYaiU6gOo3b8
uV6+u75kriSFvGKXyiK3xYE1qbNSXoapPuP9z3ZM8sASZ2ZwJnp7kB/giG79H0Ps
D9USE3/TUYkEYK/uJplQRkB8FT9bOzXvFER6c/NNO5Ak+uRwsOsOmm39qOpxf8jf
HTD/+PHBYoVdAbQxuOunY5I/RzTwHm4cpAZLrb85IS/yJ+bHMCPMfyj+KLkaS0/n
h53+aOoOWU1Pqy+H/9vn1ocv6cB5cm1n6y9WIvX1i4YOD4BtvsJQQymGPZ4deD8N
4SefUu2A0NNmS3+xnCoxL2cRzpy0q6Bjz4R5YPlRrmwEnd/MmPdk+L4uOaJ4dXVO
q1cP0FenGDT23Zzbz5aOrTUXr6/GmoMSOtmysabix0HOtMRpDzIYd9hniR46ZAl+
gbnXnnUoH62WZ4kiO1qxErhaEB6xoN9O3IQfEc607zeyhm5zqXyue3bNQm/qIjqI
a18Z+0+ryHTjaIXIvak+k1cO39RYZu4LMq8M/r95X7Ti36MO6lcBl3s/0TDlGZUz
Ku5A7mbE1E3/Ki6kNIoPLWkeEsmUK6U6tiSNHJ9ElTPEugxspJgWKpyW13Ce5FIT
Vow4SKM8hC4VaW0jERhK
=Ilba
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug  4 11:05:41 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 04 Aug 2008 14:05:41 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <4896F492.5080607@verizon.net>
References: <4896E919.8040703@gmail.com> <4896F492.5080607@verizon.net>
Message-ID: <489744F5.2030806@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jean-David Beyer escribi?:
> jshmoe12 at gmail.com wrote:

>>     Also can people decrypt my encrypted emails without having gnupg
>> installed?
> 
> Not really. They could have PGP installed. There can be compatibility issues
> if you are not careful. But you need something and I recommend GPG.

  I suppose he was asking about decrypting the messages without any
OpenPGP program...

>> Can they just install the enigmail addon to thunderbird?
> 
> I do not think so. Unless the install of enigmail automatically obtains
> gnupg. Some package managers may do this for you.

  Enigmail relies on GPG for the encryption/Decryption stuff, so you
need it, either by installing each thing separately or by installing a
"kit". But I don't think there are such "kits".

>> can they use other decryptors to decrypt enigmail mail? I thought I
>> had heard about a firefox addon as well that would add functionality
>> to g-mail. Let me know if this is a rumor.
> 
> I never use Firefox for e-mail. In theory, I suppose it is possible. I do
> not know in practice.

  Yes, there is an addon named FireGPG, if I am not wrong, but it also
needs an installed GPG to do the work... and it doesn't work in a
portable way (you can't carry it on a USB flash memory stick to use in
any computer... unless you are installing it on each computer). I didn't
really like that addon...

>>     Well thank you in advance. I know i sound kinda noobish, but i can
>> assure you I am a very computer literate ubuntu linux using computer
>> networking student. Also if anyone wants to talk about computer
>> security I would enjoy nothing more.

   I am IT student too, but I don't know anything about ubuntu... I try
to "play" with it, but it always defeat me...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIl0T1AAoJEMV4f6PvczxAJXoIAJDdAcLlykR2ULhOMcYsbqF7
C5/VSgjYRmG3BhMfY4DpFOJQRhfWUAiPghPj4X1oe/TsEL1FcGMx3OPEq5aj2A+5
pr6LnC6NpDREHKFU0qt+UvHD59y2/z4CFYw3nYverxcGlr9srWgGZU8ggoROWJvX
OfkbkcynW58AOucsN8K9Ns3z+QAEeNu7N9lTzOOx40yTpBU8283QOTGfDhfjwlUD
uZAKt2m94ywuvYMZGHKXNjkYCPCCvHOyAdNRkzBUEu6QJjw4JuTrgcL/j7cUV1VE
9PeEYrkTd9libEdVwUx4Ny04jhe6TSY2mOvI4uFJ0VnhjOMk1Ko95R8SwYUUrEE=
=k+sq
-----END PGP SIGNATURE-----

From a_rodriguez1948 at bellsouth.net  Mon Aug  4 11:37:36 2008
From: a_rodriguez1948 at bellsouth.net (Angel Rodriguez)
Date: Mon, 04 Aug 2008 14:37:36 -0400
Subject: [Enigmail] 3rd party certificates
Message-ID: <48974C70.5000801@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have two certificates listed in Thunderbird, one from Comodo and one
from Thawte. Has anyone ever used an additional certificate on the same
email account that enigmail also resides on?

I am wondering if I need to create another account within Thunderbird to
use those certificates when emailing folks that do not use enigmail and
use OE and Outlook for their email clients.

My reason for the question is that when I email a friend whom uses OE
enigmail produces a gibberish footer.

Angel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiXTHAACgkQ0e8yXBuZavYC8wCfZiFhuhl7z6Yp7WtcRkkOCQCS
49EAnj4bI1hkgY+KPob+xMc5WGN4AF7K
=o1FF
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug  4 11:45:31 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 04 Aug 2008 14:45:31 -0400
Subject: [Enigmail] 3rd party certificates
In-Reply-To: <48974C70.5000801@bellsouth.net>
References: <48974C70.5000801@bellsouth.net>
Message-ID: <48974E4B.6080404@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Angel Rodriguez escribi?:
> I have two certificates listed in Thunderbird, one from Comodo and one
> from Thawte. Has anyone ever used an additional certificate on the same
> email account that enigmail also resides on?

  I have one from Thawte and one from CAcert...

> I am wondering if I need to create another account within Thunderbird to
> use those certificates when emailing folks that do not use enigmail and
> use OE and Outlook for their email clients.

  I think there is no need for that, but once I tried to encrypt the
message with both GPG and with S/MIME... bad idea... so I think there is
no problem unless you try to use those 2 systems at the same time... But
I can be wrong.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIl05KAAoJEMV4f6PvczxAdtwIAJRJBKr+obdm4hwFHqjkn9nA
L+JtNLhEFJTG8BOkac/gtrUXaKlDsq/9A1T5yfbSQJOa7xykW52OWl12SVrUBvb3
xFYCpLl2yEE6R8aJpY1y8xkJ31WGr4Ttiw6C9ZMKQo3IkAgt1nEqR8slKQtc1b08
QdL62fYK07yrMwNPUv+T4nW45fjPD0lzgV6Zx47bfdolIq9Tycw7kI5ZWLpy7zs2
1jgeZIhQL3AT8gLf0UWMjMSEcMB0M4cwMKBfChwyn9AmTq4EgaiXqOuPcck4L2p+
TsysSoaAifHH9AZCdZrznQx9kYURGkxyh8IdTmDpwvKLDMmS8aM4GVWNkSs0lQE=
=N2C0
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Mon Aug  4 12:25:44 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 04 Aug 2008 13:25:44 -0600
Subject: [Enigmail] 3rd party certificates
In-Reply-To: <48974C70.5000801@bellsouth.net>
References: <48974C70.5000801@bellsouth.net>
Message-ID: <489757B8.4050708@sixdemonbag.org>

Angel Rodriguez wrote:
> Has anyone ever used an additional certificate on the same
> email account that enigmail also resides on?

Yes, routinely.  See this email for an example.

> My reason for the question is that when I email a friend whom uses OE
> enigmail produces a gibberish footer.

OE is the likely culprit.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080804/ae89684d/attachment.bin>

From adam at e-ignite.co.uk  Mon Aug  4 13:05:59 2008
From: adam at e-ignite.co.uk (Adam Gould)
Date: Mon, 4 Aug 2008 21:05:59 +0100
Subject: [Enigmail] 3rd party certificates
In-Reply-To: <489757B8.4050708@sixdemonbag.org>
References: <48974C70.5000801@bellsouth.net> <489757B8.4050708@sixdemonbag.org>
Message-ID: <eeeb012d0808041305m6661dd8boe04ca9b21254e8f4@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA384

Robert J. Hansen wrote:
|> My reason for the question is that when I email a friend whom uses OE
|> enigmail produces a gibberish footer.
|
| OE is the likely culprit.

Please correct me if I'm wrong, but I think the "gibberish" footer Angel
is referring to is the inline OpenPGP signature (see the bottom of
messages sent by others on this list, or hit CONTROL+U in Thunderbird to
show the original source of the message as Enigmail "hides" this data
when it finds it).  You can still use OpenPGP (Enigmail) with your email
using PGP Mime which creates the signature "as an attachment" in a
manner of speaking.  However, PGP Mime doesn't work well with Outlook
Express - the recipient will simply receive a blank email with two
attachments - one html attachment with your message in it and one .asc
file which contains the message signature.

If your friend used OE and is not interested in OpenPGP technologies,
S/MIME will be the least obtrusive way for you to communicate with
encryption and signing.  However, if your friend was able to install
OpenPGP software (such as GPG4WIN - http://www.gpg4win.org/) then you
will be able to use OpenPGP and Enigmail more easily.

Hope this helps,

Adam

- --
e-ignite
Communicate Securely
http://www.e-ignite.co.uk

-----BEGIN PGP SIGNATURE-----
Version: GnuPG vMobility 20080501: (MingW32)

iQEcBAEBCQAGBQJIl2DpAAoJEGYmc6E3hYpH5+cH+wQdwKgQ0f0ry25hSI2TPcJV
f0I0qzeCPQI2k8GZVtu5DSgU5zvhkgkvzcvi4H3DahMYYWM8sEzKwSi9uoSTexqx
H/Ndfj3Pf2ES77VEyzbPwTU5C3SePAP9MXg7tgqRRX45fGHTLmv5c7l5Hf5a3K7a
LrfPw6r6n4KkC3JNhEOSXVot3mmcduHBpTwBBIcP8o/CqXUWT/OPbbitVIkodPcg
rgwy18P57iiVL6aHGQtLlxe79hqDnXclfG6Bs1WFgWKXTSe+stf6eNDgS/pn8DQf
fTdrHZwVIGtcjL+cYqMymtbtimr8P3OIjopsqsVHW3Z1niLsrnuXNBLw4XTona0=
=cEty
-----END PGP SIGNATURE-----

From rbrt_ryn at yahoo.com  Mon Aug  4 13:42:43 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Mon, 04 Aug 2008 14:42:43 -0600
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <489744F5.2030806@gmail.com>
References: <4896E919.8040703@gmail.com> <4896F492.5080607@verizon.net>
	<489744F5.2030806@gmail.com>
Message-ID: <489769C3.5090002@yahoo.com>

Faramir wrote:
>   Yes, there is an addon named FireGPG, if I am not wrong, but it also
> needs an installed GPG to do the work... and it doesn't work in a
> portable way (you can't carry it on a USB flash memory stick to use in
> any computer... unless you are installing it on each computer).

Actually it's easy to run GnuPG, GPGShell and FireGPG from a portable
USB drive. First download GnuPG and install it normally, if you haven't
already. Then download GPGShell and make it portable with Copy2USB:

http://www.jumaros.de/rsoft/index.html
http://www.jumaros.de/rsoft/download/Copy2Usb.exe.gpg

Then you're going to need a copy of Portable Firefox:

http://portableapps.com/apps/internet/firefox_portable

You can add FireGPG to that and point it to the keyrings used by GPGShell.


Caveat lector: This is what I did on my Win XP box. YMMV.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080804/d73cc1c7/attachment.bin>

From jmoore3rd at bellsouth.net  Mon Aug  4 13:55:05 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 04 Aug 2008 16:55:05 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <4896E919.8040703@gmail.com>
References: <4896E919.8040703@gmail.com>
Message-ID: <48976CA9.1000702@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

jshmoe12 at gmail.com wrote:
> So let me get this right. When i send encrypted and signed mail I have
> to first send the public key unencrypted to whom ever I am sending the
> encrypted mail. Then in the future they will have my public key
> logged. So whenever I send them encrypted mail they will be able to
> read it.

Completely Incorrect.  If Your Key has been Uploaded to the Keyservers
then the Recipient can retrieve You Key based upon the information
contained in Your signature Block.  If you haven't Uploaded Your Key
then they can retrieve the Key if You have provided a Link to it.
Either way, Your Key is _not_ necessary or required to Decrypt/Read the
Message.  You Encrypted the Message to the Recipient's Public Key and
they will Decrypt it using their Private/Secret Key.  Your Key plays no
part whatsoever.  Your Key is only necessary to have /if/ they desire to
send an Encrypted Message to You.


 Also a signature does not give the mail any security.

Again, Incorrect!  The PGP/GPG Signature does provide assurance that the
Message came from You; or whoever controls the Signing Key.


> can people decrypt my encrypted emails without having gnupg
> installed?

NO!  A working installation of an OpenPGP Application _must_ be present
to Decrypt _any_ message Encrypted using OpenPGP, be it PGP or GnuPG.

 Can they just install the enigmail addon to thunderbird? or
> can they use other decryptors to decrypt enigmail mail? I thought I
> had heard about a firefox addon as well that would add functionality
> to g-mail. Let me know if this is a rumor.

Enigmail without a working installation of GnuPG is useless.  The Add-On
You refer to is FireGPG.  Both Enigmail & FirePGP are simply frontends
for GnuPG.  Without  a working installation of GnuPG there is nothing
for the GUI/Frontend to utilize.

I do not like FirePGP because Composing within any Webmail Screen is
foolish do to the nature of automatic saving of the Message Draft.  This
stores the Message in Plaintext on the Webmail Server.

Computer Literacy is extremely helpful but when dealing with
Encryption/Security it is also extremely helpful to remember the GIGO
Principle.  'Big Head' Knowledge is more critical than familiarity with
an Operating System.  Security, Trust and Safe Practices are the guiding
forces and knowledge & awareness of how an Application functions is more
important than understanding the Nuts & Bolts of how & where to install it.

For all You knowledge of Ubuntu Your opening statements/questions
indicate that You were unaware that GnuPG *must* be properly installed &
present for either of the referenced Applications to function.  :-\

I'm not 'picking on You' because I am actually proud of You for having
the courage to A-S-K Questions than I am certain other people had or
didn't know they had.  Perhaps these answers to Your Questions will
allow many others to 'shoot their wrists out of their shirt cuffs' and
strut around humming 'I knew that' with the result being that they are
better than they were before using Encryption.  I thank You for asking
and I'm sure 'Others' feel the same way.  :-D

JOHN ;)
Timestamp: Monday 04 Aug 2008, 16:54  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIl2yoAAoJEBCGy9eAtCsPVEMH/3JiRE+myVHw6Ia0RAr+sLj/
+tFxJx0+APi299RPpx9bhxusf5ePtcl3Aj4YVidXZ0iZAwqqUGpuxMU+WFvudkQz
7L9lmanxY6WCzaV5jbQ5KiRNhGF/Szndd9hMKjeTFlBT4yo/RIXPFvbuEg3U+vCF
VmhxsPogGYoQI1TygZ+qhGkP67DVk2XS8J7XzIo+wmeIlol0zMfNzsHJ8OG+MMKq
tqoIW1yzOX2eaEi28BQ9Ga9qa+pzYwNLNbHyIOnwpm3C6nwl5hfFpbbR7hr/UVLI
lRdpLruJQBfXbE7IwfdnxUwIF3ynX+ZGXeKKqDOqZi5yk/Gax+C356ceE4q0C4w=
=NE8F
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Mon Aug  4 18:23:56 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 04 Aug 2008 19:23:56 -0600
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <4896E919.8040703@gmail.com>
References: <4896E919.8040703@gmail.com>
Message-ID: <4897ABAC.7050607@sixdemonbag.org>

jshmoe12 at gmail.com wrote:
> When i send encrypted and signed mail I have to first send the public
> key unencrypted to whom ever I am sending the encrypted mail.

No.  You need to get (somehow: smoke signals, keyservers, a CD in the
mail, whatever) the public key of the person with whom you're corresponding.

> Also a signature does not give the mail any security. correct?

Define "security."

A correct signature from a validated key belonging to a trusted person
gives you excellent confidence the message was not tampered with in transit.

Everything else is null and void.  There is really not much difference
(if any!) between a bad signature and a missing signature and a correct
signature from an unvalidated key.

> Also can people decrypt my encrypted emails without having gnupg 
> installed?

They could use PGP, sure.  They need to have some OpenPGP-conformant
application installed, however.

> Can they just install the enigmail addon to thunderbird?

No.  Enigmail depends on GnuPG.

> I thought I had heard about a firefox addon as well that would add
> functionality to g-mail. Let me know if this is a rumor.

FireGPG.  It still depends on GnuPG, and it is very possibly not worth
it when dealing with webmail.

> I know i sound kinda noobish

You're a newbie, not a noob.  A noob is someone who's been given the
opportunity to learn but just refuses to do so.  A newbie is someone
who's learning.  Everyone here you think is an expert was a newbie once,
and all of us remember those days.  Welcome to the Enigmail list.  :)

> Also if anyone wants to talk about computer security I would enjoy
> nothing more.

While this stuff is technically off-topic, you'll find the moderators
apply the Bartender's Rule to these sorts of things.

The Bartender's Rule: you drink for free as long as you're interesting,
but once you get boring you'll die of thirst.

As long as discussions are courteous and informative and interesting,
there's very little the moderators won't let you get away with.  Have
fun.  :)



From a_rodriguez1948 at bellsouth.net  Mon Aug  4 23:00:19 2008
From: a_rodriguez1948 at bellsouth.net (Angel Rodriguez)
Date: Tue, 05 Aug 2008 02:00:19 -0400
Subject: [Enigmail] Photo Attachments
Message-ID: <4897EC73.10906@bellsouth.net>

Please correct me if I am wrong, but it looks like if a non enigmail
user sends an inline photo attachment, it becomes unusable.

If they were received prior to the install of enigmail and you wish to
forward, they will also be hosed.

Angel

From original.hwy101 at gmail.com  Tue Aug  5 00:39:39 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Tue, 05 Aug 2008 00:39:39 -0700
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <48970BCE.8000707@yahoo.com>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>	<48969325.9080209@gmail.com>	<48969452.8040007@gmail.com>	<48969710.6080907@gmail.com>	<48969AFD.7050301@gmail.com>
	<48970BCE.8000707@yahoo.com>
Message-ID: <489803BB.6010906@gmail.com>

Roy Smith wrote:
> Tom Hwy101 wrote:
>
> |>
> |> Are you going up to OpenPGP and then preferences? What OS are you
> |> running on? It's expert settings, not advanced settings. Do you know
> |> what version of GNUPG you're using? Thunderbird? Enigmail? Did you
> |> install from the xpi or from a repository such as the Ubuntu 
> repository?
> |> CRK
> | ah - totally different system:  XP Pro -Sev Pack 2, *Enigmail version
> | 0.95.6 (20080101), Thunderbird version 2.0.0.16 (20080708) ran from
> | AddOn Page using Thunderbird.
>
> On the OpenPGP menu select preferences.  Then in the preferences window
> click on the basic tab if you're not already there, and towards the
> bottom you'll see the display expert settings option.  Just place a
> check mark in the box beside that line to enable it.
>
Bingo! Thank You Roy  8-)

From original.hwy101 at gmail.com  Tue Aug  5 00:48:56 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Tue, 05 Aug 2008 00:48:56 -0700
Subject: [Enigmail] GNUPG/GNUPG2 GPA-agent issues
In-Reply-To: <4896BD16.4040908@bellsouth.net>
References: <48963AE8.1080805@gmail.com>	<48964554.6030308@yahoo.com>	<48964A8F.2040907@gmail.com>	<48968F1A.2040600@gmail.com>
	<4896BD16.4040908@bellsouth.net>
Message-ID: <489805E8.4060000@gmail.com>

John W. Moore III wrote:
> Tom Hwy101 wrote:
>
> >>> In T'Bird go to the OpenPGP preferences advanced tab and make sure 
> "Use
> >>> gpg-agent for passphrases" is NOT checked.
> > I was looking in my OpenPGP, to check, and I do not have that item 
> at all.
> > While I guess that is good (can't be checked) is this normal?
>
> Have You checked the box under Preferences that says "Display Expert
> Settings"?
>
> JOHN ;)
> Timestamp: Monday 04 Aug 2008, 04:25  --400 (Eastern Daylight Time)
Thanks John - Headed that way now...

From steffenjan at web.de  Tue Aug  5 11:04:59 2008
From: steffenjan at web.de (Jan Steffen)
Date: Tue, 05 Aug 2008 20:04:59 +0200
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <mailman.480.1217883319.57136.enigmail@mozdev.org>
References: <4896E919.8040703@gmail.com>
	<mailman.480.1217883319.57136.enigmail@mozdev.org>
Message-ID: <g7a4o4$u0q$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III wrote:
| I do not like FirePGP because Composing within any Webmail Screen is
| foolish do to the nature of automatic saving of the Message Draft.  This
| stores the Message in Plaintext on the Webmail Server.

I don't know why everyone is picking on FireGPG. :-(
Sure, encrypting mails you write in a Gmail compose window will most probably
not protect them from Google. But you may want to encrypt mails to your lover,
so her husband can't read them ;-)
And there are many other uses of FireGPG: decrypting, signing, checking
signatures, importing keys.
I use FireGPG a lot.

Cheers, Jan

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiYlksACgkQSa1Uad4+pFfw6wCgvDNjfft4nEvrN1yi9NRyuuSD
1NUAoIEIj7lZRWdE+Yqf3xES9WB9MgoI
=TFdp
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Tue Aug  5 11:35:16 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 05 Aug 2008 12:35:16 -0600
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <g7a4o4$u0q$1@mozdev.mozdev.org>
References: <4896E919.8040703@gmail.com>	<mailman.480.1217883319.57136.enigmail@mozdev.org>
	<g7a4o4$u0q$1@mozdev.mozdev.org>
Message-ID: <48989D64.60100@sixdemonbag.org>

Jan Steffen wrote:
> I don't know why everyone is picking on FireGPG. :-(

We're not.

We're only saying that FireGPG does not and cannot do what a large
number of its users wish for it to do.  If your threat model is such
that FireGPG makes sense, go for it.  But don't fool yourself into
thinking FireGPG is just "Enigmail for Webmail".  It's not, it's nowhere
close.  They cover very different threat models.

I'm not picking on FireGPG and I wish the FireGPG developers a lot of luck.

Whom I really want to pick on are the users who blindly use FireGPG (or
Enigmail, for that reason!) without ever thinking critically about
whether they're deluding themselves with security theater.  But,
honestly, it would be bad manners for me to do so.  All I can do is say
"these sorts of users frustrate me a great deal" and move on.  :)



From jmoore3rd at bellsouth.net  Tue Aug  5 11:38:23 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 05 Aug 2008 14:38:23 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <48989D64.60100@sixdemonbag.org>
References: <4896E919.8040703@gmail.com>	<mailman.480.1217883319.57136.enigmail@mozdev.org>	<g7a4o4$u0q$1@mozdev.mozdev.org>
	<48989D64.60100@sixdemonbag.org>
Message-ID: <48989E1F.9010306@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:
> Jan Steffen wrote:
>> I don't know why everyone is picking on FireGPG. :-(

> We're only saying that FireGPG does not and cannot do what a large
> number of its users wish for it to do.  If your threat model is such
> that FireGPG makes sense, go for it.  But don't fool yourself into
> thinking FireGPG is just "Enigmail for Webmail".  It's not, it's nowhere
> close.  They cover very different threat models.
> 
> I'm not picking on FireGPG and I wish the FireGPG developers a lot of luck.
> 
> Whom I really want to pick on are the users who blindly use FireGPG (or
> Enigmail, for that reason!) without ever thinking critically about
> whether they're deluding themselves with security theater.  But,
> honestly, it would be bad manners for me to do so.  All I can do is say
> "these sorts of users frustrate me a great deal" and move on.  :)

I 2nd That!

JOHN ;)
Timestamp: Tuesday 05 Aug 2008, 14:38  --400 (Eastern Daylight Time)
- --
http://tinyurl.com/6hztec
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJImJ4dAAoJEBCGy9eAtCsPU7AIAJtoX4uyRPYUssaX/WnSxU43
8fALVNxUfwLj/hiLB91+NiBx52m3RT6R/L/bBrYjIH0WQVW5qxBlgxDB0DyCTpNZ
NoGtht4mor6eD+vUq+I0Jf329y4z6/np+Oa39EgGUOkFDeLk/JREKH0xGVo61nmc
vGHMOcy3k+0QQNE0iak1teuwA1pa4+sEf0JQOKJxoVyRhZIb4YoIfmYfHFuzVdA7
G97rEKG9+rm1+mG2KXJXCxJyG2JZGVQZ8IM2/igVZc335k3xU0JReFHwCduioNSy
X3I4sx2xdZNKEtF6cKjyg1r9zcTixhYS2bRU5t5ftDcXepkXq1/ffX4OPt3Uc7o=
=S43i
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Tue Aug  5 12:53:35 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Tue, 05 Aug 2008 14:53:35 -0500
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <48989D64.60100@sixdemonbag.org>
References: <4896E919.8040703@gmail.com>	<mailman.480.1217883319.57136.enigmail@mozdev.org>	<g7a4o4$u0q$1@mozdev.mozdev.org>
	<48989D64.60100@sixdemonbag.org>
Message-ID: <4898AFBF.6010900@Mozilla-Enigmail.org>

Robert J. Hansen wrote:
> Jan Steffen wrote:
>> I don't know why everyone is picking on FireGPG. :-(
>
> We're not.

Let me be the 3rd member of the Enigmail bunch to heartily concur.

> We're only saying that FireGPG does not and cannot do what a large
> number of its users wish for it to do.  If your threat model is such
> that FireGPG makes sense, go for it.  But don't fool yourself into
> thinking FireGPG is just "Enigmail for Webmail".  It's not, it's nowhere
> close.  They cover very different threat models.

And while performing some common tasks, the underlying mechanisms are also quite
different - that matters in security software.

> I'm not picking on FireGPG and I wish the FireGPG developers a lot of luck.

So do I. The problems with Webmail are vexing enough long before one attempts to
bolt-on encryption.

> Whom I really want to pick on are the users who blindly use FireGPG (or
> Enigmail, for that reason!) without ever thinking critically about
> whether they're deluding themselves with security theater.  But,
> honestly, it would be bad manners for me to do so.  All I can do is say
> "these sorts of users frustrate me a great deal" and move on.  :)

I know that I'm not the only person frustrated with posts with 0% Enigmail
content. Problems with BrandX-Encryption-Product, whatever that may be, should
go to that product's support structure. Folks here answer because they're trying
to be helpful, but after a while, the off-topic frustration gets to be too much.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 439 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080805/dcec475f/attachment.bin>

From faramir.cl at gmail.com  Wed Aug  6 02:04:09 2008
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 06 Aug 2008 05:04:09 -0400
Subject: [Enigmail] sorry for sending encrypted mail,
 I think i have the hang of it now. please assure me.
In-Reply-To: <489769C3.5090002@yahoo.com>
References: <4896E919.8040703@gmail.com>
	<4896F492.5080607@verizon.net>	<489744F5.2030806@gmail.com>
	<489769C3.5090002@yahoo.com>
Message-ID: <48996909.4050809@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan escribi?:
> Faramir wrote:
>>   Yes, there is an addon named FireGPG, if I am not wrong, but it also
>> needs an installed GPG to do the work... and it doesn't work in a
>> portable way (you can't carry it on a USB flash memory stick to use in
...

> Actually it's easy to run GnuPG, GPGShell and FireGPG from a portable
> USB drive. First download GnuPG and install it normally, if you haven't
> already. Then download GPGShell and make it portable with Copy2USB:

  Yes, all that is easy to do... However, usually I install Portable
Thunderbird, GnuPG for Portable Thunderbird, and I use Copy2USB to add
GPGshell, plus updating the version of gpg installed on the USB drive...

> Then you're going to need a copy of Portable Firefox:
  Yes, that is easy, and it is easy to "translate it" to spanish (it is
just matter of copying the files from my hdd, there are detailed
instructions about how to do that)

> You can add FireGPG to that and point it to the keyrings used by GPGShell.

  That is the part I couldn't do... I couldn't point it to the
keyring... I also had some troubles with GPGshell and the keyring used
by portable Thunderbird, but I solved it installing another copy of
GPGshell in the folder where Portable Thunderbird (with the GPG package)
places the keyring. Maybe I should try again... but since I have not
used the portable pack as much as I thought I was going to use it... I
have not kept trying.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJImWkJAAoJEMV4f6PvczxAbZMH/juChSieGCrIafv6nk5q/jvz
BhZrv72qXnNwVmlYyY+jHNzYssw9gAA2vfzuR60rKnT9EB7ISv9r7h88XfmXJWPI
lkKD07bre3gm9SmaeFxMrgCusxavdBlxG+VeKXsFJLQbjIfiBGdigBN5l8piNRIX
vxO/eGDR+8hftpLiPY2ydg3tqL+4qKwjMpw9GsqLY7bKsI2/dyna+ffIPK+JVlNj
JeabFJYdT+t41d1Y8ti3UlPUVr6zKlohkZjCEIVXuixX3sWRDJNM5U7ZyDovLNDF
QQDX24Anr5bjIp8ZUQB/jFUmM7pB8C+M6GZlOGb3Q9JnZGFaqO1akyoNT5axOpk=
=rBKN
-----END PGP SIGNATURE-----

From gwmoore at moorefelines.com  Wed Aug  6 06:42:48 2008
From: gwmoore at moorefelines.com (Gregory W.Moore)
Date: Wed, 06 Aug 2008 09:42:48 -0400
Subject: [Enigmail] Using PGP on a second email account.
Message-ID: <4899AA58.1000407@moorefelines.com>

Good Morning,

I have a slight quandry here.  I have now opened a second website, with
a different domain name, and naturally, messages sent from that account
will not be from the domain "moorefelines.com".

I want to be able to use PGP encryption and signing with this second
account. How do I configure this? (The mail server is not set up yet,
but I want to be ready when it is).. Do I have to generate another key
pair from this new account, and upload the info to the keyserver?

If anyone has experience with using encryption with two mail servers,
let me know, frankly, I am lost at this point.  The new server will be
"@commcenter-1.net" once it is fully provisioned.

Any help would be appreciated.

Thanks
Greg "GW" Moore
-- 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080806/4084007c/attachment.bin>

From alaric at metrocast.net  Wed Aug  6 07:03:18 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Wed, 06 Aug 2008 10:03:18 -0400
Subject: [Enigmail] Using PGP on a second email account.
In-Reply-To: <4899AA58.1000407@moorefelines.com>
References: <4899AA58.1000407@moorefelines.com>
Message-ID: <4899AF26.4090901@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gregory W.Moore wrote:
> Good Morning,
> 
> I have a slight quandry here.  I have now opened a second website, with
> a different domain name, and naturally, messages sent from that account
> will not be from the domain "moorefelines.com".
> 
> I want to be able to use PGP encryption and signing with this second
> account. How do I configure this? (The mail server is not set up yet,
> but I want to be ready when it is).. Do I have to generate another key
> pair from this new account, and upload the info to the keyserver?
> 
> If anyone has experience with using encryption with two mail servers,
> let me know, frankly, I am lost at this point.  The new server will be
> "@commcenter-1.net" once it is fully provisioned.
> 
> Any help would be appreciated.
> 
> Thanks
> Greg "GW" Moore


It couldn't be simpler.  Simply add the new address to your key and
re-upload the amended key.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiZryYACgkQ0DfOju+hMkk3BwCg6KJ99evkmPtQciHXjxeBZVkx
yBQAoJHcS71KJ8SCiLvnT8WIUeUf2F+3
=j1Oh
-----END PGP SIGNATURE-----

From rasmith1959 at yahoo.com  Wed Aug  6 07:18:28 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Wed, 06 Aug 2008 09:18:28 -0500
Subject: [Enigmail] Using PGP on a second email account.
In-Reply-To: <4899AA58.1000407@moorefelines.com>
References: <4899AA58.1000407@moorefelines.com>
Message-ID: <4899B2B4.801@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gregory W.Moore wrote:
| Good Morning,
|
| I have a slight quandry here.  I have now opened a second website, with
| a different domain name, and naturally, messages sent from that account
| will not be from the domain "moorefelines.com".
|
| I want to be able to use PGP encryption and signing with this second
| account. How do I configure this? (The mail server is not set up yet,
| but I want to be ready when it is).. Do I have to generate another key
| pair from this new account, and upload the info to the keyserver?
|
| If anyone has experience with using encryption with two mail servers,
| let me know, frankly, I am lost at this point.  The new server will be
| "@commcenter-1.net" once it is fully provisioned.
|
| Any help would be appreciated.

It's simple, you can just add another id to your current key.  Under the
OpenPGP menu select the Key Management menu item.  Then in the Key
Manager find your Public/Secret key pair and right click on it.  Then in
the pop-up menu select the Manage User IDs item.  There you can add a
new ID and then change the primary ID if you so desire.

- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJImbK0AAoJEG7cp55ZD5UOvpwP/jlBIRQ/z6PZTMBSuPmPyCtW
gkK4xXEWP5s+0EthM1HweCYJkJ/80ikA9CH60kcRSMM5xs9VANn0emmOR5/xzzPA
owKAnl57WUTlw6rRLDTJAPbIwoRdBMIujt9UNqwHuyNgxlT64jjnnsocQd19oSRs
GcniEVa3o0AAbVe78tYLOQMnPaydlb6A2baVtaIYW+CM3ZQJNrdNeHfTmH7LvN/0
AUyv7oXtkTShH1h1JjAmXDg5nocgB6C9DJShWE39h/ZcWA/OZqxehxDT7L61nLRj
noVikey0mmgfQA/ThfoUaH3Jf/wWD3YQqnDTtgfy+zDv89pVZ1tK2CPAZeqkaX4t
bzlbpUb/W6ALQ+hDuba012MNdjgjAF5hvNO048mZL5XqR1h8E1LfErFF4ksv3SSv
klUf88tLwJsJlJrq2v60TIsZ2I1BWO3gAtTWsB5rPfOSJ8+VeiIxR5RUAgQS8XQ4
tnjtJJE9ToLBlm3/5M9t+5VciTfYXVVdg48sTXE7i6H5vu6ZQPdBlXj2lYarkZq2
rmc9vPwzDLUmLK2/cx7Xndv6opD99QkOS/vYzxAR72wsLrEjncOE6xK5CsgBUf00
9IOYHSh+nQAkzbKNnCy+hd35VMSw28ZQLsRyJMEaEKyTc/Cfmw/jp/vHCwjzk+bS
JC9uOWCDEd48u0O0oQhC
=I8dL
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Wed Aug  6 09:14:49 2008
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 06 Aug 2008 12:14:49 -0400
Subject: [Enigmail] Using PGP on a second email account.
In-Reply-To: <4899AA58.1000407@moorefelines.com>
References: <4899AA58.1000407@moorefelines.com>
Message-ID: <4899CDF9.8050005@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gregory W.Moore escribi?:
> Good Morning,
> 
> I have a slight quandry here.  I have now opened a second website, with
> a different domain name, and naturally, messages sent from that account
> will not be from the domain "moorefelines.com".
> 
> I want to be able to use PGP encryption and signing with this second
> account. How do I configure this? (The mail server is not set up yet,
> but I want to be ready when it is).. Do I have to generate another key
> pair from this new account, and upload the info to the keyserver?

  You can either add a new UID to your existing key (as other people
already said), or you can make a new key pair, so you would have one key
for each account.

  To make a new key, it is easier (if my memory doesn't fail) to first
make the new account in Thunderbird, and then to make the new key. But
if you use pgp's command line, then there is no need to change TB's
config for now. Anyway, regardless what solution you are going to use,
chose your new email address before making the UID or the new key, or
you will have to edit the key latter...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJImc35AAoJEMV4f6PvczxAwOIH/1wN3IbdhECPQf65WAxD9CA+
J8/k/SDAR672Kj3d7ssF5CEBGiZBGc5PYm8XtGRzxokWa/ShlJROHz6aQuoUj41J
pVzqDGekkRKfP6XH9AlXQzR9XHdFUseNN/ATNiptACO27qNHvxIfaOnmhVca9z7f
ugB9hUAdutAf5W7pTIgOVTxIojSi1M2K91x8hdeXVqzZL2PfRlWwUnp+4TFVMAAp
Exy2zI2XRlnxUuaB+V2V88DIPe26MaIRTPGwhk69P+wrXPio4cR07ABoEXYiCK0X
6QzxGdYwCnaXkok8yv/Sm4OOuD3iDT/31DXC+srw+lXDMj9Rkbm/e6FMTwTqc68=
=ZUkO
-----END PGP SIGNATURE-----

From simon.smithers at gmail.com  Fri Aug  8 00:02:52 2008
From: simon.smithers at gmail.com (Simon Smithers)
Date: Fri, 08 Aug 2008 08:02:52 +0100
Subject: [Enigmail] New Enigmail user test
Message-ID: <489BEF9C.7090709@btopenworld.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there

My name is Simon Smithers and I'm new to Enigmail.  I live in the UK.
I'm interested in privacy etc and am testing public key cryptography.

Many thanks.

Kind regards
Simon Smithers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkib7WkACgkQ7p1BOwHBAFFV4ACffrF2o5LtxE+4tj7VRmIgY1Ex
9sYAn3TQavW7rgcbn8CJwwzeSUWPVfIC
=cIpZ
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Fri Aug  8 08:24:53 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 08 Aug 2008 10:24:53 -0500
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489BEF9C.7090709@btopenworld.com>
References: <489BEF9C.7090709@btopenworld.com>
Message-ID: <489C6545.6010307@Mozilla-Enigmail.org>

Simon Smithers wrote:
> Hi there
> 
> My name is Simon Smithers and I'm new to Enigmail.  I live in the UK.
> I'm interested in privacy etc and am testing public key cryptography.

Simon,

It appears you have everything correctly configured and your public key is
readily available.

Well done.

  OpenPGP Security Info

  UNTRUSTED Good signature from Simon Smithers <simon.smithers at btopenworld.com>
  Key ID: 0x01C10051 / Signed on: 8/8/2008 1:53 AM
  Key fingerprint: 0E0F F1BB 6DC2 6365 6F6D AF34 EE9D 413B 01C1 0051

Best regards,

-John

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/e6fb236b/attachment.bin>

From rbrt_ryn at yahoo.com  Fri Aug  8 08:29:40 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 09:29:40 -0600
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489BEF9C.7090709@btopenworld.com>
References: <489BEF9C.7090709@btopenworld.com>
Message-ID: <489C6664.900@yahoo.com>

Simon Smithers wrote:
> My name is Simon Smithers and I'm new to Enigmail.  I live in the UK.

Welcome :)

> I'm interested in privacy etc and am testing public key cryptography.

Flowed text doesn't play nice with inline signed messages. You can turn
off flowed text in the config editor.

mailnews.send_plaintext_flowed 	false

PGP/MIME and encrypted messages are not affected by this setting.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/c1d3ef78/attachment.bin>

From simon.smithers at gmail.com  Fri Aug  8 13:59:36 2008
From: simon.smithers at gmail.com (Simon Smithers)
Date: Fri, 08 Aug 2008 21:59:36 +0100
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489C6545.6010307@Mozilla-Enigmail.org>
References: <489BEF9C.7090709@btopenworld.com>
	<489C6545.6010307@Mozilla-Enigmail.org>
Message-ID: <489CB3B8.7030109@btopenworld.com>

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOA+lvQ8k/qQ2zEAf9Gz5CS/qLYJmcU58EydXtuokMh+X8YYHwhPqzDdJKg4pD
QNXJreJ4fSDiL955qLPvsl+ibMbj7/MTOas/G5XNgBcqA+JWx2KOh1hJpeqPQX7x
8bxruH3mM4MgKR4wjxIwKwdeNbvt/wMARZy+2IybvvOiCrC+1+mstrCG/Iu+B4o5
P4hViF0M7Ln7mDS6Ea71rWFXQ/TXwfyuq7uRo3Mit8mgbZ7wFZhLpV2OM2wtjxbx
ot3ypx60G1pVlxJEoVCh4M9UxFEGXD0U6/yiS5+pBGW2L4Bbqr2KGgqT+nf7nvyP
lsuayvkMvlyQByi/Rguh8mf3gQuDyRGVlUMRGMYnTQf+Ov9F+ZTz7JsHVL5YUICB
MDYSG5x4r4k3bnBLREi7B0qFDBDfoQ5QIjQC+uD0q/Gzkq/vv224Ls5voNc9v29g
dYL1/J5xYvdQ9HPxygVzPRI4543UVA4VzLLo2yidVqFQGPs13LYXPGqAMFIVthOx
X52LCCeyG2Ud80DOB5m8tAjh55ZTeFHhX9/ZcPy3duHxSPuIm6kp7mOFHCR93Jct
t8Gv+NyI3W3wyhYxTB8qP6tbzf8+ahh4xmHXO4GOhRLb/9+MwHbxkSbrs90jPDQJ
c14TMeIzSAmJPUlzJd+LGeBSQcyFnQU4PZUNRtTVLmzy4sFMdz498DIoBHlznP2X
69LpAaAM8nzr2emsXIGBk2zDcC/xwa/kiOVHh5rnnKG4kHBW7VmnVuO/X26LVY9L
eT/QIsEyoBuUn2TP5IhjmycXw+8LEVabEqHhlKftqTMKNKf9lVO3plRxxshPGcVi
znQOi9gtNnPStPrzvhOc2JfS+oVBKaPHGdfF8byU/md7JGukPf3WVA3WvEFJbMYP
7GxmZPT8LE+birse01qPq3ICgWh1+Ame+AisB3ed1ItkrXsmScBhkP9tuSlDgguZ
biBfFpil9qoLlHWvp4BQsoyePvk4Cp1b0NwQercUtcpBBGF8E7OgwpuYFaBPoDYd
bG1jei8NLDTduvRm3+3qL2VnfmL096R98DlKdz88Pcedcg0X23PGfO6X6cNHIxJT
3frV3B6hWdOL+PVNS3//XHb5DiPwy1zzaS+LepJ1c06Kb19WiFVC4g2bB4CV6h6s
1g+9/AMZG27fUoxy5Xco/kqNpd0Kf0z99ISJ9WxVyN/ykgc0lzCGLCX1+6mWn4GI
bY2N8PeEP50molH0fHYz+pJWhcaoXY6nTAVi5Y+4eqfQDwb19s+yU4TgglJdEY+7
snI/RLbAiF2sXJXbROWUS1TR+n2R7oSvjHZ3DXKDzGBeOpRnzwFmq1acJIFklsrX
nMlRYOjvnWkLqgziFUBOKGwJyPD3QLnogfeABfue3a8FiP+EJHNC0IDUQQt+ADut
J2tpJVxSg7qdsk9tQdE+GDsxHu4qfPJLjfiTOKnQa3QbwuZPg6aTIwjyIKNUz8ur
JpqL6sG2JKgiZa7OAAxTZy3ED/uM33dl6XAZ6E4PlPg9TtBIwUtMA3z0sTdvLuo1
x5GNNbSUAGCuP+CrmACMmIC8TEewW2il
=Hm3f
-----END PGP MESSAGE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: simon_smithers.vcf
Type: text/x-vcard
Size: 163 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/66b2deac/attachment.vcf>

From rbrt_ryn at yahoo.com  Fri Aug  8 14:13:25 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 15:13:25 -0600
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489CB3B8.7030109@btopenworld.com>
References: <489BEF9C.7090709@btopenworld.com>	<489C6545.6010307@Mozilla-Enigmail.org>
	<489CB3B8.7030109@btopenworld.com>
Message-ID: <489CB6F5.2050300@yahoo.com>

Simon Smithers wrote:
> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> hQIOA+lvQ8k/qQ2zEAf9Gz5CS/qLYJmcU58EydXtuokMh+X8YYHwhPqzDdJKg4pD

*Please* don't send encrypted messages to a public forum. It makes you
difficult to understand :D
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/e2d5bf27/attachment.bin>

From alaric at metrocast.net  Fri Aug  8 14:38:46 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Fri, 08 Aug 2008 17:38:46 -0400
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489CB6F5.2050300@yahoo.com>
References: <489BEF9C.7090709@btopenworld.com>	<489C6545.6010307@Mozilla-Enigmail.org>	<489CB3B8.7030109@btopenworld.com>
	<489CB6F5.2050300@yahoo.com>
Message-ID: <489CBCE6.3020908@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan wrote:
> Simon Smithers wrote:
>> -----BEGIN PGP MESSAGE-----
>> Charset: ISO-8859-1
>> Version: GnuPG v1.4.9 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>>
>> hQIOA+lvQ8k/qQ2zEAf9Gz5CS/qLYJmcU58EydXtuokMh+X8YYHwhPqzDdJKg4pD
> 
> *Please* don't send encrypted messages to a public forum. It makes you
> difficult to understand :D

Not only that, it wastes everybody's bandwidth because nobody can
decrypt it.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkicvOYACgkQ0DfOju+hMklPrwCgrzSfEXpEHDqzKPNwVzClyjlo
2xMAn1BmZH5piVl4UA58v9kSKWvXaOQb
=AmNL
-----END PGP SIGNATURE-----

From lee937 at sbcglobal.net  Fri Aug  8 18:27:14 2008
From: lee937 at sbcglobal.net (jae lee)
Date: Fri, 08 Aug 2008 20:27:14 -0500
Subject: [Enigmail] hello
Message-ID: <489CF272.6040406@sbcglobal.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello

This is my enigmail test.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFInPJyGG76b3zfcvERAkzHAJ9Q3XxVG1APP6Cfbt0ZTxV+aD2yoACgjhwI
TYp9sFSMb99aPc72wAzdl2s=
=lc2B
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Fri Aug  8 19:05:09 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Fri, 08 Aug 2008 19:05:09 -0700
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489CFB55.7040503@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
jae lee wrote:
| Hello
|
| This is my enigmail test.
|
|
Mine too ;-^)   - Tom - Hwy101
- ---
The problem with common sense is that sense is never common - Lazarus Long

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkic+1MACgkQ21btHJTHnM2iWQCg2GpPEZkTUfcfcfglhxOkIxl8
aYYAoLNjW6ABd1KZBuZeDqsDejXInhY1
=d2rf
-----END PGP SIGNATURE-----


From John at Mozilla-Enigmail.org  Fri Aug  8 19:05:25 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 08 Aug 2008 21:05:25 -0500
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489CFB65.6010001@Mozilla-Enigmail.org>

jae lee wrote:
> Hello
> 
> This is my Enigmail test.
> 
> 
It /looks/ like Enigmail is working.

'Looks' is the best anyone can tell you at the moment.

It appears that you have not sent your key to the keyservers. Had you sent your
key to the keyservers, folks could've verified the signature you had on this
last message.

Until then, i.e., until it is available:

  1) You can check if the original message in your Sent folder verifies OK

  2) Send yourself a signed message and see if that verifies when you receive
     it.

  3) You can also send yourself an encrypted message.

*Until your public key is available, there is nothing others can help you with*

Within Enigmail, you may open the key management window, right click the key,
and select "upload to key server"... pool.sks-keyservers.net is a great choice


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/bca54fdf/attachment.bin>

From original.hwy101 at gmail.com  Fri Aug  8 19:11:42 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Fri, 08 Aug 2008 19:11:42 -0700
Subject: [Enigmail] hello
In-Reply-To: <489CFB65.6010001@Mozilla-Enigmail.org>
References: <489CF272.6040406@sbcglobal.net>
	<489CFB65.6010001@Mozilla-Enigmail.org>
Message-ID: <489CFCDE.9050505@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
John Clizbe wrote:
| jae lee wrote:
|> Hello
|>
|> This is my Enigmail test.
|>
|>
| It /looks/ like Enigmail is working.
|
| 'Looks' is the best anyone can tell you at the moment.
|
| It appears that you have not sent your key to the keyservers. Had you 
sent your
| key to the keyservers, folks could've verified the signature you had 
on this
| last message.
|
| Until then, i.e., until it is available:
|
|   1) You can check if the original message in your Sent folder verifies OK
|
|   2) Send yourself a signed message and see if that verifies when you 
receive
|      it.
|
|   3) You can also send yourself an encrypted message.
|
| *Until your public key is available, there is nothing others can help 
you with*
|
| Within Enigmail, you may open the key management window, right click 
the key,
| and select "upload to key server"... pool.sks-keyservers.net is a 
great choice
Refresh Me (if You want Folks) Key to Servers Last Night / This 
Morning... Tom

- ---
There is nothing more difficult to plan, more doubtful of success, more 
dangerous to
manage, than the creation of a new system.
~                                                        -Niccolo 
Machiavelli

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkic/NsACgkQ21btHJTHnM1IHgCfePwdBiwYfRm8/U4Ri5FBYC/k
Xh8AoOL4XgVEgwHU30StXOOFP0qlbu+H
=Mj2u
-----END PGP SIGNATURE-----


From John at Mozilla-Enigmail.org  Fri Aug  8 19:18:02 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 08 Aug 2008 21:18:02 -0500
Subject: [Enigmail] hello
In-Reply-To: <489CFB55.7040503@gmail.com>
References: <489CF272.6040406@sbcglobal.net> <489CFB55.7040503@gmail.com>
Message-ID: <489CFE5A.5060009@Mozilla-Enigmail.org>

Tom Hwy101 wrote:
> jae lee wrote:
> | Hello
> |
> | This is my enigmail test.
> |
> |
> Mine too ;-^)   - Tom - Hwy101

UNTRUSTED Good signature from Tom - Hwy101 (Typical - P2G) <Hwy101y at Yahoo.com>
Key ID: 0x94C79CCD / Signed on: 8/8/2008 9:05 PM
Key fingerprint: 4B6D 6D06 C3F6 7392 AA03 138B DB56 ED1C 94C7 9CCD


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/148b9ac5/attachment.bin>

From original.hwy101 at gmail.com  Fri Aug  8 19:30:59 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Fri, 08 Aug 2008 19:30:59 -0700
Subject: [Enigmail] hello
In-Reply-To: <489CFE5A.5060009@Mozilla-Enigmail.org>
References: <489CF272.6040406@sbcglobal.net> <489CFB55.7040503@gmail.com>
	<489CFE5A.5060009@Mozilla-Enigmail.org>
Message-ID: <489D0163.2040604@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
John Clizbe wrote:
| Tom Hwy101 wrote:
|> jae lee wrote:
|> | Hello
|> |
|> | This is my enigmail test.
|> |
|> |
|> Mine too ;-^)   - Tom - Hwy101
|
| UNTRUSTED Good signature from Tom - Hwy101 (Typical - P2G) 
<Hwy101y at Yahoo.com>
| Key ID: 0x94C79CCD / Signed on: 8/8/2008 9:05 PM
| Key fingerprint: 4B6D 6D06 C3F6 7392 AA03 138B DB56 ED1C 94C7 9CCD
Thanks John (I am still Reading & Learning All the Latest Things - Bear 
with Me Pls - Tom - Hwy101
- ---
The problem with common sense is that sense is never common - Lazarus Long

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkidAV8ACgkQ21btHJTHnM3CRACeO1MqxcLir2ZNoWe5/eyjyIBt
zKYAoKZZCcIv06xICQOCp/qnE175H7x5
=s7QP
-----END PGP SIGNATURE-----


From John at Mozilla-Enigmail.org  Fri Aug  8 19:34:09 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 08 Aug 2008 21:34:09 -0500
Subject: [Enigmail] hello
In-Reply-To: <489CFCDE.9050505@gmail.com>
References: <489CF272.6040406@sbcglobal.net>	<489CFB65.6010001@Mozilla-Enigmail.org>
	<489CFCDE.9050505@gmail.com>
Message-ID: <489D0221.5050704@Mozilla-Enigmail.org>

Tom Hwy101 wrote:
> Refresh Me (if You want Folks) Key to Servers Last Night / This 
> Morning... Tom
> 
> ---
> There is nothing more difficult to plan, more doubtful of success, more 
> dangerous to
> manage, than the creation of a new system.
> ~                                                        -Niccolo 
> Machiavelli

Looks like a rewrap after signing problem.  Set your line width to something <=
80 chars and turn off Format=Flawed.

Add the following lines to your user.js (or set the configuration value using
the config editor in Thunderbird's Advanced preferences tab (about:config in
Seamonkey)

  user_pref("mailnews.send_plaintext_flowed", false);
  user_pref("mailnews.display.disable_format_flowed_support", true);

The vertical bar quote marker may be set back to the traditional '>' with:

  user_pref("mail.quoted_graphical", false);
  user_pref("mail.quoteasblock", false);


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/d6a875ec/attachment-0001.bin>

From rbrt_ryn at yahoo.com  Fri Aug  8 19:57:02 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 20:57:02 -0600
Subject: [Enigmail] Test Message
Message-ID: <489D077E.8000409@yahoo.com>

The last two messages I sent to the list never showed :-( This will be
my last attempt before I contact the admin.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/37d3fa31/attachment.bin>

From alaric at metrocast.net  Fri Aug  8 21:07:54 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sat, 09 Aug 2008 00:07:54 -0400
Subject: [Enigmail] Test Message
In-Reply-To: <489D077E.8000409@yahoo.com>
References: <489D077E.8000409@yahoo.com>
Message-ID: <489D181A.6030100@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan wrote:
> The last two messages I sent to the list never showed :-( This will be
> my last attempt before I contact the admin.

Well, this one worked.  But no signature.  If the previous tries were,
this suggests either you're doing something wrong, or something along
the route is eating signed mail.

- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkidGBoACgkQ0DfOju+hMklAAgCeOdFnBskf9UltBUYDBJugbs/c
9WYAoOwYqtG56EhMgQhfKilpH5ekAR+S
=uvAt
-----END PGP SIGNATURE-----

From rbrt_ryn at yahoo.com  Fri Aug  8 19:32:46 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 20:32:46 -0600
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489D01CE.1050203@yahoo.com>

jae lee wrote:
> This is my enigmail test.

Hi :-)

You will need to upload your public key to a keyserver before we can
verify your signature.

Goto OpenPGP key management, right-click your key and select 'Upload
Public Keys to Keyserver'.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 563 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/60cb9c85/attachment.bin>

From rbrt_ryn at yahoo.com  Fri Aug  8 21:19:21 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 22:19:21 -0600
Subject: [Enigmail] Test Message
In-Reply-To: <489D181A.6030100@metrocast.net>
References: <489D077E.8000409@yahoo.com> <489D181A.6030100@metrocast.net>
Message-ID: <489D1AC9.6080201@yahoo.com>

Phil Stracchino wrote:
> Well, this one worked.  

Strange :-\ I wonder where my other two messages went?

> But no signature.

Both my Sent Items copy and the message returned by the forum check
valid on my end. I signed them with PGP/MIME, maybe your mail server
stripping attachments?
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/14d5164e/attachment.bin>

From rbrt_ryn at yahoo.com  Fri Aug  8 18:39:38 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 19:39:38 -0600
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489CF55A.5070508@yahoo.com>

jae lee wrote:
> This is my enigmail test.

Hi :-)

You will need to upload your public key to a keyserver before we can
verify your signature.

Goto OpenPGP key management, right-click your key and select 'Upload
Public Keys to Keyserver'.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/6282bddd/attachment.bin>

From rbrt_ryn at yahoo.com  Fri Aug  8 21:34:42 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Fri, 08 Aug 2008 22:34:42 -0600
Subject: [Enigmail] Test Message
In-Reply-To: <489D077E.8000409@yahoo.com>
References: <489D077E.8000409@yahoo.com>
Message-ID: <489D1E62.50100@yahoo.com>

Robert Ryan wrote:
> The last two messages I sent to the list never showed :-( This will be
> my last attempt before I contact the admin.

Ok, they finally showed. It just took about *3 hours* :-D

Once again let me apologize for the test post, I guess I was just being
impatient. I've never seen one of my post take that long to post.
Usually it's a minute or two at most.
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080808/cf6de1ca/attachment.bin>

From alaric at metrocast.net  Fri Aug  8 21:35:03 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sat, 09 Aug 2008 00:35:03 -0400
Subject: [Enigmail] Test Message
In-Reply-To: <489D1AC9.6080201@yahoo.com>
References: <489D077E.8000409@yahoo.com> <489D181A.6030100@metrocast.net>
	<489D1AC9.6080201@yahoo.com>
Message-ID: <489D1E77.4040307@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan wrote:
> Phil Stracchino wrote:
>> Well, this one worked.  
> 
> Strange :-\ I wonder where my other two messages went?
> 
>> But no signature.
> 
> Both my Sent Items copy and the message returned by the forum check
> valid on my end. I signed them with PGP/MIME, maybe your mail server
> stripping attachments?

Never mind, ignore that part .....  good signature, I just looked at it
in too much of a hurry too late at night while on heavy-duty painkillers  :p


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkidHncACgkQ0DfOju+hMkkf2gCfQmlCu0I42EPaSSACfyX9queX
aQAAn3kBuFtUSMnDgwVsjXX5PWaeiMo9
=GGkT
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug  8 22:04:34 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 09 Aug 2008 00:04:34 -0500
Subject: [Enigmail] New Enigmail user test
In-Reply-To: <489CB3B8.7030109@btopenworld.com>
References: <489BEF9C.7090709@btopenworld.com>	<489C6545.6010307@Mozilla-Enigmail.org>
	<489CB3B8.7030109@btopenworld.com>
Message-ID: <489D2562.9070800@sixdemonbag.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Simon Smithers wrote:
> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> hQIOA+lvQ8k/qQ2zEAf9Gz5CS/qLYJmcU58EydXtuokMh+X8YYHwhPqzDdJKg4pD

<moderator hat on>

*DO NOT* send encrypted messages to this list.  It's ridiculous, it
wastes bandwidth, and it accomplishes absolutely nothing.

<takes off hat>

-----BEGIN PGP SIGNATURE-----

iFYEAREIAAYFAkidJWIACgkQI4Br5da5jhAjrADcC7QopNNhQG2opBxyKK5uh3uj
VYNKTnX6LDonGgDgsMH2saq23g2NxPtNr34yT9SLmOmspRVZOuT6p4kBHAQBAQgA
BgUCSJ0lYgAKCRC3APSC/q+BCZgmB/91UOWhnN2iBU6T+nHaNDK3o7x2doKeY7l3
WfvBXFIM1qxhy5PxgGvzSSIO73Yo7BTSkmVxyU1C/VAPm0be/MDY5nJcdZp+mQ/B
ugbKcBRJRQEZ+coKIHrtCareed4gbiehoQk7ph0cz1lxJWYq5GVbhfBJ/ql025P4
i+3GM1QZYuQqFxQQDxmoAtcClf00GofpztdHhcxIJ3wPnd9HhWtXoFIGPGavZJbm
4oZEn5ankKfQvy1HdSoJ3Qkii4bfzpY0X3kG5+cEBEwIyYPHykYI0tXp3Feen8zC
ObtIXJuljDWNCG0LMSzyWi9cI1H6aC9YQHRoAbFcRoLEu8ehKVuy
=ErJS
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Fri Aug  8 22:11:15 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sat, 09 Aug 2008 00:11:15 -0500
Subject: [Enigmail] Test Message
In-Reply-To: <489D1E62.50100@yahoo.com>
References: <489D077E.8000409@yahoo.com> <489D1E62.50100@yahoo.com>
Message-ID: <489D26F3.7080709@Mozilla-Enigmail.org>

Robert Ryan wrote:
> Robert Ryan wrote:
>> The last two messages I sent to the list never showed :-( This will be
>> my last attempt before I contact the admin.
> 
> Ok, they finally showed. It just took about *3 hours* :-D
> 
> Once again let me apologize for the test post, I guess I was just being
> impatient. I've never seen one of my post take that long to post.
> Usually it's a minute or two at most.

Looking at the headers (Received), the delay was within Yahoo with their servers.

Happens quite a bit especially during peak usage times.

It's email, not an IM protocol. Please be patient.
-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080809/b40d574c/attachment.bin>

From faramir.cl at gmail.com  Fri Aug  8 23:34:55 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 09 Aug 2008 02:34:55 -0400
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489D3A8F.9020903@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

jae lee escribi?:
> Hello
> 
> This is my enigmail test.

  Good signature :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJInTqPAAoJEMV4f6PvczxAMd4IAJSgS7EJvpasWZ2fPQm1Xien
w9HnqpOXbNKrZKt6o+iPG9Kpi7x28Blr/ytHVrTTiEZPCVvmaDDU9wC0LnD7vhiO
o+N//4D3EZv2l6+4KoFgH7KoWlFTzP7XAQZsBjhwZMxeiRvI8GjaYwS5IWwpbhlK
jh7UTBz1WbGBSmFWMo2OXnuSlUnebpXkbYnPI809hwFA4GC4Gz4ddNi0alfTe8f3
EMBbIAVi9XjkiioDChNplJaoSQi1gXbfddHRqkF3akl2u5bB66UTv0Hw7sup9Zco
EHxgbe7AB3q8+qe9AJgWr162rAwilBgs8bXx2+EHQWdJVnd6skPldO86DfnBmvw=
=YEFR
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug  8 23:50:21 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 09 Aug 2008 02:50:21 -0400
Subject: [Enigmail] Test Message
In-Reply-To: <489D077E.8000409@yahoo.com>
References: <489D077E.8000409@yahoo.com>
Message-ID: <489D3E2D.4030107@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan escribi?:
> The last two messages I sent to the list never showed :-( This will be
> my last attempt before I contact the admin.

  You got a good signature verification this time...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJInT4tAAoJEMV4f6PvczxABlUH/3KcS3fvtudDN7Iokp5ovY+C
1AAfumbijkdTc2SMno05H1pXrp9Df7RyTu+KjzX7N4ceYQYsbX76NeRrrbERUgyp
ODGYNUOYtEpcwf60JaiMkk3HciGP6I1s+sm5DeF1/HcRb57Ftxbo8G5IBvmDj9wq
7wt59BHJqvjCRdcvetY4zl3Ompgl+scxRMqK853g6hCdg/TOFsQQqyU1FZYGKuvG
xSmIkcdwrO3PQAgVGyMNjTv2zjDBwk+vngrsfbo4/2zsnr4Z5cWWUuifIkzsytVh
uEypUMaiUnpUDbPlDSjs0i+vcv2PMjl6hSUMLlgVXDimoWuErmANIVALtdEzPI4=
=rzpG
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug  8 23:55:18 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 09 Aug 2008 02:55:18 -0400
Subject: [Enigmail] Test Message
In-Reply-To: <489D181A.6030100@metrocast.net>
References: <489D077E.8000409@yahoo.com> <489D181A.6030100@metrocast.net>
Message-ID: <489D3F56.3070309@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Phil Stracchino escribi?:
> Robert Ryan wrote:
>> The last two messages I sent to the list never showed :-( This will be
>> my last attempt before I contact the admin.
> 
> Well, this one worked.  But no signature.  If the previous tries were,
> this suggests either you're doing something wrong, or something along
> the route is eating signed mail.

  But... I'd swear I saw a right signature on that message...

Informaci?n de seguridad OpenPGPSIN CONFIANZA La firma de Robert Ryan
<rbrt_ryn at yahoo.com> es correcta
Id de clave: 0x3E5EFB06 / Firmada el: 08-08-2008 22:57
Huella de la clave: AF82 106E F011 82A8 799C A9FE F3EF B52F 3E5E FB06


  Yes, there was a signature...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJInT9WAAoJEMV4f6PvczxABPMH+gI8AA3V0eqYTpszvh/MH75s
wLi7YXy1ELHb5+nXW4p5+qq54vLIzwtvpuBPb5BMcYJ6rxlQlo9Bp3S6TZgPxIjt
C9YvHWg72J083i/hzb1ovMP7+VxoRWhKU1Q8YSY9+y029nX+rFmpn6MIw6wg3RUI
SPgzo09N3NxrTWk0qxEdmvNcwVbBePBoBGIYxoe4U50m+nf+cdARH3EoGP5AiM0M
zxBZZUOm+PgekBBqAaDRWfE/axdW2J7HK7k7Q42EdPowmEfLBgFkPKpBONdzve1K
UicFWtrIZwWcZjWKtnVbGtqEOYZl/qVy+bSnFdH+yw4E4fDrAlVkDVRpfJ/TYos=
=miUo
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug  8 23:58:29 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 09 Aug 2008 02:58:29 -0400
Subject: [Enigmail] Test Message
In-Reply-To: <489D1E77.4040307@metrocast.net>
References: <489D077E.8000409@yahoo.com>
	<489D181A.6030100@metrocast.net>	<489D1AC9.6080201@yahoo.com>
	<489D1E77.4040307@metrocast.net>
Message-ID: <489D4015.2010901@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Phil Stracchino escribi?:
> Robert Ryan wrote:
>> Phil Stracchino wrote:
>>> Well, this one worked.  
>> Strange :-\ I wonder where my other two messages went?
> 
>>> But no signature.
>> Both my Sent Items copy and the message returned by the forum check
>> valid on my end. I signed them with PGP/MIME, maybe your mail server
>> stripping attachments?
> 
> Never mind, ignore that part .....  good signature, I just looked at it
> in too much of a hurry too late at night while on heavy-duty painkillers  :p

  That is the reason why I use painkillers with caffeine (for headaches) :-P

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJInUAVAAoJEMV4f6PvczxAr5sH/3PyGP2jPmLWh/ZTvagwOhf1
9f5sIkFdGBkR+Q9Vua3h3ChbNPRPCcwSEumK/nkf2IGv5SCx6NRAJeWBPEasP0ir
hdj+hQXmVymAzJfks/InlWITQMczRW8Yc0gD6wzEfrJwieH3U2wEaPh0Na/5+up5
176PQFPEzkTNQOL/WToiXEwck+mrJb+XPFI9nSCYqRwy1cPz2H05AQFHtyCAb/zK
j315dFNBuErKFRu5HyB2gU0itfwRim7KzH2zInbiPOn+OLwKmXLInnoivpcIapvE
7GISKw7abWAvgQEJDdpndYUnAz/w4n3H9I4OYCEaKxJuBdXNcNSjhNHWSoStqY8=
=gJqH
-----END PGP SIGNATURE-----

From sean at rima.ws  Sat Aug  9 07:04:23 2008
From: sean at rima.ws (Sean Rima)
Date: Sat, 09 Aug 2008 15:04:23 +0100
Subject: [Enigmail] hello
In-Reply-To: <489CF272.6040406@sbcglobal.net>
References: <489CF272.6040406@sbcglobal.net>
Message-ID: <489DA3E7.1090808@rima.ws>

jae lee wrote:
> Hello
> 
> This is my enigmail test.
> 
> 

Looks good here

OpenPGP Security Info

Good signature from jae lee <lee937 at sbcglobal.net>
Key ID: 0x7CDF72F1 / Signed on: 09/08/08 02:27
Key fingerprint: 7DC1 926C 09A1 7C05 FA5D E09E 186E FA6F 7CDF 72F1


Sean


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 312 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080809/a2c7292a/attachment.bin>

From lee at fugal.net  Sat Aug  9 23:26:13 2008
From: lee at fugal.net (Lee Fugal)
Date: Sun, 10 Aug 2008 00:26:13 -0600
Subject: [Enigmail] Signed email test message
Message-ID: <489E8A05.2080105@fugal.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hello,

I just installed OpenPGP and Enigmail in Thunderbird.  I am new to 
encryption - but I'm trying to learn.

This email is a test of the "Sign Message" feature.  How did I do?  Did 
I get it right?

Thanks,

Lee Fugal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkieigQACgkQGFmM2mEpenSIEACfU3gxHx5iPgrgAfZWPCoVP9HC
+WYAnjH35JLNE9TapaTOcr0CMXlGSNzD
=wpxd
-----END PGP SIGNATURE-----


From John at Mozilla-Enigmail.org  Sun Aug 10 00:45:11 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sun, 10 Aug 2008 02:45:11 -0500
Subject: [Enigmail] Signed email test message
In-Reply-To: <489E8A05.2080105@fugal.net>
References: <489E8A05.2080105@fugal.net>
Message-ID: <489E9C87.3020806@Mozilla-Enigmail.org>

Lee Fugal wrote:
> Hello,
> 
> I just installed OpenPGP and Enigmail in Thunderbird.  I am new to 
> encryption - but I'm trying to learn.
> 
> This email is a test of the "Sign Message" feature.  How did I do?  Did 
> I get it right?

Partially. You're configured to sign, and it looks like it signed OK.

BUT,
  OpenPGP Security Info

  Error - signature verification failed

  gpg: Signature made 08/10/08 01:26:12 using DSA key ID 61297A74
  gpg: BAD signature from "Lee Fugal <lee at fugal.net>"

The most likely cause of this is that you have Format=Flowed enabled, and it is
(I checked your message headers).

Be sure your line width is set to something <= 80 chars (e.g. 72 chars)
and turn off Format=Flawed.

Add the following lines to your user.js (or set the configuration value using
the config editor in Thunderbird's Advanced preferences tab (about:config in
Seamonkey)

  user_pref("mailnews.send_plaintext_flowed", false);
  user_pref("mailnews.display.disable_format_flowed_support", true);

In the config editors, locate the mailnews.<whatever> value and click it to
change the value as indicated.


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080810/57bdad91/attachment.bin>

From lee at fugal.net  Sun Aug 10 16:05:26 2008
From: lee at fugal.net (Lee Fugal)
Date: Sun, 10 Aug 2008 17:05:26 -0600
Subject: [Enigmail] Signed email test message
In-Reply-To: <489E9C87.3020806@Mozilla-Enigmail.org>
References: <489E8A05.2080105@fugal.net>
	<489E9C87.3020806@Mozilla-Enigmail.org>
Message-ID: <489F7436.9090202@fugal.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Thanks for the input and help.  I changed the settings for

  user_pref("mailnews.send_plaintext_flowed", false);
  user_pref("mailnews.display.disable_format_flowed_support", true);

My line width was already set to 72 characters.  I looked for a setting
that would allow me to enable or disable format=flowed but could not
find it.  When I try to send the message I get a warning that my email
contains HTML information which may be lost when the message is changed
to plain text for signing/encryption.

I'll give it another try.  I hope this works better this time.

Lee Fugal



John Clizbe wrote:
> Lee Fugal wrote:
>> Hello,
>>
>> I just installed OpenPGP and Enigmail in Thunderbird.  I am new to
>> encryption - but I'm trying to learn.
>>
>> This email is a test of the "Sign Message" feature.  How did I do?  Did
>> I get it right?
>
> Partially. You're configured to sign, and it looks like it signed OK.
>
> BUT,
>   OpenPGP Security Info
>
>   Error - signature verification failed
>
>   gpg: Signature made 08/10/08 01:26:12 using DSA key ID 61297A74
>   gpg: BAD signature from "Lee Fugal <lee at fugal.net>"
>
> The most likely cause of this is that you have Format=Flowed enabled,
and it is
> (I checked your message headers).
>
> Be sure your line width is set to something <= 80 chars (e.g. 72 chars)
> and turn off Format=Flawed.
>
> Add the following lines to your user.js (or set the configuration value
using
> the config editor in Thunderbird's Advanced preferences tab
(about:config in
> Seamonkey)
>
>   user_pref("mailnews.send_plaintext_flowed", false);
>   user_pref("mailnews.display.disable_format_flowed_support", true);
>
> In the config editors, locate the mailnews.<whatever> value and click it to
> change the value as indicated.
>
>
>
> -------------------------
>
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkifdDUACgkQGFmM2mEpenSgkwCeObBnLvvp0wZ1NHetVoAXR+rr
+hkAnjahq1ZgrK1rQHwfMeZxFZY+1Yud
=kI4s
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080810/592ed7e6/attachment.html>

From John at Mozilla-Enigmail.org  Sun Aug 10 16:24:33 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sun, 10 Aug 2008 18:24:33 -0500
Subject: [Enigmail] Signed email test message
In-Reply-To: <489F7436.9090202@fugal.net>
References: <489E8A05.2080105@fugal.net>	<489E9C87.3020806@Mozilla-Enigmail.org>
	<489F7436.9090202@fugal.net>
Message-ID: <489F78B1.5090208@Mozilla-Enigmail.org>

Lee Fugal wrote:
> Thanks for the input and help.  I changed the settings for
> 
>   user_pref("mailnews.send_plaintext_flowed", false);
>   user_pref("mailnews.display.disable_format_flowed_support", true);
> 
> My line width was already set to 72 characters.  I looked for a setting
> that would allow me to enable or disable format=flowed but could not
> find it.  When I try to send the message I get a warning that my email
> contains HTML information which may be lost when the message is changed
> to plain text for signing/encryption.
> 
> I'll give it another try.  I hope this works better this time.

Lee,

The setting for disabling Format=Flawed has been hidden. You must use either a
user.js preferences file or make the change in the configuration editor under
Advanced preferences.

Please Disable HTML and try again. Inline signing will almost always fail to
verify with HTML messages.

OpenPGP Security Info

Error - signature verification failed

gpg: Signature made 08/10/08 18:05:25 using DSA key ID 61297A74
gpg: BAD signature from "Lee Fugal <lee at fugal.net>"


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080810/c2c70c94/attachment.bin>

From Iwillnotread_daniel at gmx.de  Mon Aug 11 03:16:59 2008
From: Iwillnotread_daniel at gmx.de (Daniel Kirsch)
Date: Mon, 11 Aug 2008 12:16:59 +0200
Subject: [Enigmail] Using the enigmail IPC library in another extension.
In-Reply-To: <mailman.328.1202895997.1122.enigmail@mozdev.org>
References: <mailman.328.1202895997.1122.enigmail@mozdev.org>
Message-ID: <g7p2jo$1iar$1@mozdev.mozdev.org>

John,
have you found a way?

I'm using XULRunner but cannot compile the library.

Thanks
Daniel


John Evans wrote:
> Hi,
> 
> Much like Patrick Brunschwig who posted here earlier this month, I am trying
> to use the IPC library from enigmail in my own extension.  I would prefer to
> not have to compile my own version if possible.  I seems to me that I should
> just be able to copy the .xpt and .dylib files (I am currently trying to get
> this working on OS X (ppc)) to the components directory of my extension and
> then start using them... but when I try, e.g. :
> 
> Components.classes['@
> mozilla.org/process/ipc-service;1'].getService(Components.interfaces.nsIIPCService)
> ;
> 
> I get the following error:
> 
> Components.classes['@mozilla.org/process/ipc-service;1'] has no properties
> 
> which makes it seem as if the components are not finding their way into the
> XPCOM registry.
> 
> I am not that familiar with Firefox/Mozilla/XPCOM/etc.  Am I missing
> something simple?  Is my assumption that I should be able to just copy the
> components directory over and access the ipc service straight away correct?
> Am I on the right track?
> 
> Thanks,
> -
> John
> 

From Larry.LeBeau at noaa.gov  Mon Aug 11 09:07:10 2008
From: Larry.LeBeau at noaa.gov (Larry LeBeau)
Date: Mon, 11 Aug 2008 17:07:10 +0100
Subject: [Enigmail] Enigmail and IMAP external caller
Message-ID: <48A063AE.1000807@noaa.gov>

Enigmail List,

I am the software developer for a utility written in Visual-Basic which 
uses MAPI Session/Message Controls (came with the compiler,  Version 
6.0) to generate emails.  When Thunderbird is open, it interfaces very 
well and email messages are sent accordingly.  However, a number of the 
users have now had Enigmail installed and the emails are failing. 

I have tested my own Enigmail installation and likewise outgoing emails 
fail with Enigmail installed, and work when it is not installed.  During 
my various attempts, I stumbled upon a configuration wizard (via the 
"Select Key..." button under Account Settings), but I can not seem to 
get back to it.  This wizard had a check box that referred to "IMAP 
parts" and something about allowing external execution.  I am inclined 
that this may be a key setting, but I can not seem to find any related 
info on the preference screens, or the web, so I am seeing if anyone can 
help me with finding that setting, or any other related advice or 
assistance.

Thanks in advance,
Larry LeBeau

-- 

Larry LeBeau
Senior Systems Analyst
Home Office: 717-225-9966
NOAA: 301-817-4544
SSAI - Support Contractor for the USMCC


From rbrt_ryn at yahoo.com  Mon Aug 11 10:49:55 2008
From: rbrt_ryn at yahoo.com (Robert Ryan)
Date: Mon, 11 Aug 2008 11:49:55 -0600
Subject: [Enigmail] Re-wrap signed HTML text before sending?
Message-ID: <48A07BC3.6010003@yahoo.com>

In the 'Sending tab of the OpenPGP preferences there is the option to
'Re-wrap signed HTML text before sending'. What does this setting
actually do?

If I check the box and then close/re-open the preferences the box will
clear by itself, i.e. it won't stay checked. Why?
-- 
Robert Ryan
rbrt_ryn at yahoo.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080811/834dab1b/attachment.bin>

From patrick at mozilla-enigmail.org  Tue Aug 12 06:46:40 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Tue, 12 Aug 2008 15:46:40 +0200
Subject: [Enigmail] Enigmail and IMAP external caller
In-Reply-To: <48A063AE.1000807@noaa.gov>
References: <48A063AE.1000807@noaa.gov>
Message-ID: <48A19440.6010901@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Larry LeBeau wrote:
> Enigmail List,
> 
> I am the software developer for a utility written in Visual-Basic which
> uses MAPI Session/Message Controls (came with the compiler,  Version
> 6.0) to generate emails.  When Thunderbird is open, it interfaces very
> well and email messages are sent accordingly.  However, a number of the
> users have now had Enigmail installed and the emails are failing.
> I have tested my own Enigmail installation and likewise outgoing emails
> fail with Enigmail installed, and work when it is not installed.  During
> my various attempts, I stumbled upon a configuration wizard (via the
> "Select Key..." button under Account Settings), but I can not seem to
> get back to it.  This wizard had a check box that referred to "IMAP
> parts" and something about allowing external execution.  I am inclined
> that this may be a key setting, but I can not seem to find any related
> info on the preference screens, or the web, so I am seeing if anyone can
> help me with finding that setting, or any other related advice or
> assistance.

The easiest way to get the OpenPGP Wizard again is to reset the
preference "extensions.enigmail.configuredVersion" in the Config Editor
of Thunderbird and then to restart Thunderbird.

But actually I doubt that this would help you. The preference regarding
"IMAP parts" is available in the "Advanced" tab of the OpenPGP
preferences (available if the option "Display expert settigs" is
enabled). However, that option is only for reading IMAP messages from
the server, it has nothing to do with sending messages.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSKGUQHcOpHodsOiwAQKzDggAnXv/DU77EAAzhMSwFPlC+JKrr5spZgFc
t+oQp2NwAGq2F5GDEgyGl+X8/sGyLo3Y4wunbuERQga5I4Hc2MZMa1X4O95so9xh
wGMQhjDZENRsG9KjCBZA+qI86LnTarOdgC5i7yQ4vsCzJhUoL0tnyjP+antmAxMK
dkGOilxV+27fVw6uPgyom+xKpbR+drYsAgMffQob7T0apTDTpCdHe6ExdrCzLrJW
j1YwUUWY98iM5bQe3PnVHs5hXOBpfUx7qc3sO4j/GsIE9fKKU60kVyv+2Yl8AdQd
2tRcbQikni7CFoAVbjUBLrAwyRtLm096IN3/5ci/4irbxkPxd4nfZg==
=iDQb
-----END PGP SIGNATURE-----

From patrick at mozilla-enigmail.org  Tue Aug 12 06:59:29 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Tue, 12 Aug 2008 15:59:29 +0200
Subject: [Enigmail] Re-wrap signed HTML text before sending?
In-Reply-To: <48A07BC3.6010003@yahoo.com>
References: <48A07BC3.6010003@yahoo.com>
Message-ID: <48A19741.4010103@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Ryan wrote:
> In the 'Sending tab of the OpenPGP preferences there is the option to
> 'Re-wrap signed HTML text before sending'. What does this setting
> actually do?

If you write messages with the HTML composer, then signed inline PGP
messages should be re-wrapped to avoid additional line breaks after the
signing process is done.

> If I check the box and then close/re-open the preferences the box will
> clear by itself, i.e. it won't stay checked. Why?

Because of a bug that I think will be fixed in the next release.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSKGXQHcOpHodsOiwAQI60AgAqxqwTDJk16dim1+AMjRkO3m65MK7XSsW
OHZzPyk2fxzODxlqIybQ+Mq6iCyc5j+uOmr8O7WPxhxZJuONiYtOIDLtu/v9s4e+
nEKQFte9x7ikbJgHkmNPsqE72+jfeqMhY2S+BPcywQZjgt7RgoH+1Hk07UGkHJUB
uCBcw4d/DlwCJDYNqpq4S8F/icu8vux68dKKY72XpKthD1nsu9jsBzkR9+zVUpFs
75B72Of6NNhmns9Jrf6FtFcf6hwYPY/LrOCtK4QBhMB9JD4Kq/SLmP7QMF789SQM
RO6F69KevAmhtwjglONT7qg+48VueBu/KdUBSspeCffR7VgDTOmAHQ==
=s/a6
-----END PGP SIGNATURE-----

From patrick at mozilla-enigmail.org  Wed Aug 13 08:19:53 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Wed, 13 Aug 2008 17:19:53 +0200
Subject: [Enigmail] [ANN] Enigmail v0.95.7 available
Message-ID: <48A2FB99.3030800@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have released Enigmail v0.95.7 for Thunderbird 2.0.x and Seamonkey 1.1.x

Changes
=======
Arabic and Slovak languages were added to the release; a wrong default
for "format=flowed" emails was corrected. Furthermore, there are several
fixes related to detecting gpg-agent on Windows.


Obtaining Enigmail
==================
Enigmail can be downloaded from <http://enigmail.mozdev.org/download.html>
The changelog is available from <http://enigmail.mozdev.org/changelog.html>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSKL7lncOpHodsOiwAQJrvggAiZum4yBoMwz9zhFmw/CFdR9N56yirv/E
/aXxD9c8upWGXQovqS0eSnB2w7J5FC2ntj9yBc3IMcNVtMCITf3lITWDQpzfFOat
EfbL2hIbAJLDFnYzinlCFihzspQfjAmtzlrM/EFEv9QmFrP/bL0ue5zvKFdual8T
c3oblNMSpj60bD0lbwU3/Dsv98Srt6mOPXC+QGIMoyotXYBv9G1kg7bhg3utqzA1
bAmPjd0nQBLk9/Q+Ejtr26GXGL5NxLABWa+3SxsG/OUTs9S98l9LNeaMqScG184k
V3R+NUPICicbxLAINkfkmFV2ikYAGHrMnv3+ckhD+yurCMtIvxCN5A==
=gN/3
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Wed Aug 13 18:36:26 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Wed, 13 Aug 2008 18:36:26 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A2FB99.3030800@mozilla-enigmail.org>
References: <48A2FB99.3030800@mozilla-enigmail.org>
Message-ID: <48A38C1A.40706@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Patrick Brunschwig wrote:
| I have released Enigmail v0.95.7 for Thunderbird 2.0.x and Seamonkey 1.1.x
Is Seamonkey more powerful than Thunderbird? (and, if so, is there a 
windows version)
|
| Changes
| =======
| Arabic and Slovak languages were added to the release; a wrong default
| for "format=flowed" emails was corrected. Furthermore, there are several
| fixes related to detecting gpg-agent on Windows.
|
|
| Obtaining Enigmail
| ==================
| Enigmail can be downloaded from <http://enigmail.mozdev.org/download.html>
| The changelog is available from 
<http://enigmail.mozdev.org/changelog.html>
- ---
Yesterday, Today, Tomorrow... Who knows?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkijjBcACgkQ21btHJTHnM2HZQCeJeP5mGXMQQniaxSIqakjiUYI
33UAoMSQ0EBLlfGJBMuiielZrodeEEQI
=nfd+
-----END PGP SIGNATURE-----


From rjh at sixdemonbag.org  Wed Aug 13 19:22:07 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 13 Aug 2008 21:22:07 -0500
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A38C1A.40706@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
Message-ID: <48A396CF.4080305@sixdemonbag.org>

Tom Hwy101 wrote:
> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a 
> windows version)

No.

Seamonkey is an all-in-one internet applications suite: web browser,
HTML authoring tools, mail client, etc.

Thunderbird is just a pure mail client.

Seamonkey's mail client is, essentially, Thunderbird.



From John at Mozilla-Enigmail.org  Wed Aug 13 19:41:18 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Wed, 13 Aug 2008 21:41:18 -0500
Subject: [Enigmail] Seamonkey or Thunderbird (was: OT: Off Topic)
In-Reply-To: <48A38C1A.40706@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
Message-ID: <48A39B4E.6030403@Mozilla-Enigmail.org>

Tom Hwy101 wrote:
> Patrick Brunschwig wrote:
> | I have released Enigmail v0.95.7 for Thunderbird 2.0.x and Seamonkey 1.1.x
> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a 
> windows version)

Seamonkey is the integrated suite, what was once known as Netscape and then Mozilla.

More powerful? Can't say. Seamonkey 1.1.x is the same code base as Thunderbird
and FireFox 2.0.x. I can say it's is more integrated. The major difference one
sees is how much of the underlying app is exposed by the chrome. TB/FF tends to
be more minimalist.

You'll have to try it and decide for yourself. YMMV.

It's available for all the platforms you'll find Firefox and Thunderbird installers.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 654 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080813/7548a536/attachment.bin>

From theophoretos at gmail.com  Wed Aug 13 21:47:52 2008
From: theophoretos at gmail.com (lawrence chin)
Date: Wed, 13 Aug 2008 21:47:52 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A38C1A.40706@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
Message-ID: <48A3B8F8.8040007@gmail.com>

Tom Hwy101 wrote:
> Patrick Brunschwig wrote:
> | I have released Enigmail v0.95.7 for Thunderbird 2.0.x and Seamonkey
> 1.1.x
> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a
> windows version)
> |
> | Changes
> | =======
> | Arabic and Slovak languages were added to the release; a wrong default
> | for "format=flowed" emails was corrected. Furthermore, there are several
> | fixes related to detecting gpg-agent on Windows.
> |
> |
> | Obtaining Enigmail
> | ==================
> | Enigmail can be downloaded from
> <http://enigmail.mozdev.org/download.html>
> | The changelog is available from
> <http://enigmail.mozdev.org/changelog.html>
> ---
> Yesterday, Today, Tomorrow... Who knows?
>
Tom, I imported your public key and your signature verification failed
on my Enigmail here. I don't know why. Any idea?
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail




From original.hwy101 at gmail.com  Wed Aug 13 21:54:15 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Wed, 13 Aug 2008 21:54:15 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A3B8F8.8040007@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
	<48A3B8F8.8040007@gmail.com>
Message-ID: <48A3BA77.10406@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
lawrence chin wrote:
| Tom Hwy101 wrote:
|> Patrick Brunschwig wrote:
|> | I have released Enigmail v0.95.7 for Thunderbird 2.0.x and Seamonkey
|> 1.1.x
|> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a
|> windows version)
|> |
|> | Changes
|> | =======
|> | Arabic and Slovak languages were added to the release; a wrong default
|> | for "format=flowed" emails was corrected. Furthermore, there are 
several
|> | fixes related to detecting gpg-agent on Windows.
|> |
|> |
|> | Obtaining Enigmail
|> | ==================
|> | Enigmail can be downloaded from
|> <http://enigmail.mozdev.org/download.html>
|> | The changelog is available from
|> <http://enigmail.mozdev.org/changelog.html>
|> ---
|> Yesterday, Today, Tomorrow... Who knows?
| Tom, I imported your public key and your signature verification failed
| on my Enigmail here. I don't know why. Any idea?
Not sure - Could it be that I am 'NOT' Signed Yet? -if that isn't it, I 
will have to Defer to the PROs Here! GURUs, Please...
- ---
(\___/)
(='.'=) This is Bunny. Copy and paste bunny into your
(")_(") signature to help Bunny gain world domination!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkijunUACgkQ21btHJTHnM0OBgCeI2pPocdf3aQl6XgwRJ97MAK2
BvkAoLdGgUY+6JZPXtU7tLVi87q86mTJ
=Pm0G
-----END PGP SIGNATURE-----


From gllona at gmail.com  Wed Aug 13 22:06:19 2008
From: gllona at gmail.com (Gorka LLona)
Date: Thu, 14 Aug 2008 00:36:19 -0430
Subject: [Enigmail] GLLONA test 1
Message-ID: <48A3BD4B.7050009@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!
This is my first test with Enigmail.
I'm venezuelan, 36 years-old male.
Following info on Enigmail tutorial, I need some help until I feel
comfortable signing & encripting email.
Thanks, bye!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIo71LXLCDDDGUQ5IRAp5UAJ4339Cr748GuN9wPbSvRtPV2Yh+FQCaA7pw
QAsDoL8zHh0SLTydN2Nzeds=
=8ZZG
-----END PGP SIGNATURE-----

From bjtasker at btasker.me.uk  Wed Aug 13 23:48:03 2008
From: bjtasker at btasker.me.uk (Bernard Tasker)
Date: Thu, 14 Aug 2008 07:48:03 +0100
Subject: [Enigmail] GLLONA test 1
In-Reply-To: <48A3BD4B.7050009@gmail.com>
References: <48A3BD4B.7050009@gmail.com>
Message-ID: <48A3D523.4030300@btasker.me.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

OK Here:

OpenPGP Security Info

UNTRUSTED Good signature from Gorka LLona <gllona at gmail.com>
Key ID: 0x31944392 / Signed on: 14/08/2008 06:06
Key fingerprint: 75E2 7F67 1EF8 F329 3847 5568 5CB0 830C 3194 4392

- -------------------------------------------------------

Bernard Tasker



- -------------------------------------------------------




Gorka LLona wrote:
> Hello!
> This is my first test with Enigmail.
> I'm venezuelan, 36 years-old male.
> Following info on Enigmail tutorial, I need some help until I feel
> comfortable signing & encripting email.
> Thanks, bye!
> 
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkij1SMACgkQqPQ3uX5O/PcybACfVe1GBJsVdJR64S2Jmgxx8qaN
npwAn0w3kmeaUZYrGhejOTMS2d4+Teca
=EXsU
-----END PGP SIGNATURE-----


From rbrtryn at gmail.com  Thu Aug 14 04:48:37 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 14 Aug 2008 05:48:37 -0600
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A3B8F8.8040007@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
	<48A3B8F8.8040007@gmail.com>
Message-ID: <48A41B95.1020209@gmail.com>

lawrence chin wrote:
> Tom, I imported your public key and your signature verification
> failed on my Enigmail here. I don't know why. Any idea?

Tom's eMail still had 'format=flawed' enabled:

Content-Type: text/plain; charset="us-ascii"; Format="flowed"

Updating to version 0.95.7 of Enigmail will solve this, or he can turn
it off in the config editor.
-- 
Robert Ryan
rbrtryn at gmail.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080814/c9aa2799/attachment.bin>

From rbrtryn at gmail.com  Thu Aug 14 04:59:47 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 14 Aug 2008 05:59:47 -0600
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A3BA77.10406@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org>
	<48A38C1A.40706@gmail.com>	<48A3B8F8.8040007@gmail.com>
	<48A3BA77.10406@gmail.com>
Message-ID: <48A41E33.90309@gmail.com>

Tom Hwy101 wrote:
> Not sure - Could it be that I am 'NOT' Signed Yet? -if that isn't it, I 
> will have to Defer to the PROs Here! GURUs, Please...

*Please* trim the excess text from your responses and separate it from
the quoted text with a blank line. It will make your eMails a lot easier
to read :)
-- 
Robert Ryan
rbrtryn at gmail.com

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080814/ac4e7b51/attachment.bin>

From original.hwy101 at gmail.com  Thu Aug 14 05:11:18 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Thu, 14 Aug 2008 05:11:18 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A41B95.1020209@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org>
	<48A38C1A.40706@gmail.com>	<48A3B8F8.8040007@gmail.com>
	<48A41B95.1020209@gmail.com>
Message-ID: <48A420E6.7040403@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Robert Ryan wrote:
> lawrence chin wrote:
>> Tom, I imported your public key and your signature verification
>> failed on my Enigmail here. I don't know why. Any idea?
>
> Tom's eMail still had 'format=flawed' enabled:
>
> Content-Type: text/plain; charset="us-ascii"; Format="flowed"
>
> Updating to version 0.95.7 of Enigmail will solve this, or he can turn
> it off in the config editor.
Hmmmmmmmmmmmmm *Running Enigmail version 0.95.7 (20080808) :-)
*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkikIOMACgkQ21btHJTHnM3kUACeISZpoqxnZuv5RSDIvfODpdKU
y0IAoITDaGamJqzgQAEwA2vESM68ZqS8
=AI+u
-----END PGP SIGNATURE-----


From jmoore3rd at bellsouth.net  Thu Aug 14 08:33:39 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 14 Aug 2008 11:33:39 -0400
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A420E6.7040403@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org>	<48A38C1A.40706@gmail.com>	<48A3B8F8.8040007@gmail.com>	<48A41B95.1020209@gmail.com>
	<48A420E6.7040403@gmail.com>
Message-ID: <48A45053.1060905@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> Hmmmmmmmmmmmmm *Running Enigmail version 0.95.7 (20080808) :-)

And Your Signature Verifies:

Good signature from Tom - Hwy101 (Typical - P2G) <original.hwy101 at gmail.com>
Key ID: 0x94C79CCD / Signed on: 8/14/2008 8:11 AM
Key fingerprint: 4B6D 6D06 C3F6 7392 AA03 138B DB56 ED1C 94C7 9CCD

JOHN ;)
Timestamp: Thursday 14 Aug 2008, 11:33  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIpFBSAAoJEBCGy9eAtCsPMt4H/jn4SezFnBYLCQ5xkIurPc7m
3gpLm9+t1nmnPQAfhkZaQbCl+yw2uvZIljNpqJupBDJVAyUruvX58EsmRIAh4WHl
uSlZKG5XllukZUmaDGDV6vlKa2NSgVisy6FfP8Z+SSdtJxyCRYRHNbH1FpJlAzmx
qT8dHzDKZ+8blgfud1R2ZJ757GqJuXgcMHcFsq7DgZCqYX6pDGRJJglcJxrgqSrb
6aYm29lMiMwuSv7obIo73WfgMrbLfF/PKid0n8c/BfXDq8V8zbMsvXfVbJ3eJVwp
IlqIrup1sYYqIzFrMJkPwlatZIEZvInEKj7EPBm6EjuUHZ0ujt74XBiq305fSGk=
=HZPM
-----END PGP SIGNATURE-----

From ldc at lrcressy.com  Thu Aug 14 10:54:21 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Thu, 14 Aug 2008 13:54:21 -0400
Subject: [Enigmail] GLLONA test 1
In-Reply-To: <48A3BD4B.7050009@gmail.com>
References: <48A3BD4B.7050009@gmail.com>
Message-ID: <48A4714D.90605@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Gorka LLona wrote:
> Hello!
> This is my first test with Enigmail.
> I'm venezuelan, 36 years-old male.
> Following info on Enigmail tutorial, I need some help until I feel
> comfortable signing & encripting email.
> Thanks, bye!
> 

Looks good to me :-)

gpg reported good signature and it was nice that you put your public key
on a key server.

gpg: Signature made Thu 14 Aug 2008 01:06:19 AM EDT using DSA key ID
31944392
gpg: Good signature from "Gorka LLona <gllona at gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the
owner.
Primary key fingerprint: 75E2 7F67 1EF8 F329 3847  5568 5CB0 830C 3194 4392

- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSKRxTHlsxrSGsIsqAQjJVA//Zp6XZ/lBcwJCqgy2wyi2rKM8qMXFw38m
0ZBITmubVaVRn7Xf7uzslkRV2tDGyrFc2MOU3chC/JT/ujE2p63L/z0EPs8Eb4c8
e5ovFf9fHm4s6umXIzCSk5W8/TdjJkUQhJT4owUS0wF2XpDXBfny3laMIGMyOk+Q
wT68PYn3sijA5xBBGZjO/ELi3PvdZr5UA9m4i+jIjIjNFIkQ24+SPwCaizQHmkx7
XMhsRmEWZ3c1oboV5wfWcHp1LDmNAPwP9kw4Dmo0qm45sh5Mm6rC1chFTM22SGJO
TqcQ6G5S8PVoikxvxyUi9add5S7UYZ3sFrgA17MmTt9jCSyvtIi7rb1lw6ba+JDa
qPFact7+y60xI9mEtxr+45C6mMtLmEuja1JL1agWHgezoXRXSzk9x6mIlyo1y30f
iU8PYqPa4jpVtDOszOr1XrY5Uqcv8ucLOH1m0nOT4fIaiHoP/0ivEgAuOSpLwIiN
z3vRGXHFeeUvocyUxhgEHENecqQ1NXVJEGtH1NW8nOyfiwvA0ea7Gnb5+ZBc7NPz
VSROpHPgVICH0QpZZr+J1ttPDwQ/933DwPI533/Qi0M+f+IvwFS9wUyI5256lszB
M0lVDOep3E6BwhB8DX7AZBkicUYboMtSz/pVvhQuMmaEb9ZEKkP60apVGID7rREb
4bU8+m0YQiw=
=uC2J
-----END PGP SIGNATURE-----

From rasmith1959 at yahoo.com  Thu Aug 14 11:49:56 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Thu, 14 Aug 2008 13:49:56 -0500
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A38C1A.40706@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
Message-ID: <48A47E54.5000206@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Tom Hwy101 wrote:
> Patrick Brunschwig wrote:
> | I have released Enigmail v0.95.7 for Thunderbird 2.0.x and
> Seamonkey 1.1.x
> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a
> windows version)

SeaMonkey is basically Firefox and Thunderbird combined into one
application along with a HTML editor and a IIRC client.  If you're
familiar with Mozilla, then you already know what SeaMonkey is, and
yes there is a Windows version available.

_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail



- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQIcBAEBAgAGBQJIpH5UAAoJEG7cp55ZD5UOlM4P/i4w8mHBP+KFQnjk4XIbj4TC
ekAHL0LjYyLnnKtCb/ml+vm3f2TRNImmMOn4ZShIffR2wXnibUlUEKgjAGlbNvcU
cvI/beOtJewRODlrd80aQlq3pUgMHw5Q4uzBuivKGqBT4Jf6AeWtEL0jjZQBnc9z
eoPcKylfJyiWNmr/feS3DmKmTvT0dAVTxjbzy3CkixSVWMtPglhnpsNJ5Eq+4jBK
BZ+Rt4ie5VhinuJkGXoOkbKDeLMuqNx2YX5m0VTQ7GsTKHCGpeKw5seY7zHAifin
g1Ztv9FiV20jF7LiS76Ik4Jb1r/Kwp6nmpqiLzZ1kY28MYsrqXsejJUojfkOKuhW
CXRMka92SSgkYZ2nqeDxo0mFE4CkB6nlUpfW+LfAhon5dkK+XP7emV9g6bpGUJ9Y
bZVKfG7LmJxpFQuQ5wEmvFC9fZA244XcSmmoGfmmUml3xtXzGFlLWDHo1cUhbTif
CIIRDHWFj2kdDssxI20Tqxl/SHgl3fGtlH1oBRqr3+q3iCTIdAMxLgTIOT1Hselr
6jCuOMsHp/xXpbu/PBDLS/sq305vXbKI6WHeKo1RkWuTCo26vPyOYt0vgBeJc3QK
rvGBPJ9cUrHDR5EZKMnPiKDaOO/IzxJsSU25TqvdQPuZde6a0uKOPROFBG/KKyG6
LDYDBN9NsspGxLfVkrUn
=uNYp
-----END PGP SIGNATURE-----


From original.hwy101 at gmail.com  Thu Aug 14 19:24:25 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Thu, 14 Aug 2008 19:24:25 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A45053.1060905@bellsouth.net>
References: <48A2FB99.3030800@mozilla-enigmail.org>	<48A38C1A.40706@gmail.com>	<48A3B8F8.8040007@gmail.com>	<48A41B95.1020209@gmail.com>	<48A420E6.7040403@gmail.com>
	<48A45053.1060905@bellsouth.net>
Message-ID: <48A4E8D9.2030002@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
John W. Moore III wrote:
> Tom Hwy101 wrote:
>
>> Hmmmmmmmmmmmmm *Running Enigmail version 0.95.7 (20080808) :-)
>
> And Your Signature Verifies:
>
> Good signature from Tom - Hwy101 (Typical - P2G)
> <original.hwy101 at gmail.com> Key ID: 0x94C79CCD / Signed on:
> 8/14/2008 8:11 AM Key fingerprint: 4B6D 6D06 C3F6 7392 AA03 138B
> DB56 ED1C 94C7 9CCD
>
> JOHN ;) Timestamp: Thursday 14 Aug 2008, 11:33  --400 (Eastern
> Daylight Time)

Thanks John - It just took Your Wonderful Tutelage to get me to this
Point - Again, Thank You! Best Regards, Tom
- ---
Good design is a lot of hair pulling
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkik6NcACgkQ21btHJTHnM3OlgCgjLjI95V17SCg/pB2mOhIOF61
ZTYAn3VI7XYJWPXGxBXpO0QKLHCp4TWk
=L7IS
-----END PGP SIGNATURE-----


From faramir.cl at gmail.com  Thu Aug 14 19:45:22 2008
From: faramir.cl at gmail.com (Faramir)
Date: Thu, 14 Aug 2008 22:45:22 -0400
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A38C1A.40706@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
Message-ID: <48A4EDC2.8000503@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Tom Hwy101 escribi?:

> Is Seamonkey more powerful than Thunderbird? (and, if so, is there a
> windows version)

  As far as I know:
Thunderbird: mail and news client.
FireFox: Browser
Seamonkey: Browser+mail and news client (NOT Thunderbird+Firefox)

  Yes, there are official versions of Seamonkey for Windows, Mac OS X,
and linux, and unofficial versions for other systems.

  See http://www.seamonkey-project.org/

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIpO3CAAoJEMV4f6PvczxAzdUH/AlNkbq16QTLw/Xrl2/Usewe
w0YJcrC7ClhgDsj90dR8Ooa0w2Gwp36ct8Na8zQEU8aXpIYgOn8K7k++eDsb8Ie2
e5bsjSyYPv1ZlQp+3xEP6A0G1epbcXO1wbM1qaks2rHND/FL1lZSQLjsX2ODa1kY
/6HNu8FFXULlyNAbuq25GC1oKFV404gIS7HF3pnsrowxlDyxw2BrG/mJzFhOEt1v
aVoihcKYgzlLiYuZGZJtrw4xL9o9ofdKVDmqmxfBq0/svaQt9uswQD2mYdMtKHcc
URPvXDV6QSGsxP6iusZf2QFbyrzvSE26Xn3cd9WRIXQuZ0DhSlVMwYFtl1DPfKw=
=GW6P
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Thu Aug 14 19:52:02 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Thu, 14 Aug 2008 19:52:02 -0700
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A4EDC2.8000503@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org> <48A38C1A.40706@gmail.com>
	<48A4EDC2.8000503@gmail.com>
Message-ID: <48A4EF52.8080205@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Faramir wrote:
> Tom Hwy101 escribi?:
>
> > Is Seamonkey more powerful than Thunderbird? (and, if so, is there a
> > windows version)
>
>   As far as I know:
> Thunderbird: mail and news client.
> FireFox: Browser
> Seamonkey: Browser+mail and news client (NOT Thunderbird+Firefox)
>
>   Yes, there are official versions of Seamonkey for Windows, Mac OS X,
> and linux, and unofficial versions for other systems.
>
>   See http://www.seamonkey-project.org/
>
>  Best Regards

Thanks Faramir
- ---
Dear Borg Queen, You can Assimilate me Anytime! Futile is My Middle Name.
              Yours, Very Soon I Hope, JLP
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkik71EACgkQ21btHJTHnM3ftgCeMnNfja8gMihjU7/DFJYtIGYC
fWwAoIyj6bRKMUJgsxiR2OXBFXEwHNYY
=+ziN
-----END PGP SIGNATURE-----


From rjh at sixdemonbag.org  Thu Aug 14 20:43:36 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 14 Aug 2008 22:43:36 -0500
Subject: [Enigmail] OT: Off Topic
In-Reply-To: <48A4EF52.8080205@gmail.com>
References: <48A2FB99.3030800@mozilla-enigmail.org>
	<48A38C1A.40706@gmail.com>	<48A4EDC2.8000503@gmail.com>
	<48A4EF52.8080205@gmail.com>
Message-ID: <48A4FB68.6050709@sixdemonbag.org>

Tom Hwy101 wrote:
> Thanks Faramir

<moderator hat on>

The following is meant for the entire list, not just Tom.

*Trim your quotes.*

In the message I just cited, 17 lines of someone else's text were quoted
and the poster contributed just two words.  While we try very hard to be
tolerant and welcoming of new people, 17 lines of text just to add two
words is ... well ... excessive by any reasonable standard.

We don't like rapping the ruler over people's knuckles, but apparently a
lot of people simply are not getting the message.

Trim your quotes.  Period.  Thank you.

</moderator hat>

From theophoretos at gmail.com  Fri Aug 15 23:38:21 2008
From: theophoretos at gmail.com (lawrence chin)
Date: Fri, 15 Aug 2008 23:38:21 -0700
Subject: [Enigmail] enigmail portable on usb
Message-ID: <48A675DD.4010604@gmail.com>

I have a question. How do you get Enigmail portable on a USB flash drive
so that you can use it on a public computer? Or is it not possible?

Thanks Lawrence

From faramir.cl at gmail.com  Sat Aug 16 00:12:00 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 16 Aug 2008 03:12:00 -0400
Subject: [Enigmail] enigmail portable on usb
In-Reply-To: <48A675DD.4010604@gmail.com>
References: <48A675DD.4010604@gmail.com>
Message-ID: <48A67DC0.4060902@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

lawrence chin escribi?:
> I have a question. How do you get Enigmail portable on a USB flash drive
> so that you can use it on a public computer? Or is it not possible?

  It is very possible... however, consider using a public computer means
that computer can have keylogers, etc... so... it is a security risk.
However, you are the one that must decide to use or not to use it.

http://portableapps.com/apps/internet/thunderbird_portable  (that is
where to get portable thunderbird)

http://portableapps.com/support/thunderbird_portable#encryption  (GPG
for portable thunderbird)

And that is all (well, you need enigmail, but it works exactly the same
way for normal thunderbird and for portable tb).

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIpn3AAAoJEMV4f6PvczxAzksH/01IfdBxkS3bRx1pin/lPpLR
eYpeMKIHOd8y+9IZvxB68TjKHPf79gKFfLNwDh15VsYuJqosij4JhdkKV4qOnkS0
d60cY8wp85+Y8x3sDU2Ml6zCFQG1Y5MnFRv3esXDxoKQtS9RgA1fpRw6KnIaPCtj
xtH1dHXQX4Jdbjp1UEv5vNYuwTSc8Yck/nPQgYsCF/A53zZUF1NYs2REzXaLrCWV
zcD1+KNKUKaT21x+eVJZV7aqMp9SL21hjN9UoXOI+pUfsUqlgXNdXaBVphM+tclD
MyfxePLcU8+bzWMB3cLKX2ZMsYWt/TnxgkIbAnKBj+tt8K/UiGFpDlBYoMcXosw=
=fTYR
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 16 01:07:20 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 16 Aug 2008 03:07:20 -0500
Subject: [Enigmail] enigmail portable on usb
In-Reply-To: <48A675DD.4010604@gmail.com>
References: <48A675DD.4010604@gmail.com>
Message-ID: <48A68AB8.7050005@sixdemonbag.org>

lawrence chin wrote:
> I have a question. How do you get Enigmail portable on a USB flash drive
> so that you can use it on a public computer? Or is it not possible?

Possible but _very_ inadvisable.  Our position is that Enigmail should
not be used computers you don't control.  If you don't have physical
security, you don't have any security.

That said, Google for "Portable Apps" and you'll get pointed in the
right direction.


From floeff at gmail.com  Sat Aug 16 03:03:03 2008
From: floeff at gmail.com (Florian Effenberger)
Date: Sat, 16 Aug 2008 12:03:03 +0200
Subject: [Enigmail] automatic disabling of format=flowed
Message-ID: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>

Hello,

it seems that recent versions of Enigmail disable format=flowed
automatically again, at least that's what happened to me when I
upgraded to 0.95.7. As I mostly use it for deciphering e-mails and not
for signing myself, I'd like to turn off this behaviour.

I remember that once there existed an option in prefs.js to disable
the automatic change of the format=flowed setting by Enigmail, but I
can't find it anymore. Am I wrong?

Thanks
Florian

From shawnjones20 at gmail.com  Sat Aug 16 12:46:01 2008
From: shawnjones20 at gmail.com (Shawn)
Date: Sat, 16 Aug 2008 15:46:01 -0400
Subject: [Enigmail] Testing my new PGP configuration.
Message-ID: <48A72E79.9040303@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

My name is Shawn and I am testing my new PGP configuration. Please
advise if sucessfull.

Thanks in advance,
Shawn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIpy55kF8Z2zt4j3MRAuqvAJ9hpxoulDdMrCx+MLDhYYQBCi4VtwCfTZSO
LGd/mS+kpbAmwo1HtUXGBOU=
=E7yY
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 16 21:05:53 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 17 Aug 2008 00:05:53 -0400
Subject: [Enigmail] Testing my new PGP configuration.
In-Reply-To: <48A72E79.9040303@gmail.com>
References: <48A72E79.9040303@gmail.com>
Message-ID: <48A7A3A1.4050907@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Shawn wrote:
> Hello,
> 
> My name is Shawn and I am testing my new PGP configuration. Please
> advise if sucessfull.

Apparently it is successful.  :-D

UNTRUSTED Good signature from Shawn <shawnjones20 at gmail.com>
Key ID: 0x3B788F73 / Signed on: 8/16/2008 3:46 PM
Key fingerprint: 624C 7250 AD68 96B8 7E21 E828 905F 19DB 3B78 8F73

JOHN ;)
Timestamp: Sunday 17 Aug 2008, 00:05  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIp6OfAAoJEBCGy9eAtCsP8EcH/2tz4rF81NJrgiU+Ec6DKtEm
3w9yma1rRNtL0eqXNIvNUUjs71jY8HPPiG1RgE3VG4q3R/gqPRsyuItbUJGrrTDh
4QowINWxw+Onl5nbWJ0WDD5suN4dvCKI+ilVyXJGRRZM0apEtQXBlPDNFzH5ybaO
+HlidLk1bD2hkq98FokZkCjPYuhnrO8nJmgrjN8Kd6PEWmRhVs0MoLhfs3tF9KTV
IRGKTSVFQse0+D3/zWJZr7vqvFwnU3xJd8I6g2G5J88D8oob4u9jOUfO3G0+sf1r
vK9RfC6QV29zXtl0gdH03zwb2JVRLWlX/XdBFZBG/4DqMNcjtrEt6iNOqUQfuTU=
=qgBB
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Sat Aug 16 21:08:12 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Sat, 16 Aug 2008 22:08:12 -0600
Subject: [Enigmail] Testing my new PGP configuration.
In-Reply-To: <48A72E79.9040303@gmail.com>
References: <48A72E79.9040303@gmail.com>
Message-ID: <48A7A42C.5010405@gmail.com>

Shawn wrote:
> My name is Shawn and I am testing my new PGP configuration. Please
> advise if sucessfull.

UNTRUSTED Good signature from Shawn <shawnjones20 at gmail.com>
Key ID: 0x3B788F73 / Signed on: 8/16/2008 1:46 PM
Key fingerprint: 624C 7250 AD68 96B8 7E21 E828 905F 19DB 3B78 8F73
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080816/17551651/attachment.bin>

From John at Mozilla-Enigmail.org  Sat Aug 16 21:19:45 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sat, 16 Aug 2008 23:19:45 -0500
Subject: [Enigmail] Testing my new PGP configuration.
In-Reply-To: <48A72E79.9040303@gmail.com>
References: <48A72E79.9040303@gmail.com>
Message-ID: <48A7A6E1.3060408@Mozilla-Enigmail.org>

Shawn wrote:
> Hello,
> 
> My name is Shawn and I am testing my new PGP configuration. Please
> advise if sucessfull.

OpenPGP Security Info
UNTRUSTED Good signature from Shawn <shawnjones20 at gmail.com>
Key ID: 0x3B788F73 / Signed on: 8/16/2008 2:46 PM
Key fingerprint: 624C 7250 AD68 96B8 7E21 E828 905F 19DB 3B78 8F73

It's nice to see folks who pay attention to that bit about sending keys to a
keyserver.

Well done.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080816/acc78760/attachment.bin>

From olav at mozilla-enigmail.org  Sun Aug 17 09:36:56 2008
From: olav at mozilla-enigmail.org (Olav Seyfarth)
Date: Sun, 17 Aug 2008 18:36:56 +0200
Subject: [Enigmail] First time using Enigmail
In-Reply-To: <4895FB62.6040106@gmail.com>
References: <4895FB62.6040106@gmail.com>
Message-ID: <48A853A8.3030103@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Aaron,

> Is it a good idea to create 2 email accounts, a sender and a reply-to
> email account to reduce on spam?

IMHO: No. Reason is that you usually want users to be able to search your
key on a server using your (valid and therefore spammable) email address.

Olav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard
Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html

iEYEAREIAAYFAkioU6cACgkQL/NBt8fdKe03LQCfYjyq4XiPx2AZX/5DuM96raRn
+IUAnRcmZ9xBdS8Mx6B8/YCnHoPai+V+
=GKzK
-----END PGP SIGNATURE-----

From olav at mozilla-enigmail.org  Sun Aug 17 09:39:16 2008
From: olav at mozilla-enigmail.org (Olav Seyfarth)
Date: Sun, 17 Aug 2008 18:39:16 +0200
Subject: [Enigmail] Photo Attachments
In-Reply-To: <4897EC73.10906@bellsouth.net>
References: <4897EC73.10906@bellsouth.net>
Message-ID: <48A85434.4000903@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Angel,

> Please correct me if I am wrong, but it looks like if a non enigmail
> user sends an inline photo attachment, it becomes unusable.
> 
> If they were received prior to the install of enigmail and you wish to
> forward, they will also be hosed.

at least I didn't get the point. What exactly is your problem?

Olav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard
Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html

iEYEAREIAAYFAkioVDMACgkQL/NBt8fdKe1MigCgveY9qSvJY8cGcl7OXHL2SOeu
HPgAnjvjtu7GBLPHC3tUDEsWZz6WyC0h
=p/wg
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug 17 09:49:17 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 17 Aug 2008 12:49:17 -0400
Subject: [Enigmail] Photo Attachments
In-Reply-To: <48A85434.4000903@mozilla-enigmail.org>
References: <4897EC73.10906@bellsouth.net>
	<48A85434.4000903@mozilla-enigmail.org>
Message-ID: <48A8568D.3000907@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Olav Seyfarth wrote:

>> Please correct me if I am wrong, but it looks like if a non enigmail
>> user sends an inline photo attachment, it becomes unusable.

If it was Encrypted to Your Key then You will be able to Open the File,
Attachment, whatever.  Enigmail is merely a Frontend for GnuPG.  If You
saved the Encrypted Email and then Installed Enigmail; Opening the Email
with Enigmail /should/ allow You to Decrypt the Attachment _if_ it was
encrypted to Your Key.

>> If they were received prior to the install of enigmail and you wish to
>> forward, they will also be hosed.

Anytime an Encrypted Email, File or Attachment is Forwarded then if the
Recipient wasn't Encrypted to they will be Unable to Open the File.

HTH

JOHN ;)
Timestamp: Sunday 17 Aug 2008, 12:49  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIqFaLAAoJEBCGy9eAtCsP0nwH/0vF0FZ2GM8NnT/ClUIvEiva
DT2yoOu7IBH1iQuf8p1PGZhoWKt4fuNZq5NUovHvIMmJbr3jMCVnxYwtz6r+vcfn
2TUfGJM4zsEh4xSJYkU8Ka+4M9JprqjJ4VQ1D6a6NCmcuG1HMZnyWqFAAPKYZ5ap
+sDoX0ycLvLzDSIrQc22A1xo3WTNbo0i5FaRJFfwTWYAeSwVRm1P7vhD+/ZzPAQ3
RumMCL3/ZzEnUoEZq1NgRaW7yAbHuvpbxqgzKNZdUOdOXGDhPA64loBco/unGXr3
E21e40JUyN9uhqU2SclK4RwGjEz6/ix1z4Kb342QXKp2uqC/BI2t5bfIpSO4lI4=
=K9FK
-----END PGP SIGNATURE-----

From olav at mozilla-enigmail.org  Sun Aug 17 10:00:30 2008
From: olav at mozilla-enigmail.org (Olav Seyfarth)
Date: Sun, 17 Aug 2008 19:00:30 +0200
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
Message-ID: <48A8592E.4050309@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Florian,

> it seems that recent versions of Enigmail disable format=flowed
> automatically again, at least that's what happened to me when I
> upgraded to 0.95.7. As I mostly use it for deciphering e-mails and not
> for signing myself, I'd like to turn off this behaviour.
> 
> I remember that once there existed an option in prefs.js to disable
> the automatic change of the format=flowed setting by Enigmail, but I
> can't find it anymore.

"(menu) -> Tools -> Options -> Advanced (section) -> General (tab) ->
- -> (bottom) Advanced Configuration -> Config Editor (button)"
opens "about:config" in Thunderbird. There, type 'flowed' into the
"Filter:" entry field. Yields the two options you are looking for.

Olav

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard
Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html

iEYEAREIAAYFAkioWS0ACgkQL/NBt8fdKe01qgCfWG9371hdWHWMBiVr+wD+ZokU
llwAn2u3AnXi2GR4Q15sqJgPKpCkiLi9
=Zn2c
-----END PGP SIGNATURE-----

From floeff at gmail.com  Sun Aug 17 10:21:20 2008
From: floeff at gmail.com (Florian Effenberger)
Date: Sun, 17 Aug 2008 19:21:20 +0200
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <48A8592E.4050309@mozilla-enigmail.org>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
	<48A8592E.4050309@mozilla-enigmail.org>
Message-ID: <eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>

Hi Olaf,

> "(menu) -> Tools -> Options -> Advanced (section) -> General (tab) ->
> - -> (bottom) Advanced Configuration -> Config Editor (button)"
> opens "about:config" in Thunderbird. There, type 'flowed' into the
> "Filter:" entry field. Yields the two options you are looking for.

thanks! I did modify that indeed, but was under the impression that it
got changed back to disabled format=flowed after upgrading to the
newest version of Enigmail... anyone can confirm that? seems to work
at the moment, though.

Florian

From jmoore3rd at bellsouth.net  Sun Aug 17 10:26:43 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 17 Aug 2008 13:26:43 -0400
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>	<48A8592E.4050309@mozilla-enigmail.org>
	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
Message-ID: <48A85F53.3030201@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Florian Effenberger wrote:

> thanks! I did modify that indeed, but was under the impression that it
> got changed back to disabled format=flowed after upgrading to the
> newest version of Enigmail... anyone can confirm that? seems to work
> at the moment, though.

Confirmed!  Per both the Announcement & Change Log/Release Notes the
_latest_ version of Enigmail, 0.95.7, /Disables/ format=flowed.  This
was in large part to the volume of requests received for specific
instruction on how to disable due to failure of Sig Verifications.

JOHN ;)
Timestamp: Sunday 17 Aug 2008, 13:26  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIqF9SAAoJEBCGy9eAtCsPisYH/20GBZnB5UHMBSYrKwoqdhVy
PFimt9yvU/Wb+rMpT/SD63/aOf0B3qmO1aWPqM5DqJusHSRXIIiOsyFyrgdCTc2o
ii08j05Udyzbym45hIBTNZWbM7faICPnq+B5Qix7MYkuqJWej6zeo0J2wHI3TdS1
buoGNChvbvui8qwA4qKane6D/fPbobqnHxy7DZ2zcPkNluaB2tLQV3Jv3kx3KpsA
unffCb499TMXA/Z9qJy+s3HroqnfVZo2ZFAISZU0qt1UENnh0/b2mxU8WxdB1T/6
oFuOopEIJvE8Vmgb/jlaLig3HZjAs1yEZQrMSFXXfSDuVUIXB6CVjPhgGQWglO8=
=lprJ
-----END PGP SIGNATURE-----

From floeff at gmail.com  Sun Aug 17 10:33:46 2008
From: floeff at gmail.com (Florian Effenberger)
Date: Sun, 17 Aug 2008 19:33:46 +0200
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <48A85F53.3030201@bellsouth.net>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
	<48A8592E.4050309@mozilla-enigmail.org>
	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
	<48A85F53.3030201@bellsouth.net>
Message-ID: <eea901cd0808171033x3ff3d4f6r56e764aa50b3c575@mail.gmail.com>

Hi John,

> Confirmed!  Per both the Announcement & Change Log/Release Notes the
> _latest_ version of Enigmail, 0.95.7, /Disables/ format=flowed.  This
> was in large part to the volume of requests received for specific
> instruction on how to disable due to failure of Sig Verifications.

can this behaviour be disabled by any means, like a user.js entry?

Florian

From rbrtryn at gmail.com  Sun Aug 17 10:42:41 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Sun, 17 Aug 2008 11:42:41 -0600
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <48A85F53.3030201@bellsouth.net>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>	<48A8592E.4050309@mozilla-enigmail.org>	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
	<48A85F53.3030201@bellsouth.net>
Message-ID: <48A86311.3060903@gmail.com>

John W. Moore III wrote:
> _latest_ version of Enigmail, 0.95.7, /Disables/ format=flowed.

Just for clarification: Does it just disable it during installation or
does Enigmail continuously keep it disabled?
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP key: http://tinyurl.com/6c6kwu

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080817/011ae392/attachment.bin>

From jmoore3rd at bellsouth.net  Sun Aug 17 10:47:35 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 17 Aug 2008 13:47:35 -0400
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <48A86311.3060903@gmail.com>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>	<48A8592E.4050309@mozilla-enigmail.org>	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>	<48A85F53.3030201@bellsouth.net>
	<48A86311.3060903@gmail.com>
Message-ID: <48A86437.5020802@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert Ryan wrote:
> John W. Moore III wrote:
>> _latest_ version of Enigmail, 0.95.7, /Disables/ format=flowed.
> 
> Just for clarification: Does it just disable it during installation or
> does Enigmail continuously keep it disabled?

My understanding [& experience] is that it only happens during the
Install.  You are free to Set it back after install and it will remain
that way.

JOHN ;)
Timestamp: Sunday 17 Aug 2008, 13:47  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIqGQzAAoJEBCGy9eAtCsPZPkH/iHJPVF7iHW8l7lYGhB7ftF9
A5Q35Dfl5Tz0tF1ISIFLUIIVyInYjWC5qIh04B7lqGpCo5WW3HRcgvaTkbycxDJG
fXw8a95dAONTRcq19Q49t3IYuvP9lWzA2CmfN8it5rZ+74NSmTuctFhag5LqbVrd
iSTdCFw6H33njAAGYRkP//P3hUJ62ssI7O0zno676ny+upFj2oH9vU9HjCV2ww/t
p6BeSdcE/P/SfVg8tWNaq0liAxR7P7i6jLabi4VWCEV+1VzUPz9lMjdQZeKoN7+E
xELDrOddDaFENjEB86YcrIXWUvSHcvbj9Ndyhg5SEeuwI4KB9IvMv7CBgrMe5gc=
=wiIq
-----END PGP SIGNATURE-----

From floeff at gmail.com  Sun Aug 17 10:51:07 2008
From: floeff at gmail.com (Florian Effenberger)
Date: Sun, 17 Aug 2008 19:51:07 +0200
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <48A86437.5020802@bellsouth.net>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
	<48A8592E.4050309@mozilla-enigmail.org>
	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
	<48A85F53.3030201@bellsouth.net> <48A86311.3060903@gmail.com>
	<48A86437.5020802@bellsouth.net>
Message-ID: <eea901cd0808171051p21c9d7bbs24fe0cfac3050c86@mail.gmail.com>

Hi,

> My understanding [& experience] is that it only happens during the
> Install.  You are free to Set it back after install and it will remain
> that way.

I'll have a look at it, maybe I was wrong, but I thought it had
changed also after installation. I'll get back to you if I can confirm
this error. ;-)

Thanks!
Florian

From faramir.cl at gmail.com  Sun Aug 17 22:53:43 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 18 Aug 2008 01:53:43 -0400
Subject: [Enigmail] Testing my new PGP configuration.
In-Reply-To: <48A72E79.9040303@gmail.com>
References: <48A72E79.9040303@gmail.com>
Message-ID: <48A90E67.3090803@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Shawn escribi?:
> Hello,
> 
> My name is Shawn and I am testing my new PGP configuration. Please
> advise if sucessfull.

Informaci?n de seguridad OpenPGPSIN CONFIANZA La firma de Shawn
<shawnjones20 at gmail.com> es correcta
Id de clave: 0x3B788F73 / Firmada el: 16-08-2008 15:46
Huella de la clave: 624C 7250 AD68 96B8 7E21 E828 905F 19DB 3B78 8F73

(your signature is valid. It is shown as untrusted since I don't know
you and I have not signed it, but that is not a malfunction at all).

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIqQ5nAAoJEMV4f6PvczxAfa8H/AuYMRRBhEtz7HZmsDwxxwY0
LOsLQJGKRbmohwd5nqPQze1VhS54XVpFZ/z2BwZW5Z2NqA+zg7akjvePnzDPN6ga
ntteOyY/zKFPHNO4cGCz8Be2S6KiBlZwtKKjpWgDj3O8Y3NUmIRmMrdpdIwUk0Ng
KWcGLwrnQq8RzPUnTJgdu1aVAChBNjzJKyajhpErModd9Wr7oHog3NHOP26fxV1f
vszGtUsXUkhJcKY4VISlpbrReISU2qb1AOr1LdlaIap9/BQQXzV/DjtGR0Pld9YP
aRMpPkM6LlATcMIFtRTDrw3m5D65jRKK8o7DLXvFgQW6I0FnzNTyRQMYfd0ow6w=
=ddDr
-----END PGP SIGNATURE-----

From lee937 at sbcglobal.net  Mon Aug 18 03:32:37 2008
From: lee937 at sbcglobal.net (jae lee)
Date: Mon, 18 Aug 2008 05:32:37 -0500
Subject: [Enigmail] Portable Thunderbird + gnupg + enigmail problem.
Message-ID: <g8bj4a$jhg$1@mozdev.mozdev.org>

Hello

I have installed portable thunderbird 2.0.0.16 on my USB flash drive.  I
have also installed GPG_for_Thunderbird_Portable_1.4.9.  I have finally
added extension enigmail-0.95.7-tb+sm to my Thunderbird.   However
extension is crashing my Thunderbird.  If I don't use the extension, my
Portable Thunderbird works fine.  Is anyone encountering the same error?

From lee937 at sbcglobal.net  Mon Aug 18 05:44:52 2008
From: lee937 at sbcglobal.net (jae lee)
Date: Mon, 18 Aug 2008 07:44:52 -0500
Subject: [Enigmail] Portable Thunderbird + gnupg + enigmail problem.
In-Reply-To: <g8bj4a$jhg$1@mozdev.mozdev.org>
References: <g8bj4a$jhg$1@mozdev.mozdev.org>
Message-ID: <g8bqs9$199l$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

jae lee wrote:
> Hello
> 
> I have installed portable thunderbird 2.0.0.16 on my USB flash drive.  I
> have also installed GPG_for_Thunderbird_Portable_1.4.9.  I have finally
> added extension enigmail-0.95.7-tb+sm to my Thunderbird.   However
> extension is crashing my Thunderbird.  If I don't use the extension, my
> Portable Thunderbird works fine.  Is anyone encountering the same error?

never mind.  It was due to lack of space on my USB drive.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkipbsQACgkQGG76b3zfcvGvJACfW08RJG2F1Ik0Sez+g9S/VeeX
i3EAoNIJVyAYCkbSOSA23hUmgYd6xTXM
=JVUo
-----END PGP SIGNATURE-----

From Endgame59 at comcast.net  Tue Aug 19 12:31:01 2008
From: Endgame59 at comcast.net (Endgame)
Date: Tue, 19 Aug 2008 13:31:01 -0600
Subject: [Enigmail] I just got Enigmail and need some help
Message-ID: <48AB1F75.6010801@comcast.net>

Hi all

I just got enigmail and need some help from one of you.  I have very
little experience in this but I was told you are a nice group of people
and that someone would be willing to help me out.  I'm pretty sure thing
are installed correctly but I have no one to correspond with while I
learn how to use the program.

I hope someone will help

Thanks
Phil

From jmoore3rd at bellsouth.net  Tue Aug 19 12:44:24 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 19 Aug 2008 15:44:24 -0400
Subject: [Enigmail] I just got Enigmail and need some help
In-Reply-To: <48AB1F75.6010801@comcast.net>
References: <48AB1F75.6010801@comcast.net>
Message-ID: <48AB2298.7060400@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Endgame wrote:

> I just got enigmail and need some help from one of you.  I have very
> little experience in this but I was told you are a nice group of people
> and that someone would be willing to help me out.  I'm pretty sure thing
> are installed correctly but I have no one to correspond with while I
> learn how to use the program.

You obviously 'hear' from very bright folks.  :-D

By all means, feel free to Contact Me directly and I'll be glad to assist.

1st: Have You uploaded Your Public Key to a Keyserver?  I suggest using
hkp://pool.sks-keyservers.net

2nd: Once You have Uploaded Your Key begin by 'Signing' Posts so that
others may acquire Your Key.

Looking forward to hearing from Ya.

JOHN ;)
Timestamp: Tuesday 19 Aug 2008, 15:44  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIqyKUAAoJEBCGy9eAtCsPzQsH/i2eW5B9BO4HVCZo6uCaLhnb
DqnBCxMUb6589ubh8i8kkpopBJCEGWodlZVwNELN1YA+bYh+Blv/i1PEmKOuBOdJ
PQZBIXyQK+rLeGTwsDpcgaim/odJWu76JDuMRTFtUqHKxpk8pl4uR0GnKE8vzpl8
m4dvAL3llXlCzGSLI9bTZp+D164iOnfm+Z591omjbBlC8TnO3voDarqkmDd5xtzy
DCfTsTYi5190MKzGmkPI09LpfwNH3U1YYJtzvPBPHNQwrPCQ/zXu313OBRz3lR25
zFsPV9BvAul3WJa5VOzls5uAdrxkEoOohQlpEXO1VpXdy8paWmhlMRStPliUCPg=
=RM3n
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Tue Aug 19 13:44:05 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Tue, 19 Aug 2008 14:44:05 -0600
Subject: [Enigmail] I just got Enigmail and need some help
In-Reply-To: <48AB1F75.6010801@comcast.net>
References: <48AB1F75.6010801@comcast.net>
Message-ID: <48AB3095.40406@gmail.com>

On 8/19/2008 1:31 PM, Endgame wrote:
> Hi all

Welcome :)

> I just got enigmail and need some help from one of you. 

Feel free to email me direct. My keys are up on the keyservers or you
can use the link below.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080819/b6c203bc/attachment.bin>

From schubi at schubiserv.de  Tue Aug 19 13:52:01 2008
From: schubi at schubiserv.de (Florian Schubert)
Date: Tue, 19 Aug 2008 22:52:01 +0200
Subject: [Enigmail] I just got Enigmail and need some help
In-Reply-To: <48AB1F75.6010801@comcast.net>
References: <48AB1F75.6010801@comcast.net>
Message-ID: <48AB3271.7050602@schubiserv.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo Endgame or Phil,

for testing and training you can use the gnupg testingroboter with the
following E-mail address, adele at gnupp.de .
First send the "roboter" your openkey, OPENKEY!, via E-mail.
The roboter answers you like an real correspondence partner, sending an
E-mail, crypt with your openkey. And he gives you his openkey, so you
can crypt an E-mail with his openkey to him...

For more information about adele look to the following link:
http://www.gpg4win.org/handbuecher/einsteiger_8.html

The information on this link are in germane.
Please, don `t understand me wrong when I only write over an "roboter"
which can help you. But I think it is an good option.

Gr??e

Florian

PS: I am sorry for my bad English.

Endgame schrieb:
> Hi all
> 
> I just got enigmail and need some help from one of you.  I have very
> little experience in this but I was told you are a nice group of people
> and that someone would be willing to help me out.  I'm pretty sure thing
> are installed correctly but I have no one to correspond with while I
> learn how to use the program.
> 
> I hope someone will help
> 
> Thanks
> Phil
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 

- --

Florian Schubert

50? 55' 11'' n?rdliche Breite, 6? 57' 37'' ?stliche L?nge

E-Mail: schubi at schubiserv.de

www.schuberts-medienhandel.de


Diese E-Mail wurde digital signiert. Falls Ihr E-Mail-Programm nicht
?ber die notwendigen Pr?ffunktionen verf?gt, ignorieren Sie bitte die
angeh?ngte Signaturdatei. Ein verschl?sselter und signierter
Datenaustausch sollte jedoch auch in Ihrem Interesse sein.

<-------------------------====Signatur_und_Verschl?sselung====----------------------->

openPGP, PGP:
- -------------

Hauptsignierschl?ssel ID / Fingerprint:

0x3B58B711 / 9F09 B873 8A6B 8C8F 70EE  A2A1 EAB0 8A98 3B58 B711


Zeitangaben:

Erstellungsdatum: 29.09.2007

Verfallsdatum: niemals


G?ltiger PGP Schl?ssel download per Keyserver ?ber folgenden Link:

http://pgpkeys.pca.dfn.de/pks/lookup?fingerprint=on&hash=on&op=index&search=0x3b58b711

<---------------------------------------------------------------------------------->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQIVAwUBSKsycOqwipg7WLcRAQJ4tA//VQ2OBDo7XGxCuv/7aYfG80+jHdGAnzcT
hkAW0wZcn6NRD7mEuhMx7t4IXcY1wR/ALwjOr9JxPaZkxZdLBqaslQyJngwXf5Dz
2NYXgQN/ypPzHLTzzk4lhMbpA55L54uOoFaDTDDp/hkzdq2WzRa0Onmx9b3YIRLH
f4IsVgxWwlVoRpDz0oy2d6ERKIjEV0wm6rbM5KBquFbxbcUf+GgiwqhnJ3IQZz5r
M85zDdsnfc71290aVto1H4iUJd2WOy3HPz8HqSbOQBJI6NqECVjnj/k+79gNEpTw
zyfyVR9tEMcVFPDrTyDu0wm2lixo5w9wSfi+P6X+/uiKtvnfTQffcX/1Rnt8Lsw7
0gXM9HnPi3aiP5BN5RdJzLAt1TYWlL/8WY5u4q4KEfvSbUl9fdA0YogOhugz+AJJ
UFNa66LEIJrbMrHr5iPrpE59QeOyr6DNbvqzRO66yS9LQwlXcL6eDk9bU3rAL07H
1TW5gXZ2UKZNw1EukdwfYphRC/a11tSa2/Y52xGwtzFuLH+UplvJcDgGJ5yK8PIM
aCSLmd9duVWzVLgwV31u8zR5EJHeGpJpGVwEtVpYKKGD/NJ8sQ1YeF8WLH4hUpOy
n1aTHVoZUszzz/rMydtULxN91UwQdaLuJSc0oyG4rS3wzY+fu3bG7W+e23dyZESp
nmdYHHCNznc=
=4eI/
-----END PGP SIGNATURE-----

From schubi at schubiserv.de  Tue Aug 19 14:48:09 2008
From: schubi at schubiserv.de (Florian Schubert)
Date: Tue, 19 Aug 2008 23:48:09 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
Message-ID: <48AB3F99.1090404@schubiserv.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo,

I`m using enigmail with thunderbird on winXP and opensuse. Profile
running on fat32 partition without any problems.
Only enigmail 0.95.7 extension have some problem. Under winXP the way to
gnupg, gpg.exe, is found automatically by the system. And enigmail is
running fine. :)
But naturally, I think, the aim of gpg.exe of winXP can not be the same
for opensuse and so enigmail really do not run on suse, on my suse.

Can anyone help or tell that he/she has the same mistake?

Thanks

Florian
- --

Florian Schubert

50? 55' 11'' n?rdliche Breite, 6? 57' 37'' ?stliche L?nge

E-Mail: schubi at schubiserv.de

www.schuberts-medienhandel.de


Diese E-Mail wurde digital signiert. Falls Ihr E-Mail-Programm nicht
?ber die notwendigen Pr?ffunktionen verf?gt, ignorieren Sie bitte die
angeh?ngte Signaturdatei. Ein verschl?sselter und signierter
Datenaustausch sollte jedoch auch in Ihrem Interesse sein.

<-------------------------====Signatur_und_Verschl?sselung====----------------------->

openPGP, PGP:
- -------------

Hauptsignierschl?ssel ID / Fingerprint:

0x3B58B711 / 9F09 B873 8A6B 8C8F 70EE  A2A1 EAB0 8A98 3B58 B711


Zeitangaben:

Erstellungsdatum: 29.09.2007

Verfallsdatum: niemals


G?ltiger PGP Schl?ssel download per Keyserver ?ber folgenden Link:

http://pgpkeys.pca.dfn.de/pks/lookup?fingerprint=on&hash=on&op=index&search=0x3b58b711

<---------------------------------------------------------------------------------->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQIVAwUBSKs/meqwipg7WLcRAQJ1Vw/9H2fZ8TizLfNyWwhmie7bV7WuI5dAFG8W
nu+m0NoFLpKfuyopuSwxfRZEoMt5MWf1qUe1C1ID5KUhk/c0c3PFHi3q3sM3as35
Fj/bXY+8Kd6NTn/jYXtbUZ9tVWzHEdS/OydH/gRuOpgJ7pSPDI3vNDqtpJpvPTHB
GV/T2BSUZAdlc/lWIAuCqkxb/V1tg7iKLVF4LP1cFgbAfWWSM6bn8ev/v25cLeB/
VKxdZYys20kZ5WxNEcqvhe4cMzbL8RGccwAZW1Ui8m3Nx5/4spVHjpKnIRIixDzv
wTYx6WYNVegh0kPA36hiAvjt3J0dpG3UVdcHNobQ34bgv329UPx7qCO7iguc2ceS
B09/HbGY+q2TRjGBoax7c4kv+MKZL/AgTEGn9uevk3weDy+Bcuh+KBkoHAs4+x20
uAtUo6ZEhzNR0Sp5CK9IvpmCAOp73V3FTiytLm4LeJ1GymHGfcdlI7RUeESbhFy4
3D6d3tTQtJZ/pjQbXPFFnxEb2ATTx3i05AiOA0j9IV5g/dDZJoYqY7IpodCt1RtR
djFSVg7U9o+BCA2TSy+pMnUJccaE90Qd/YllrPgkdyfYa6WfE67Oy/fXkTOwuCVU
6XciSXMEL/RtK4kk7WGwbyaOg3yoNoczjOnSphwUgWWD3XdI4eAa7FlFOquWt7i1
7/ndDCtLxdk=
=O45o
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Tue Aug 19 15:24:30 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Tue, 19 Aug 2008 18:24:30 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB3F99.1090404@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>
Message-ID: <48AB481E.5080606@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Florian Schubert wrote:

> But naturally, I think, the aim of gpg.exe of winXP can not be the same
> for opensuse and so enigmail really do not run on suse, on my suse.
> 
> Can anyone help or tell that he/she has the same mistake?

Open the OpenPGP -> Preferences and at the top of the first Tab there is
a box where You can Set the Path to gpg.exe

Hopefully, this will solve Your problem.

JOHN ;)
Timestamp: Tuesday 19 Aug 2008, 18:24  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4812: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIq0gcAAoJEBCGy9eAtCsPs90H/1MefI+AqxmbM0sm90eA8Y0T
dR93IG3FFFrVD4obIbjXCU7ynri6O5SyzVo4BN5KEp3PYl1h+YdaVvGGXL2kC8bX
8ZA9WGmHHzKfAF+jcvny+ecggAMpa1fkIAYp/TV1F2iSmcyudEYnCU21bc6ewf0w
qiOv+R9NtKBjXXFMoXC09fS23Scm3ynUTDXqUEh9zbzbvZ0kTI0C4cWEscMRIK2C
YcCzhLT6+M3XsZfDxztpK5KANrNEzFaVJ/XGBAAEdJHCLUY14f5R4/bxCe2/8uc9
2Le1kVSilwGBLWom9Jac3/ol37ToXJTOsL1xm/HWUnKKDXZz1agi0WbUirUSZcA=
=7ZoB
-----END PGP SIGNATURE-----

From wastekonto at yahoo.se  Tue Aug 19 16:34:39 2008
From: wastekonto at yahoo.se (Waste)
Date: Wed, 20 Aug 2008 01:34:39 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB481E.5080606@bellsouth.net>
References: <48AB3F99.1090404@schubiserv.de> <48AB481E.5080606@bellsouth.net>
Message-ID: <48AB588F.7040109@yahoo.se>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III skrev:
> Florian Schubert wrote:
> 
>> But naturally, I think, the aim of gpg.exe of winXP can not be the same
>> for opensuse and so enigmail really do not run on suse, on my suse.
> 
>> Can anyone help or tell that he/she has the same mistake?
> 
> Open the OpenPGP -> Preferences and at the top of the first Tab there is
> a box where You can Set the Path to gpg.exe
> 
> Hopefully, this will solve Your problem.
> 
> JOHN ;)
> Timestamp: Tuesday 19 Aug 2008, 18:24  --400 (Eastern Daylight Time)
_

And to find out where pgp binaries are on opensuse, if you don't already
know, run this command in a shell (terminal):

whereis gpg

______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3369 (20080819) __________

The message was checked by ESET NOD32 Antivirus.

    part000.txt - is OK

http://www.eset.com




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10-svn4809 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIq1iPAAoJEIjrKyJ4MaoKUj0P/17nPJcRdlCL3Sh7fx2yG/W2
XPh6tK+FQgZD3YLkRBMzOqsZtkhkd1h4le9rTKdhQ7GOclTy6xalelLI64o0K6jW
5o/Vm/Fl2fpTXnxC+pgvsjDRqLK5glliuhqdjgBLmu86+1Er1gTtiv3dBD61vW17
pRyOUfFKUkYeV31MwODouo55MWx2VwFw8zmHi5otrJvcA6C57bWvtbP/OeBQ+tCZ
nWP8usz//xWUkuzsCWEPkgK0yEWt8TpaGzfg50NoCP3QjGfrNcZ5mqMgNXkwYggH
0PQDwNAmiNsSZrY0cXIfi9GtGtZsoJCFDMr/FBGnvR9xaM498CA7RuEn3Aavk989
xVCSuX87uxJopKmKWTZwke6/1r8Ur0jfGRJnorJtVscuLl6ceun79jZSJl3oRzyW
jPCPZS7d7Y+C7yVf2zh/lFvPLjt2yeEzvxEqJK0MoW2MdF14LYJ1od1jdw01Myi7
XOVzAG280JxcWBO9RMPbjesxpX+nKCg3WGRhHtM420rfRZ1ZzmXLpqxdKFw3GegO
JAqd0MqO0KA5xV4CMwMwNjrJ9KDrzNosaYZ8gPey++SoBw/qTIwtBQ8PvFVpF+Vs
hCWxCchx7SePHL0ZBFAnw/MwfGvf2EMuQS2OuQvMFwq0hJaR5DMeFQrBB7jLXnuF
8bN25d3+CRMx/f6kw3jX
=SK6j
-----END PGP SIGNATURE-----

From ldc at lrcressy.com  Tue Aug 19 18:53:22 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Tue, 19 Aug 2008 21:53:22 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB3F99.1090404@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>
Message-ID: <48AB7912.9060002@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Florian Schubert wrote:
> Hallo,
> 
> I`m using enigmail with thunderbird on winXP and opensuse. Profile
> running on fat32 partition without any problems.
> Only enigmail 0.95.7 extension have some problem. Under winXP the way to
> gnupg, gpg.exe, is found automatically by the system. And enigmail is
> running fine. :)
> But naturally, I think, the aim of gpg.exe of winXP can not be the same
> for opensuse and so enigmail really do not run on suse, on my suse.

opensuse is a linux based operating system which does not use exe files
for executables.  The best way to install enigmail on any distribution
is to use the suse enigmail package that is a rpm file.  I think suse
currently uses the apt system so you can use the command:

apt-cache search enigmail

to find the correct package name.

apt-get install package-name

will install the package and any other required packages.

I hope that this helps :-)
> 
> Can anyone help or tell that he/she has the same mistake?
> 
> Thanks
> 
> Florian
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSKt5EHlsxrSGsIsqAQhhgQ/+IQQMmpI1n/UMCzJc18mfbUvlbLhwhh5+
32NKRxXM2Inf7ngo2Oi0zJKXjBk2pCUQZbexnxvzr7kFzE83v7CmqLu17lAD0i+/
RtbU+4F5LySyFyRW68UKUmjVfiSYv8f+mJxn0d3wzi+hXSBuxIdNn8ZeGG8YGOiJ
eTZOliHIjwqVGKqyOSP8Np1ijAZkdvjE7qBhIfNdV4Ufd9NVeLaoio6tQVZIFeum
GiTFcKv3vrY7X1XGOsnLzNDXMbbRWwCtMwb19ZVGC38AnH2Z+ttp4965Wy660cws
anrOVn6mgjKvftYCE3zZJ2w9IYLFhNGuSSZs3pu8mquTTH0dcwl9m9O9c+fcW9ED
lZrQH2M1FM3ZgEsCSoJjOzhd9Uei4TPCkRyApA5HmOOg58vfa/K39ah0oivFs6/l
xbYASgELPMZUstJRlGRDaFuDP6ZqwBuISTD9u7ZhwY2nwotO5G/CLozXrV8nindK
xQo4svyg9XPEfCyVBYdwSNFU0n8q0gmutgdoc2QcmuKkcekzWnsfeZQ4bzB5Zy+q
vRhuu82P/iVUSENfpWr0Ch5uUbfYJZqz87LvDcAABoGlpverdQ6vUsueCUMmu5mk
bUiT7S4X58XNmNiSlsYbtwWlWR+Tg4fvNTR6rCjhJt1JtwkxtHXLV1A2Pd7TGv8i
aMs5sOvPaDs=
=Z71M
-----END PGP SIGNATURE-----

From wastekonto at yahoo.se  Tue Aug 19 19:21:41 2008
From: wastekonto at yahoo.se (Waste)
Date: Wed, 20 Aug 2008 04:21:41 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB7912.9060002@lrcressy.com>
References: <48AB3F99.1090404@schubiserv.de> <48AB7912.9060002@lrcressy.com>
Message-ID: <48AB7FB5.5070508@yahoo.se>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LeRoy Cressy skrev:
> 
> apt-cache search enigmail
> 
> to find the correct package name.
> 
> apt-get install package-name
> 
> will install the package and any other required packages.
> 
> I hope that this helps :-)

apt is used on debian dists, like Debian, Ubuntu, Knoppix etc.
There is packages that simulate apt on OpenSUSE though. But SUSE based
dists use Yast by default.

Use "whereis gpg" (without the apostrophises) to search where the binary
is placed and then point to the path in enigmail.

OpenSUSE documentation:
"whereis Report all known instances of a command"


_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3369 (20080819) __________

The message was checked by ESET NOD32 Antivirus.

    part000.txt - is OK

http://www.eset.com




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10-svn4809 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIq3+1AAoJEIjrKyJ4MaoKjvIP/RCQdLg6HgOsk04AldCDba7Q
3VSovXqDYm1Wp30FiEo0uRT7IKZ69qX98KYeRhZh/AgruS9gZrnkSoWwWCeJ6AwD
03/QHsL4NX+ZoISzkIep1+NjPFkoIpqlPk3hkXyWrq4XpMUtP9P+ErW6VuLbqWPY
jamrABkDoolHQtbedy/jlEhYoXlvcrAJhP7U6Gpk8Ahqjl7Zxrz/X3M1GQZi8cpq
kvJ9ERDC8et2ln5uFjsGIqPQ7eWE7AtsXggZTV79IZ0JEAxCLjbGVi1tvOSEbROc
FLmRAbAaFaBCmppthGU/UYTaoKJRT8ijkkI0yMvSkCXUABoGNoC0SlO9KwuJ1CZ5
edWoV4sk2B9Eb0wSI7WgkLGLQJPoaDkXXLuoSJD7JzM2WTgQ7/zufTOrE7Q7sH5p
01V4QguvIP9NiWD3PB3hF9Dk2J3u+ijskbq6Kjjm/GJHKl3ifTFnRCmgIk8zz/ng
8fD8Lot9rN2KyUwO8RTyNheev5cZL4bUUjUfuiOesP6UMGR2uO7ApuQdgSjzrSS3
cR+LRntJoPW2ptwJJ2jE5O1esyM4FglniKOYFcoJjEyFq291kyqi4P/jIw/zYrZ7
Zs3ul8rtn/DhVPsRj8QiROdls+X0sXIoxlGX8bacOXRUIiMyZGvoRDbSWigZac4K
ZHfSTZBVw3wB4Nk20M57
=Sg/c
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Tue Aug 19 20:40:41 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Tue, 19 Aug 2008 22:40:41 -0500
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB3F99.1090404@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>
Message-ID: <48AB9239.4020901@Mozilla-Enigmail.org>

Florian Schubert wrote:
> Hallo,
> 
> I`m using enigmail with thunderbird on winXP and opensuse. Profile
> running on fat32 partition without any problems.
> Only enigmail 0.95.7 extension have some problem. Under winXP the way to
> gnupg, gpg.exe, is found automatically by the system. And enigmail is
> running fine. :)
> But naturally, I think, the aim of gpg.exe of winXP can not be the same
> for opensuse and so enigmail really do not run on suse, on my suse.
> 
> Can anyone help or tell that he/she has the same mistake?

While everyone else is being helpful trying to help you sort out the path to the
gpg executable, the simple answer is that you can't share profile directories
between operating systems.

That is not to say that you can not share files and even full directories within
a profile. I've done it several times with the suite (Seamonkey and Mozilla
prior) so I know how much work it is. Best to only share the mail, news and imap
folders.

I can read my mail on any one of the machines her in the house/office.
At ~10GB, there's one copy of it.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080819/4cb52dff/attachment-0001.bin>

From patrick at mozilla-enigmail.org  Tue Aug 19 23:00:24 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Wed, 20 Aug 2008 08:00:24 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB9239.4020901@Mozilla-Enigmail.org>
References: <48AB3F99.1090404@schubiserv.de>
	<48AB9239.4020901@Mozilla-Enigmail.org>
Message-ID: <48ABB2F8.9080505@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:
> Florian Schubert wrote:
>> Hallo,
>>
>> I`m using enigmail with thunderbird on winXP and opensuse. Profile
>> running on fat32 partition without any problems.
>> Only enigmail 0.95.7 extension have some problem. Under winXP the way to
>> gnupg, gpg.exe, is found automatically by the system. And enigmail is
>> running fine. :)
>> But naturally, I think, the aim of gpg.exe of winXP can not be the same
>> for opensuse and so enigmail really do not run on suse, on my suse.
>>
>> Can anyone help or tell that he/she has the same mistake?
> 
> While everyone else is being helpful trying to help you sort out the path to the
> gpg executable, the simple answer is that you can't share profile directories
> between operating systems.
>
> That is not to say that you can not share files and even full directories within
> a profile. I've done it several times with the suite (Seamonkey and Mozilla
> prior) so I know how much work it is. Best to only share the mail, news and imap
> folders.


I don't quite agree with this. These days (not speaking of former
Mozilla 1.x times, and not speaking of SeaMonkey before 2.0) you can
easily share profiles on Windows and Linux, with the following restrictions:

* you have to stick to Thunderbird from Mozilla.com; using Thunderbird
as provided by OpenSuSE won't work

* the GnuPG executable (gpg.exe on Windows, gpg on Linux) must be found
automatically by Enigmail, i.e. the path to GnuPG must remain empty. In
order to achieve this, make sure that the directory holding gpg/gpg.exe
is in the PATH variable.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSKuy93cOpHodsOiwAQIMHwgAkXb4CWt1es8LEf4aW9Ci+K2a3uMbJOfa
MPJ1dECQ7POAO+tIrHiu/eJoI95jmEUof7JmzDaM3m9JylxQR28tn/k6tfMp+q1h
qu4yLSyfRYFHfFW4qM0ibEnOqItrb67KWv5nN5SmAsaxU/YB/iUbfJqZOKBt0/5J
84SgpvsWOSIc3DpK5AUot3mQ3kDQ2bzf/o4IhRGVyndWiXKCZxYW/epRcjUUktuf
wiVmWjT+RvNl65tA5KTqv2nSOMAzZEBSADdiMHyWvWnR8HKaWSTrnHB6zeIb1JV+
kYQbjUNhkX+Xe+dEcy06N/PdoF7ZV9qNWXEnJN/2Q8c6CNASiQD+RQ==
=d46t
-----END PGP SIGNATURE-----

From schubi at schubiserv.de  Wed Aug 20 04:01:05 2008
From: schubi at schubiserv.de (Florian Schubert)
Date: Wed, 20 Aug 2008 13:01:05 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB9239.4020901@Mozilla-Enigmail.org>
References: <48AB3F99.1090404@schubiserv.de>
	<48AB9239.4020901@Mozilla-Enigmail.org>
Message-ID: <48ABF971.60409@schubiserv.de>

Hallo,

thank you everyone helping me.
But I think, like John Clizbe, you can share profile but there are even
problems.
The problems consist not from thunderbird, the mean program. And I think
this is a little bit angry, because the problem is cased from a "little"
extension like enigmail or lightning. And this could not be the way of
an extension, dictation the mean program how it has to work or not.
But I?m to stupid to solve the problem and so I have to live with.

I think i would prefer the solution of John C., sharing only parts like
mail, rss feeds and imap folders.

Alternaty could only be using gpg where it is running and on the
operating system pgp doesn`t run using s/mime, it is running. :)
But this is fortunately not the solution enigmail user discussion list
is preferring.

Thanks

Florian

John Clizbe schrieb:
> 
> While everyone else is being helpful trying to help you sort out the path to the
> gpg executable, the simple answer is that you can't share profile directories
> between operating systems.
> 
> That is not to say that you can not share files and even full directories within
> a profile. I've done it several times with the suite (Seamonkey and Mozilla
> prior) so I know how much work it is. Best to only share the mail, news and imap
> folders.
> 
> I can read my mail on any one of the machines her in the house/office.
> At ~10GB, there's one copy of it.
> 

-- 

Florian Schubert

50? 55' 11'' n?rdliche Breite, 6? 57' 37'' ?stliche L?nge

E-Mail: schubi at schubiserv.de

www.schuberts-medienhandel.de


Diese E-Mail wurde digital signiert. Falls Ihr E-Mail-Programm nicht
?ber die notwendigen Pr?ffunktionen verf?gt, ignorieren Sie bitte die
angeh?ngte Signaturdatei. Ein verschl?sselter und signierter
Datenaustausch sollte jedoch auch in Ihrem Interesse sein.

<-------------------------====Signatur_und_Verschl?sselung====----------------------->

openPGP, PGP:
-------------

Hauptsignierschl?ssel ID / Fingerprint:

0x3B58B711 / 9F09 B873 8A6B 8C8F 70EE  A2A1 EAB0 8A98 3B58 B711


Zeitangaben:

Erstellungsdatum: 29.09.2007

Verfallsdatum: niemals


G?ltiger PGP Schl?ssel download per Keyserver ?ber folgenden Link:

http://pgpkeys.pca.dfn.de/pks/lookup?fingerprint=on&hash=on&op=index&search=0x3b58b711

<---------------------------------------------------------------------------------->


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5324 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080820/030b0224/attachment.bin>

From ldc at lrcressy.com  Wed Aug 20 04:55:05 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Wed, 20 Aug 2008 07:55:05 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB7FB5.5070508@yahoo.se>
References: <48AB3F99.1090404@schubiserv.de> <48AB7912.9060002@lrcressy.com>
	<48AB7FB5.5070508@yahoo.se>
Message-ID: <48AC0619.3090807@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Waste wrote:
> LeRoy Cressy skrev:
>> apt-cache search enigmail
> 
>> to find the correct package name.
> 
>> apt-get install package-name
> 
>> will install the package and any other required packages.
> 
>> I hope that this helps :-)
> 
> apt is used on debian dists, like Debian, Ubuntu, Knoppix etc.
> There is packages that simulate apt on OpenSUSE though. But SUSE based
> dists use Yast by default.
> 
> Use "whereis gpg" (without the apostrophises) to search where the binary
> is placed and then point to the path in enigmail.
> 
> OpenSUSE documentation:
> "whereis Report all known instances of a command"
> 
The last time I touched SUSE was when it first came out on the market.
I was just going on what I heard on the Philadelphia Linux User's Group
(PLUG) list that rpm based distributions currently have a version of apt
for their distributions.

What I was attempting to get across was that Linux distributions do not
and cannot use M$ Windows .exe files.  For a new Linux user it is
easiest for them to use the package management system. Today there are
so many distributions whereas when I first started using Linux there was
only RedHat and Slackware.  Both of them would fit on a single CD.

The new Linux user should use their package management system and
install the version of enigmail that is provided by the distribution.
Usually the enigmail package will install everything where it belongs
and thunderbird or seamonkey will properly.  Most distributions will
verify and install the correct version that matches your system.


> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3369 (20080819) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
>     part000.txt - is OK
> 
> http://www.eset.com
> 
> 
> 
> 
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSKwGF3lsxrSGsIsqAQjJQRAAh3o1QpYA2suPLbW6LcvBE3Mv02ijOrz8
ahIttlMkzsUoAFD/9nuzXcQMFb0GP9ZLtu9G4vYUA71yBJJspFphJ6OTCt+N+icg
qwhgvw074i8MZRIXOsIo4xd1cA0hDXWA+RRD8LBAOwmdQIYGNA+AF+23+9C3OGZ7
D0wYLb1bvWA3cuhwu1V/Dv136plnR68+zzDAxy2SSLqBrC5ZSOE+nJjetiRx4xe3
QYOG+ZbLrZ373cDyjcrHYcCP7ZduzxZqpz7vMow1ReoAxN2T/Hr0OqdXabxgWgpe
nWZ0t0gg8WCR9LJBw1RNO2tkXDVsbRYYt+8mDjBrHkkONYLD+3BgN8yKjHXXuCcg
C06PWDrQ9xL+WRMVhzwci02AA9xBzwxPlDu3h95BCK9kHBJKeSp9xVDtKQ5sC/n6
u+CRX3WAWLZ6YahlFKHIuX0pRKQ37r2rTJa1KbSA1lVw5MF/a0/lxei1/XvCHiYX
FanzUWMdYPWegO41p5h7ZuDOJZyuxu1BFmulRTbyB0YUaRlVtB0uiezY0PfK51DS
42qpQU8ua6XVVy4InR+g8S7z1kvetG4/R4nHbiYfSwzhJvF3r/YvsBu02anxeSEM
ZxaQGBxeKYFPmxBwpbrULr5d67H0c+Ms3imL53lysALsZz/o1RCGC7kOl56jUdtQ
9ZT3SLaBBgY=
=i9tx
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Wed Aug 20 05:27:26 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Wed, 20 Aug 2008 08:27:26 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AB9239.4020901@Mozilla-Enigmail.org>
References: <48AB3F99.1090404@schubiserv.de>
	<48AB9239.4020901@Mozilla-Enigmail.org>
Message-ID: <48AC0DAE.9040309@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John Clizbe wrote:
> While everyone else is being helpful trying to help you sort out the path to the
> gpg executable, the simple answer is that you can't share profile directories
> between operating systems.

Which is not to say you can't share or copy the GPG keyring directory.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkisDa4ACgkQ0DfOju+hMklTTwCfTZ/yWEvIftqVuly/pSMzWEuQ
FLUAn0m7M8BSNfO8cImsInTuOQSTmuIt
=YzJ3
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Wed Aug 20 06:28:31 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 20 Aug 2008 08:28:31 -0500
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC0619.3090807@lrcressy.com>
References: <48AB3F99.1090404@schubiserv.de>
	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>
	<48AC0619.3090807@lrcressy.com>
Message-ID: <48AC1BFF.5010200@sixdemonbag.org>

LeRoy Cressy wrote:
> What I was attempting to get across was that Linux distributions do not
> and cannot use M$ Windows .exe files.

Thanks to the magic of Wine, they can.  However, there are caveats on
that, and this is the wrong mailing list to discuss Wine.  Interested
people should check out http://www.winehq.org.



From schubi at schubiserv.de  Wed Aug 20 13:00:41 2008
From: schubi at schubiserv.de (Florian Schubert)
Date: Wed, 20 Aug 2008 22:00:41 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC0619.3090807@lrcressy.com>
References: <48AB3F99.1090404@schubiserv.de>
	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>
	<48AC0619.3090807@lrcressy.com>
Message-ID: <48AC77E9.1090405@schubiserv.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo LeRoy and Robert J. Hansen,

how it shines, the discus is pointing in a wrong direction. I wrote in
my first letter, I?m surching for gpg.exe on a linux os. I`m sorry, I
only meant surching for gpg on it. WinXp .exe surching on linux can be a
long journey :)
My problem is, thunderbird profile is shared between WinXP and OpenSuSe.
That meen the profiles.ini of winXP and suse point in the same file on a
fat32 partition.This is no problem and thunderbird is running fine.

The problem is now, that the extensions are in the same file and the
options of the extensions are configured on one of both operating
systems. In engimail, I have to show (option dialogue box) where gpg is,
or it is automatically find.
On winxp this is no problem and enigmail is running without any problem.
Under suse the option dialogue box of enigmail tells a mistake, can`t find
gpg. When I`m telling enigmail where it is, it is failing.

Now, I think the problem is sharing the profile with the installed
extension of enigmail. Probable the extension is only fully provided by
winxp and not through suse.
The question is,can I share the extension but have to configure two
separate files for enigmail extension and when how to?

LeRoy Cressy schrieb:
> 
> What I was attempting to get across was that Linux distributions do not
> and cannot use M$ Windows .exe files.  For a new Linux user it is
> easiest for them to use the package management system. Today there are
> so many distributions whereas when I first started using Linux there was
> only RedHat and Slackware.  Both of them would fit on a single CD.


Robert J. Hansen schrieb:
>
> Thanks to the magic of Wine, they can.  However, there are caveats on
> that, and this is the wrong mailing list to discuss Wine.  Interested
> people should check out http://www.winehq.org.

- --

Florian Schubert

50? 55' 11'' n?rdliche Breite, 6? 57' 37'' ?stliche L?nge

E-Mail: schubi at schubiserv.de

www.schuberts-medienhandel.de


Diese E-Mail wurde digital signiert. Falls Ihr E-Mail-Programm nicht
?ber die notwendigen Pr?ffunktionen verf?gt, ignorieren Sie bitte die
angeh?ngte Signaturdatei. Ein verschl?sselter und signierter
Datenaustausch sollte jedoch auch in Ihrem Interesse sein.

<-------------------------====Signatur_und_Verschl?sselung====----------------------->

openPGP, PGP:
- -------------

Hauptsignierschl?ssel ID / Fingerprint:

0x3B58B711 / 9F09 B873 8A6B 8C8F 70EE  A2A1 EAB0 8A98 3B58 B711


Zeitangaben:

Erstellungsdatum: 29.09.2007

Verfallsdatum: niemals


G?ltiger PGP Schl?ssel download per Keyserver ?ber folgenden Link:

http://pgpkeys.pca.dfn.de/pks/lookup?fingerprint=on&hash=on&op=index&search=0x3b58b711

<---------------------------------------------------------------------------------->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iQIVAwUBSKx36Oqwipg7WLcRAQIJGw//SBD/lCmHHNdnTZeescJzGX4bAbrMM1cl
ZtdyKbVMqHocSqdyQyyFDCC0DuTtKO/G3QoFr6OLof/NRN8VzYWsF7J1s82EFGCb
mX+Ix9nN5H+XxZ44Xvq0+lkV3PqkiUUUPSYazrZiQOOWEOBkRUNhhdy2Yrk/BtHq
kOiVulGcqv+nij+w4WGNn+LqcihWufCakpASBwpQBXTdE2WCMa1bBiOC4sPEKlVk
ClWeCcFZB0xa2GcQ42/ti6+elHhxkW+KnJzAWLYAJcYzGc7y0aJcf1kelIzyBWNg
HnxhvBLLVo4I1YH2mohmBHgmwEywlyEii6qTCd+P9mDGGjqjzNtJe73OYYLMUcAu
KkHgxZH/hu8NWNATZf9qftSfZJ5iujwDJPJh/UfCz3UpKKRLqIwltb0C3W0Pjrkv
VXHkFPwOStJ9VVPfEbCQzynvevU61qCp70bKK0T0shViNeB9jgSP/LpuoUnmgwGM
fOulCGb2bSNIx2Di9ovY5ur7Skr7HXC4iV+1k6rqaf/jxMlEuWfjTfQt435rNApn
HrQGHVFQvuD+sA84SyHPAbH+fd0QpNtu1Uav5f7WRRskxvPKopk+33KCcMjXLEHr
et0UVwi2At4YdbRtCFa1MD8O47PAJ75/J4TOQ9PQLD2vkOc7rOjQZ+YEl6YtfZZx
NJ/t/Gapkq8=
=vfoX
-----END PGP SIGNATURE-----

From olav at mozilla-enigmail.org  Wed Aug 20 13:13:58 2008
From: olav at mozilla-enigmail.org (Olav Seyfarth)
Date: Wed, 20 Aug 2008 22:13:58 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC77E9.1090405@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>
	<48AC77E9.1090405@schubiserv.de>
Message-ID: <48AC7B06.1000304@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Florian,

> On winxp is [found automatically] and enigmail runs without problems.
> On suse enigmail tells it can't find gpg. When I'm telling enigmail
> where to look for it manually, it fails.

You should stick to automatically finding gpg when sharing your TB profile.
On a Linux box, the gpg executable should be found automatically if it was
installed though an official package (here: using YaST2). Are you sure GnuPG
(1.4 series!) is installed at all?

Olav

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard
Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html

iEYEAREIAAYFAkisewUACgkQL/NBt8fdKe0b0gCgqWRsbI9yu/Pw8MsT5x9q/Uus
nXAAoItBAndGK0MFHKrHHXDO3mTYaKAY
=TNLH
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Wed Aug 20 13:14:30 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 20 Aug 2008 16:14:30 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC77E9.1090405@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>
	<48AC77E9.1090405@schubiserv.de>
Message-ID: <48AC7B26.8030201@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Florian Schubert wrote:

> Now, I think the problem is sharing the profile with the installed
> extension of enigmail. Probable the extension is only fully provided by
> winxp and not through suse.
> The question is,can I share the extension but have to configure two
> separate files for enigmail extension and when how to?

What I have done with My installation(s) is only Link/Share the Keyrings
on the FAT32 Partition.  In My Knoppix Partition I have created a
separate Profile.  Even though the same Extensions exist in both
Partitions (XP & Knoppix) all Extensions/Add-ons have been installed
separately.  I Linked the Keyrings only so that when Maintenance is done
in either Partition it reflects in the other.

Attempting to Link the entire Profile, particularly Enigmail, won't work
because the Path to GnuPG will be completely different in Linux vs. M$.

JOHN ;)
Timestamp: Wednesday 20 Aug 2008, 16:14  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrHsjAAoJEBCGy9eAtCsPh6kH/0+viyPgZ6jbs8PmsziZxV7c
yW+SCVY2LmqIYn+9wFzTfpp/APbiob0QvEbn8J2oXcnjC/JX/B0ylGB8leLw1hGu
sNfbkQ72G5oZCUMjlRnYk+eyAH0LfD7OeQQFBZ1e9X8gxHu1R2ACeWMUg2qCtn/R
40ZenLKymOSifFYQ1nGRzl9Qj7Po8I/gjnvqwGN6h66jo8FY6GwurgpL/bA4tpNM
gfv3v4eamWItutNrVaIBdRNgDUE22d2wINMDv4yynXIeRhqKTNEKh6W3aZPuPizj
D+s/rqrx1yXZ+VA61+/3vCFQeP5oBB9RvNI2OS7j5ZjbYaUQFNi+tPMjwrSlMXU=
=04pu
-----END PGP SIGNATURE-----

From alex89.ficus at gmail.com  Wed Aug 20 13:20:02 2008
From: alex89.ficus at gmail.com (Giano)
Date: Wed, 20 Aug 2008 22:20:02 +0200
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
Message-ID: <g8hua7$1v0h$1@mozdev.mozdev.org>

Hi guys. I'm a newbie and I've just installed and configured
Enigmail+gpg on my pc. It works really fine, both signing and
encrypting, but I found a very strange thing.
I use Enigmail on my Gmail account via IMAP, and I sent an encrypted
email to my girlfriend. Then I explored "sent messages" and... I was
able to decrypt the sent message using my key!!
How is it possibile? There should be some misunderstanding...
Thank you for the help! Bye!
-- 
~~~~~ GIANO ~~~~~

E-mail:  alex89.ficus at gmail.com
Website: http://gianopage.altervista.org/
Skype:   alex89.ficus
Twitter: http://twitter.com/giano89

"Per una persona ottimista, il bicchiere e' pieno a meta'. Per una
persona pessimista, e' vuoto a meta'. Per l'ingegnere, e' due volte piu'
grande del necessario."

-----PGP KEY FINGERPRINT-----
7B19 3021 2218 5AE5 F90D  895F 64E3 5598 5920 9728


From jmoore3rd at bellsouth.net  Wed Aug 20 13:32:49 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 20 Aug 2008 16:32:49 -0400
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8hua7$1v0h$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
Message-ID: <48AC7F71.6020203@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Giano wrote:

> Then I explored "sent messages" and... I was
> able to decrypt the sent message using my key!!
> How is it possibile? There should be some misunderstanding...

Under 'Preferences' do You have the option to 'Encrypt to My Key' checked?

This is a 'Feature' that many find desirable so that they can go back
and check a Sent Message to see what they actually 'said'.  You may
un-check this box and Sent messages will no longer be able to be
decrypted by You.  :)

HTH

JOHN ;)
Timestamp: Wednesday 20 Aug 2008, 16:32  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrH9vAAoJEBCGy9eAtCsPMnIIAJ89Rz+rrHi0rFfqxVIfYfhm
rwd/J4oOe8kFYdDHUt/2mbi8vXPCuoliBYUpftp23yzNqOxfc8mHj278nZJEAD8m
oVNPvV4QQLEHM6RKzqTfJCCCIulRp1Wb4LC8ri3K6d9bIsGgHaocTKZ5Pm+k6ZMr
pW9+MfcPuCli1B0x5MDz5xc+owFG3yjigd03OH/5qMFBB8q8SB6j8i0IsI7GdUV8
2NkGoXY5cX5lApmZM35ltMDLOxnmezI87hoGZ5iTeTLMo8YTifo0CZqRZZjllHh4
JThNmlAHF1dgHGWbIlXAPnDSoMyy8z3fn63odl68dTrx1L62PpRtgXDFEecFrV4=
=zdge
-----END PGP SIGNATURE-----

From ayush.cena at gmail.com  Wed Aug 20 13:34:34 2008
From: ayush.cena at gmail.com (Ayush Sharma)
Date: Thu, 21 Aug 2008 02:04:34 +0530
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8hua7$1v0h$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
Message-ID: <48AC7FDA.4090206@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
 
Giano wrote:
> I use Enigmail on my Gmail account via IMAP, and I sent an encrypted
> email to my girlfriend. Then I explored "sent messages" and... I was
> able to decrypt the sent message using my key!!
Hello Giano,
                   This happens as the Enigmail actually encrypts the
message to *both your key and to you girlfriend's key*. This can be
verified by a simple task :
Click on "OpenPGP" in the menu bar of your Thunderbird ->click on
"Debugging OpenPGP" ->"view console" (while making sure that you had
clicked on the message recently sent to your girlfriend in the Sent
Message" folder.
There you will see the console message saying that the message was
encrypted to *both* your key and your girlfriend's key.
If you want to remove this feature, and only want that the message be
encrypted to *only the recipient's key*, please do the following:
Click on "OpenPGP" on the menu bar of your Thunderbird->click on
"Preferences"->click on "Sending" tab->uncheck the option which states
that "Add my own key to the recipients list"
This way the message will only be encrypted to the "receiver's key"
Warm Regards,
- -Ayush

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: For keyID and its URL see OpenPGP message header
 
iQEcBAEBCgAGBQJIrH/ZAAoJEGQLrmFLsPjBABwH/RsF0iWbVJFj3pVCePxDMXKg
ISMBATWzwXVEghG7eCQlWCQK5pNIQpPxDBXN+WxOiSU9jkn7Bzl4iGRNDD8jPzSm
7A6Wnxp9/9bA1j/+TpevGCEYh3HfkypKUGjhbPhZ+60DSDWaNXKq9VUAby1kv8ck
zBIn+gJ5SWAwSaZKkHHNjeW9w0aC0r+agYQ3P7Br4RgtFZEL+DCSrErTMNYU0ykL
9ISSTlRADeeoibxFns3KB/NgL6l6z1flbMYFV74AICppZg0OReA3i+xltUIfNl4c
a+rRDzyD90m37vR/Qj54uOz5FPj4FFWthOZWm8LnNHR+mLSuoaGW5vQHtx7ocgA=
=aL8a
-----END PGP SIGNATURE-----


From alex89.ficus at gmail.com  Wed Aug 20 13:48:08 2008
From: alex89.ficus at gmail.com (Giano)
Date: Wed, 20 Aug 2008 22:48:08 +0200
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8hua7$1v0h$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
Message-ID: <g8hvu8$23m1$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thank you everybody!! Now I know I fell better! Bye bye
- --
~~~~~ GIANO ~~~~~

E-mail:  alex89.ficus at gmail.com
Website: http://gianopage.altervista.org/
Skype:   alex89.ficus
Twitter: http://twitter.com/giano89

"Per una persona ottimista, il bicchiere e' pieno a meta'. Per una
persona pessimista, e' vuoto a meta'. Per l'ingegnere, e' due volte piu'
grande del necessario."

- -----PGP KEY FINGERPRINT-----
7B19 3021 2218 5AE5 F90D  895F 64E3 5598 5920 9728

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrIMIZONVmFkglygRAoYaAKDFEMMaIGmHwlQh9GLopB5rSCVZ7wCfcQyy
SStKMV6BVxXIGxad9yk/Bw0=
=lCYQ
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Wed Aug 20 14:47:29 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Wed, 20 Aug 2008 16:47:29 -0500
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC77E9.1090405@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>
	<48AC77E9.1090405@schubiserv.de>
Message-ID: <48AC90F1.2020307@Mozilla-Enigmail.org>

Florian Schubert wrote:
> Hallo LeRoy and Robert J. Hansen,
> 
> how it shines, the discus is pointing in a wrong direction. I wrote in
> my first letter, I?m surching for gpg.exe on a linux os. I`m sorry, I
> only meant surching for gpg on it. WinXp .exe surching on linux can be a
> long journey :)
> My problem is, thunderbird profile is shared between WinXP and OpenSuSe.
> That meen the profiles.ini of winXP and suse point in the same file on a
> fat32 partition.This is no problem and thunderbird is running fine.
> 
> The problem is now, that the extensions are in the same file and the
> options of the extensions are configured on one of both operating
> systems. In engimail, I have to show (option dialogue box) where gpg is,
> or it is automatically find.
> On winxp this is no problem and enigmail is running without any problem.
> Under suse the option dialogue box of enigmail tells a mistake, can`t find
> gpg. When I`m telling enigmail where it is, it is failing.
> 
> Now, I think the problem is sharing the profile with the installed
> extension of enigmail. Probable the extension is only fully provided by
> winxp and not through suse.
> The question is,can I share the extension but have to configure two
> separate files for enigmail extension and when how to?

Ok, I understand your problem better now.

Oh WinXP, make sure that the directory containing gpg.exe
(C:\Programme\Gnu\GnuPG for German localized systems) is part of the PATH
environment variable. Open a command window, (Run --> cmd.exe), the command

    gpg --version

should return several lines of info, version, home directory, algorithms
supported. If you get an error that it can't find gpg, then you'll need to add
it's location to PATH. On a Windows NT/2000/XP system, open Settings ?
Control Panel ? System ? Advanced ? Environment Variables and edit the  PATH
variable under System variables. In the edit field, add  ;C:\Programme\GNU\GnuPG
 to the end of PATH and then click OK three times.

On the SuSE side, the command to locate gpg is

    which gpg

it should return something like /usr/bin/gpg. If not, verify that GnuPG 1.4.? is
installed.

Now in Thunderbird, Open Enigmail's preference panel and clear the the check box
that overrides Enigmail's automatic location finding results.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080820/033c29b9/attachment.bin>

From wastekonto at yahoo.se  Wed Aug 20 15:01:54 2008
From: wastekonto at yahoo.se (Waste)
Date: Thu, 21 Aug 2008 00:01:54 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC7B26.8030201@bellsouth.net>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>	<48AC77E9.1090405@schubiserv.de>
	<48AC7B26.8030201@bellsouth.net>
Message-ID: <48AC9452.1040203@yahoo.se>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III skrev:
> 
> What I have done with My installation(s) is only Link/Share the Keyrings
> on the FAT32 Partition.  In My Knoppix Partition I have created a
> separate Profile.  Even though the same Extensions exist in both
> Partitions (XP & Knoppix) all Extensions/Add-ons have been installed
> separately.  I Linked the Keyrings only so that when Maintenance is done
> in either Partition it reflects in the other.
> 
> Attempting to Link the entire Profile, particularly Enigmail, won't work
> because the Path to GnuPG will be completely different in Linux vs. M$.
> 
> JOHN ;)
> Timestamp: Wednesday 20 Aug 2008, 16:14  --400 (Eastern Daylight Time)

This is exactly how I would do it.

And Florian, there is no point of searching for gpg.exe on a Linux
system. There are no ".exe" files on Linux, BSD or UNIX as someone
pointed out earlier. Binaries in those systems dont have file extensions
as in Windows.

The gpg binary (that is, the same as gpg.exe in Windows) is simply named
gpg in Linux.

_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

__________ Information from ESET NOD32 Antivirus, version of virus
signature database 3372 (20080820) __________

The message was checked by ESET NOD32 Antivirus.

    part000.txt - is OK

http://www.eset.com




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10-svn4809 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIrJRSAAoJEIjrKyJ4MaoKXs8P/jn8uIqurlI7SpmVDy17hdfX
Mxsg/BpG6m653JTYQDoqwc+KDV7r232yUw2IWC8FYjz9nbmHxqlGrHyT9UTglYau
CdjPtSfndFilbfz4c5Nd2y/uZU57ydCDzQBW/N2LQLdhQ6XhCWk8R6CiL+4h5kES
epliZOEC+cxywwA4GEJkCca1STAbTPeRxJoVzq9ClfThA3W77rbnasVKoYyQkZ6s
bwNX8NcO3vzv3JkCN7VhTk8bmzEuEqJaitPPCil5wIeq38jxb1lFqt+aQCPeqof8
Pzee9cXuur8D5DWiEPeHSHZVG7CB7coL6d7nT90WP9RekWwadnDnFOiLmUCj/LdO
7M6jLVZ4toEw6+BnSSEe5xOMG/Pn7nJkD2Qmr2hEgaOIA5Yu0DGwNOs3SAKKLfRP
/6UlwMtRqo5+ef4TNjBqlIbLQ2SwyGwfvR62AiUDLqE14Kc8ztP2C2geveUEIbKw
GuLZxxmyu6fqXLJM65+SXboZsunJKllGN/2heTEsze/HsSVDiHc7CnAJPFriDvq6
mVA1mH7SY2mB2EJ/S00g4bfSs9O0z1udJgABZyt5RgvLPAK2hqUkfh5cd9ETTnBH
/b+/4p33pJiaMq0xlM6m/qHM6rJuz7Ps51pQlK2oeuOT+vWzM+D8wpHNNN1OIiAN
OBLWskBI3p++WA/31khy
=3Qj0
-----END PGP SIGNATURE-----

From wastekonto at yahoo.se  Wed Aug 20 15:10:35 2008
From: wastekonto at yahoo.se (Waste)
Date: Thu, 21 Aug 2008 00:10:35 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC90F1.2020307@Mozilla-Enigmail.org>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>	<48AC77E9.1090405@schubiserv.de>
	<48AC90F1.2020307@Mozilla-Enigmail.org>
Message-ID: <48AC965B.2050600@yahoo.se>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe skrev:
> 
> Ok, I understand your problem better now.
> 
> Oh WinXP, make sure that the directory containing gpg.exe
> (C:\Programme\Gnu\GnuPG for German localized systems) is part of the PATH
> environment variable. Open a command window, (Run --> cmd.exe), the command
> 
>     gpg --version
> 
> should return several lines of info, version, home directory, algorithms
> supported. If you get an error that it can't find gpg, then you'll need to add
> it's location to PATH. On a Windows NT/2000/XP system, open Settings ?
> Control Panel ? System ? Advanced ? Environment Variables and edit the  PATH
> variable under System variables. In the edit field, add  ;C:\Programme\GNU\GnuPG
>  to the end of PATH and then click OK three times.
> 
> On the SuSE side, the command to locate gpg is
> 
>     which gpg
> 
> it should return something like /usr/bin/gpg. If not, verify that GnuPG 1.4.? is
> installed.
> 
> Now in Thunderbird, Open Enigmail's preference panel and clear the the check box
> that overrides Enigmail's automatic location finding results.

I have actually explained this earlier. But i suggested "whereis gpg"
instead of "which gpg" which does the same.

And Florian, if you are trying to use the "gpg.exe" on a windows
installation in a Linux environment, forge it. It will NEVER work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10-svn4809 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIrJZbAAoJEIjrKyJ4MaoK2/0P/1l0P667Xo/wprq0eQzxaF33
c3/WdX1HrAYmMqb8AlSBJVmuLzVxEBisPexB3ZbBuuEjrhsEfuwPSGXen2gk/pUn
qz8pxiHPF8Ck2/2kDRXUtYyuV4y/w4jada/aG6WGIrLt8P7PpaGvTJqEaUxYR9MW
zNCQcE+SRFNBnToGY01UjtONOSF8XCPMdIGw4Lujd/mj0SppY2S0lfraf21VkH8T
X3CEvAOn1QYbWKajcOeaABXpQYznmudWxeC4Y/1esEsenJBvD5AbFKemECbYSgIg
EzjidXKfBeCIErSJXA3BnI4PaWfhDYS1/V1DWZpZFBFAy/kpPGFhkIX/7E8+OPsk
NVagc6YIKy+bfaFj1iVp+U5AVk7Z9YG/5tivmZwckQOdSq7W38rnOr/bBW5Hj2sC
TeN3Wytdf4EzHL7I8QhBiDjEdZX+htYWRzzS/Phc9bPJsFIQEN2p3sn+kIbpmIA3
E5dVaBODijZjui7kIMs5sPJwO2yrbUC/JQIDRGWpTCJh2xnz3vnifgH6DPvoHiYj
HC09yjMDDUwShpy7We5PIaB6/3qbY4twrj6BvlzqnL0zaMHUwR1vG63XrT+B1rPN
dzNZ2FE9QxSaHFU/xApB32+rdSMK+Mtav+9LQ8TlZrfWD/rH9gFhho/WcdOHjjtY
PnNsanFUpLHE40+PogfQ
=Okbx
-----END PGP SIGNATURE-----

From patrick at mozilla-enigmail.org  Thu Aug 21 00:15:24 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Thu, 21 Aug 2008 09:15:24 +0200
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC90F1.2020307@Mozilla-Enigmail.org>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>	<48AC77E9.1090405@schubiserv.de>
	<48AC90F1.2020307@Mozilla-Enigmail.org>
Message-ID: <48AD160C.5040408@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:
> Florian Schubert wrote:
>> Hallo LeRoy and Robert J. Hansen,
>>
>> how it shines, the discus is pointing in a wrong direction. I wrote in
>> my first letter, I?m surching for gpg.exe on a linux os. I`m sorry, I
>> only meant surching for gpg on it. WinXp .exe surching on linux can be a
>> long journey :)
>> My problem is, thunderbird profile is shared between WinXP and OpenSuSe.
>> That meen the profiles.ini of winXP and suse point in the same file on a
>> fat32 partition.This is no problem and thunderbird is running fine.
>>
>> The problem is now, that the extensions are in the same file and the
>> options of the extensions are configured on one of both operating
>> systems. In engimail, I have to show (option dialogue box) where gpg is,
>> or it is automatically find.
>> On winxp this is no problem and enigmail is running without any problem.
>> Under suse the option dialogue box of enigmail tells a mistake, can`t find
>> gpg. When I`m telling enigmail where it is, it is failing.
>>
>> Now, I think the problem is sharing the profile with the installed
>> extension of enigmail. Probable the extension is only fully provided by
>> winxp and not through suse.
>> The question is,can I share the extension but have to configure two
>> separate files for enigmail extension and when how to?
> 
> Ok, I understand your problem better now.
> 
> Oh WinXP, make sure that the directory containing gpg.exe
> (C:\Programme\Gnu\GnuPG for German localized systems) is part of the PATH
> environment variable. Open a command window, (Run --> cmd.exe), the command
> 
>     gpg --version
> 
> should return several lines of info, version, home directory, algorithms
> supported. If you get an error that it can't find gpg, then you'll need to add
> it's location to PATH. On a Windows NT/2000/XP system, open Settings ?
> Control Panel ? System ? Advanced ? Environment Variables and edit the  PATH
> variable under System variables. In the edit field, add  ;C:\Programme\GNU\GnuPG
>  to the end of PATH and then click OK three times.
> 
> On the SuSE side, the command to locate gpg is
> 
>     which gpg
> 
> it should return something like /usr/bin/gpg. If not, verify that GnuPG 1.4.? is
> installed.
> 
> Now in Thunderbird, Open Enigmail's preference panel and clear the the check box
> that overrides Enigmail's automatic location finding results.

There's one more thing that you *must* do, or you'll fail for sure:
you'll have to download the official release of Thunderbird from
Mozilla.com and the official multi-platform Enigmail XPI that we
provide; you cannot use Thunderbird & Enigmail as provided by the
distribution, nor any other Enigmail XPI.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSK0WC3cOpHodsOiwAQLLTQgAwjYItYRilGhuYFKwIwgGAH1wfP1GjIpo
vEYSVGxUSdHKkmynV8MtO9tV5LOw0kLbGE61S6zSlEEe/PW/1AW4G1rJ/tZl0iKR
g+4xfLuThLjZJZ/Y8nolNs+l+skCZW2YeP7bzCOIBz6D2sX+CxH7oiB/30vBDSpN
arn0pnLwLxU5OFdiNXgAhg2JNF6gFnq6yGrEqncFrUu0p/swhrTy7DUYwN4TefEy
p7gtxJWg8HsmXNumHqxmY3BzCaqjfI8EJiPMReWXS/vFHyHuXqCf2ew+BB31IzCT
bTEcbF6xOHk2ljRKDbLqN9hkS7K9m8tt1diP7lsz1OC7c6aZrq/S+A==
=OAmM
-----END PGP SIGNATURE-----

From ldc at lrcressy.com  Thu Aug 21 04:21:49 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Thu, 21 Aug 2008 07:21:49 -0400
Subject: [Enigmail] Running enigmail on winXP and opensuse
In-Reply-To: <48AC77E9.1090405@schubiserv.de>
References: <48AB3F99.1090404@schubiserv.de>	<48AB7912.9060002@lrcressy.com>	<48AB7FB5.5070508@yahoo.se>	<48AC0619.3090807@lrcressy.com>
	<48AC77E9.1090405@schubiserv.de>
Message-ID: <48AD4FCD.1050506@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Florian Schubert wrote:
> Hallo LeRoy and Robert J. Hansen,
> 
> how it shines, the discus is pointing in a wrong direction. I wrote in
> my first letter, I?m surching for gpg.exe on a linux os. I`m sorry, I
> only meant surching for gpg on it. WinXp .exe surching on linux can be a
> long journey :)
> My problem is, thunderbird profile is shared between WinXP and OpenSuSe.
> That meen the profiles.ini of winXP and suse point in the same file on a
> fat32 partition.This is no problem and thunderbird is running fine.
> 
One of the replies I think mentioned it might prudent to only share
~/.mozilla-thunderbird/??????????/Mail/ and
~/.mozilla-thunderbird/??????????/ImapMail/ directories.  The paths are
different for windows and linux.  Thus if you share the entire profile
directory between the two systems one instance of enigmail will work
while the other will not.  Also, any other plugins that you install will
only work on one system.

Sharing the entire profile directory tree has caused troubles.  If you
set the gpg path to /usr/bin/gpg in linux that will mess up the

> The problem is now, that the extensions are in the same file and the
> options of the extensions are configured on one of both operating
> systems. In engimail, I have to show (option dialogue box) where gpg is,
> or it is automatically find.
> On winxp this is no problem and enigmail is running without any problem.
> Under suse the option dialogue box of enigmail tells a mistake, can`t find
> gpg. When I`m telling enigmail where it is, it is failing.
> 
> Now, I think the problem is sharing the profile with the installed
> extension of enigmail. Probable the extension is only fully provided by
> winxp and not through suse.
> The question is,can I share the extension but have to configure two
> separate files for enigmail extension and when how to?
> 
> LeRoy Cressy schrieb:
>> What I was attempting to get across was that Linux distributions do not
>> and cannot use M$ Windows .exe files.  For a new Linux user it is
>> easiest for them to use the package management system. Today there are
>> so many distributions whereas when I first started using Linux there was
>> only RedHat and Slackware.  Both of them would fit on a single CD.
> 
> 
> Robert J. Hansen schrieb:
>> Thanks to the magic of Wine, they can.  However, there are caveats on
>> that, and this is the wrong mailing list to discuss Wine.  Interested
>> people should check out http://www.winehq.org.
> 
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSK1Py3lsxrSGsIsqAQjDzw/+L0qUwW1qOVqQmQiuguc++y/h+1WouKGE
7wLEtQE3ZAoOKIrgFpXG3RjDlyaAU5GCFtSDFF6s8F6ZnDazPZVbCVNk9s5FdIYW
9n47pekoknosEKlknlKqFHVVmhAq8ZFzPfFgh+H97be9cmmzww+LYJGTDnMrmBRn
Jrw8TmFhU2CvId7Nu4oariLbArvEpzXiiQVVZ/VH5vcOwbnYw2xCrQ+0Rrm2pviI
ev0mUn/b9m/2Ubs4vH09QQ8QLYDU2Nc4NNe09dhYvVXlKVv97atNZT/JhTWez2C6
n6CGSuF9FFtqLz0HBQDUCZdZ81M/pWzGK1jSuRhPGuhInZO6T55Bmva6FTugcQGx
k7YPy34I53GbIrpSd1vEHEX6wtBYKqPZmfq/UscaT7UIYms7yX0QeRnPz6+1yJ09
9kTeldbUvPVX69CE7dlhGwxIZGaznMl0yWyLjQRa3tOMmjjPXRFrC29yBdqyv0+Y
eAY5bWwraaiepuNeqovB3/UiWr3bmGCpE4xUaQ9hKK9uNP3yIEUr9fU//QggfZpS
+RDk5bxjP9Mk5fPE9kP3hJn4Dc+mai6jhg/WeVF5aqdgFSu0sUhkgzWE3dN57wlO
clMEpDMRwweYPnm3qlLhd5rAbSq9SVOVcfKaqWSVV5pBOy9lgR7OPIfxzPfmVLxe
x9BJjUxLHGI=
=kUtB
-----END PGP SIGNATURE-----

From ldc at lrcressy.com  Thu Aug 21 04:26:36 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Thu, 21 Aug 2008 07:26:36 -0400
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8hua7$1v0h$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
Message-ID: <48AD50EC.3050904@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Giano wrote:
> Hi guys. I'm a newbie and I've just installed and configured
> Enigmail+gpg on my pc. It works really fine, both signing and
> encrypting, but I found a very strange thing.
> I use Enigmail on my Gmail account via IMAP, and I sent an encrypted
> email to my girlfriend. Then I explored "sent messages" and... I was
> able to decrypt the sent message using my key!!
> How is it possibile? There should be some misunderstanding...
> Thank you for the help! Bye!

Enigmail encrypts the sent email to your girlfriend using her public key
while the email saved in the sent folder is encrypted with your public key.



- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSK1Q6nlsxrSGsIsqAQi79w/8DkqH0R+K1hbiYrO7ba4X70LjcQRKqX73
6fbyHyo0Wilk0wjj+uzmosk0CNYSwiDmIlsDLiwsH6qyiqaJpQkioR3wbFBmKDzo
zn5duLISxxRfmVXZrQC1GOnbBDej5Z+jh0CeRv9lsoZI//UZlTgSYI9yW7WacPI9
qDxmCa+0UMT3j3UFhxAv/6P2M/bXgGMMoybh2REWCfq3Y4L3PzjIeUbhUWPTKSiz
pNiCRK3U+3GJEfIyY/WsUCzvjA77lz6FN7NN/Mu3l5akGjXZ8oBHR0HyDtz4kN/A
P3Xak2jltJ3D0ZDVlR7Cf2/O3lCtWLRTmC2dCCBhZcnyt4UiYcBagdMvIvCehPQ3
nhYzchvFGxBjmGW7rMeYZyBOuIPs+xWP6+fmKyjC29Tvsqei4w+bnOId6S59TVIq
eUzzI+Se6si/3xvFwLZWmrfc6iAEGuvcnF3tpCDohCiZv1Va06oxiUweUqNqXJCZ
DDpqEvaJpbemtEt2KOkRVE86KWINADBOuKAK5iTT69jqkoyr5IfkKy9Cd9rsoT7k
gQ4O9YtodaS5VgIRkRCpNJ6ZuzpEKOOWQic8bEX0R+wbh+wsvDRBOs6wnHp2rTTt
/roEItq6p2/H7oueWR+7pKQmhvKEcIvFdpMBE7PnniTE5OaWG84OPiU2rPAwZpqC
+59xCHV905E=
=K3+h
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Thu Aug 21 04:49:05 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 21 Aug 2008 06:49:05 -0500
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <48AD50EC.3050904@lrcressy.com>
References: <g8hua7$1v0h$1@mozdev.mozdev.org> <48AD50EC.3050904@lrcressy.com>
Message-ID: <48AD5631.9030800@sixdemonbag.org>

LeRoy Cressy wrote:
> Enigmail encrypts the sent email to your girlfriend using her public key
> while the email saved in the sent folder is encrypted with your public key.

No, it does not.

The email that gets put in the Sent folder is the exact same as the
email your correspondent receives.

The original poster has either added an encrypt-to-self in his gpg.conf
file, or has told Enigmail to do the same.

The mail in the Sent folder is encrypted with _two_ public keys, not
just one.


From ldc at lrcressy.com  Thu Aug 21 05:32:50 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Thu, 21 Aug 2008 08:32:50 -0400
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <48AD5631.9030800@sixdemonbag.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org> <48AD50EC.3050904@lrcressy.com>
	<48AD5631.9030800@sixdemonbag.org>
Message-ID: <48AD6072.3050806@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> LeRoy Cressy wrote:
>> Enigmail encrypts the sent email to your girlfriend using her public key
>> while the email saved in the sent folder is encrypted with your public key.
> 
> No, it does not.
> 
> The email that gets put in the Sent folder is the exact same as the
> email your correspondent receives.
> 
> The original poster has either added an encrypt-to-self in his gpg.conf
> file, or has told Enigmail to do the same.
> 
> The mail in the Sent folder is encrypted with _two_ public keys, not
> just one.
> 
I stand corrected


- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSK1gcauxGqN1iGbbAQjiMQf+K343fto4VUngvg8BFoC3RSFLir4SOaNe
C2MXpbxWFXkN7lVuylXb8x33AINIa/NwMYMOMe7Qlc08QqHxLa4vlGHy+d6n4C5H
8Ve8CZErB+3Qz7Gx/N5cjPym69l1hNenF+mpubtG9tFcuzLp63KpuGxfBVeiDk/F
n0EFjRT52gelJSRUuIPZKtFEpdNbr3dPSYqHLSXN9ddOiX0Jr8xHpoOWMctCy9t/
qu5r7dDPTpqp+npNlezYV48J/6kVEFClyMeZT4uMen/RFNTdkMwWixIkHn66zSbW
FzmbpD76eRXxo2mAhfEPN2pu1IeX4f3+/Cdcv/pPOz5wqguGVp573w==
=+DmY
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Wed Aug 20 17:38:38 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Wed, 20 Aug 2008 17:38:38 -0700
Subject: [Enigmail] First signed message
Message-ID: <48ACB90E.4080205@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I have just installed Enigmail, and I'm looking for someone who is
willing acknowledge my first signed message. I have not published my
key, but I have provided it here as an attachment.

I will very much appreciate any response.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkisuQ4ACgkQEbLUj7pltrAgbgCglVBcSspN9Z90OCvnIpmqomRT
XCQAn1mW94nzXob3e3gG55OplV6HE9ZG
=4Wn9
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080820/1e59b709/attachment.bin>

From admin at psipro.com  Thu Aug 21 08:02:36 2008
From: admin at psipro.com (Brian Malinconico)
Date: Thu, 21 Aug 2008 11:02:36 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48ACB90E.4080205@gmail.com>
References: <48ACB90E.4080205@gmail.com>
Message-ID: <48AD838C.2090503@psipro.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Looks like it works to me!

James Gillespie wrote:
> Hello,
> 
> I have just installed Enigmail, and I'm looking for someone who is
> willing acknowledge my first signed message. I have not published my
> key, but I have provided it here as an attachment.
> 
> I will very much appreciate any response.
> 
> James

- ------------------------------------------------------------------------

_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail


- --
=====
Brian Malinconico
+Owner

Key: 0x8127932C
Keyserver: pool.sks-keyservers.net

I strongly support, and prefer, signed and encrypted mail.
This insures security and privacy for both the sender and recipient. If
you are interested in learning more about securing your e-mail
communications please let me know.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkitg4wACgkQhY0NBoEnkyxJZQCcDrOL24qBk4iGzmTHql821zre
ZrEAn2eu2qlItNqPSJ+5a1y8jwCwc53B
=6OCq
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Thu Aug 21 08:07:50 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 21 Aug 2008 11:07:50 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48ACB90E.4080205@gmail.com>
References: <48ACB90E.4080205@gmail.com>
Message-ID: <48AD84C6.2050506@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> I have just installed Enigmail, and I'm looking for someone who is
> willing acknowledge my first signed message. I have not published my
> key, but I have provided it here as an attachment.
> 
> I will very much appreciate any response.

UNTRUSTED Good signature from James Gillespie <gillespie.jp at gmail.com>
Key ID: 0xBA65B6B0 / Signed on: 8/20/2008 8:38 PM
Key fingerprint: 8B02 A1AC 5888 C2A5 2669 FAEB 11B2 D48F BA65 B6B0

Next Step:  Upload to the Keyservers so that others will be able to
retrieve Your Key without You having to attach it to every Message.

JOHN ;)
Timestamp: Thursday 21 Aug 2008, 11:07  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrYTEAAoJEBCGy9eAtCsP05EIAKNXocVWGI50GFDfRTZgKoSW
7WVOaOOuYj6AQDqt5PTAlNDXnkDxeETulas+I2L1Fxgt6QzxPsD7SPzToS0qB+Al
d+hnM0nlbqJpOfSiX/luwTo/zxRWztnMZbYKGhCo0nEV1fBsx6Vx05SET7h7/jyC
nobRwlz/IFr7Wkne2Z7CI79b10dUDqxSRsyU0SqgNLGuguuYS6+sGgCOYV2e7Tnc
qMNBk6XfR0RzFHpJZM9MTIz5b907k3oNkkmM2lxG4fZX5YOkUkZcEjNz6gaZx9ha
bB0VwNmnoCvyWuHGXoLhip08VjM2aXmNLkyukEso7fAWXl3iE6OKt4/sO9NhSYg=
=Hq2C
-----END PGP SIGNATURE-----

From alex89.ficus at gmail.com  Thu Aug 21 08:32:46 2008
From: alex89.ficus at gmail.com (Giano)
Date: Thu, 21 Aug 2008 17:32:46 +0200
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <mailman.702.1219319289.57136.enigmail@mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org> <48AD50EC.3050904@lrcressy.com>
	<mailman.702.1219319289.57136.enigmail@mozdev.org>
Message-ID: <g8k1qu$2rkn$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen ha scritto:
> The email that gets put in the Sent folder is the exact same as the
> email your correspondent receives.
I'm checking that. I'll let you know.

> The original poster has either added an encrypt-to-self in his gpg.conf
> file, or has told Enigmail to do the same.
> The mail in the Sent folder is encrypted with _two_ public keys, not
> just one.
And if it is encrypted with 2 keys, why can I read it? Is it sufficient
to have one out of 2 keys?!?!?

- --
~~~~~ GIANO ~~~~~

E-mail:  alex89.ficus at gmail.com
Website: http://gianopage.altervista.org/
Skype:   alex89.ficus
Twitter: http://twitter.com/giano89

"Per una persona ottimista, il bicchiere e' pieno a meta'. Per una
persona pessimista, e' vuoto a meta'. Per l'ingegnere, e' due volte piu'
grande del necessario."

- -----PGP KEY FINGERPRINT-----
7B19 3021 2218 5AE5 F90D  895F 64E3 5598 5920 9728

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrYqdZONVmFkglygRAunrAJ4qIB3gXuILee+BR4CRf+VLxiUOygCgz4sl
NqaZFRfLy7qot+AKkZpBIkI=
=ScET
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Thu Aug 21 08:51:50 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 21 Aug 2008 09:51:50 -0600
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8k1qu$2rkn$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>
	<g8k1qu$2rkn$1@mozdev.mozdev.org>
Message-ID: <48AD8F16.4090507@gmail.com>

On 8/21/2008 9:32 AM, Giano wrote:
>> The original poster has either added an encrypt-to-self in his gpg.conf
>> file, or has told Enigmail to do the same.
>> The mail in the Sent folder is encrypted with _two_ public keys, not
>> just one.
> And if it is encrypted with 2 keys, why can I read it? Is it sufficient
> to have one out of 2 keys?!?!?

Each message is encrypted once with a one-time-use symmetric key. That
symmetric key is then encrypted to each of the recipients public keys
and sent along with the message.

In this case the symmetric key was encrypted *two separate times*. It
was encrypted to your girlfriend's public key and attached to the
message. Then it was encrypted to *your* public key and attached to the
message. This is because you have 'Encrypt to Self' turned on (it is on
by default).

Each of the corresponding secret keys can decrypt the message.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/fa0ca64d/attachment-0001.bin>

From post at lespocky.de  Thu Aug 21 08:59:30 2008
From: post at lespocky.de (Alexander Dahl)
Date: Thu, 21 Aug 2008 17:59:30 +0200
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8k1qu$2rkn$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>
	<g8k1qu$2rkn$1@mozdev.mozdev.org>
Message-ID: <0ML25U-1KWCZW0eGf-00076V@mrelayeu.kundenserver.de>

>> The mail in the Sent folder is encrypted with _two_ public keys, not
>> just one.
> And if it is encrypted with 2 keys, why can I read it? Is it sufficient
> to have one out of 2 keys?!?!?

Without cryptographic explanation: yes.

It is possible to encrypt mails with multiple public keys. Example: I
could write a mail to my five best friends and encrypt it with the
public key of each. Each of the five will be able to decrypt the mail
using his own private key but nobody else.

The ?encrypt to self? feature is nothing different. The additional
recipient is just you. As stated before: this makes it possible to view
what you wrote by yourself, quite useful I think. :)

Greets
Alex

-- 
'With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.' (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/aebdce64/attachment.bin>

From jmoore3rd at bellsouth.net  Thu Aug 21 09:26:40 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 21 Aug 2008 12:26:40 -0400
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8k1qu$2rkn$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>
	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>
	<g8k1qu$2rkn$1@mozdev.mozdev.org>
Message-ID: <48AD9740.7010909@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Giano wrote:

> And if it is encrypted with 2 keys, why can I read it? Is it sufficient
> to have one out of 2 keys?!?!?

Because _one_ of those Keys is Your Own.  The other Key is the Recipient's.

Sure, it is fine to have a Message Encrypted to *only* 1 Key but then
there is no real reason to keep it in Your Sent Folder because You will
never be able to read it anyway.  :-\

JOHN ;)
Timestamp: Thursday 21 Aug 2008, 12:26  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrZc/AAoJEBCGy9eAtCsPu8QH/j/pGFnv1vV7x8mGJMGfcIgi
JshEXgf7KjQqsRjNyO9oWZVueGE74E8L3Ebw5iOTfcmbG6/cobaEf8qSPLJQcKJq
qjjfgjPNu0P7F4dv0HAaRimGW40Qjn7Mir4QgKl199WgO2M5olmqN7kMu5vVSEl8
2aAAGlHjGWL35Kqud0ds6ivWd/sbbQPQokgtMNGEHsPHEciR9ZE10GQ387MTQNAL
TbrRbv9KhO4Gbqk0W9E646Vb3g+onMvyvq2zAVITQDXDrnqJEFyH1OjSSoxnM0Di
E35rjX8dq3XBctBR7QR2YrvDNfrzIXUxj+xNHIOhQD0qBJqi1nvgr5eLmvqpH7A=
=WYNR
-----END PGP SIGNATURE-----

From alex89.ficus at gmail.com  Thu Aug 21 09:30:52 2008
From: alex89.ficus at gmail.com (Giano)
Date: Thu, 21 Aug 2008 18:30:52 +0200
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <mailman.708.1219334387.57136.enigmail@mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>	<g8k1qu$2rkn$1@mozdev.mozdev.org>
	<mailman.708.1219334387.57136.enigmail@mozdev.org>
Message-ID: <g8k57t$65t$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok. Tell me if I'm right.

I'm X and I want to send an encrypted message to Y, so:
1) I pick up Y's public key.
2) I make this one-time-key, with which I encrypt the message (symmetric
encryption).
3) I encrypt the one-time-key with Y's public key and append it to the
message to be sent (asymmetric).
4) I encrypt the one-time-key with my public key and append it to the
message to be sent (asymmetric).

Because I found that:
- - sent mail and saved mail are exactly the same, so they can't be
encrypted one with my key and another with girlfriend's key;
- - gpg debug console says that there are two encryptions, so it is
impossible that the message is encrypted with only one key (result of
combination of mine public and girlfriend's private);
- - I'm still able to decrypt the sent message without girlfriend's private.

Is it OK ??!?!

- --
~~~~~ GIANO ~~~~~

E-mail:  alex89.ficus at gmail.com
Website: http://gianopage.altervista.org/
Skype:   alex89.ficus
Twitter: http://twitter.com/giano89

"Per una persona ottimista, il bicchiere e' pieno a meta'. Per una
persona pessimista, e' vuoto a meta'. Per l'ingegnere, e' due volte piu'
grande del necessario."

- -----PGP KEY FINGERPRINT-----
7B19 3021 2218 5AE5 F90D  895F 64E3 5598 5920 9728

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrZg7ZONVmFkglygRAiveAKDflTh9b4ZrPcFJ/n/UrJENlY/onQCbBX47
TND1oGxfPKpB/ue2JcVDnPU=
=9QpK
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Thu Aug 21 09:39:42 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 21 Aug 2008 12:39:42 -0400
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8k57t$65t$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>	<g8k1qu$2rkn$1@mozdev.mozdev.org>	<mailman.708.1219334387.57136.enigmail@mozdev.org>
	<g8k57t$65t$1@mozdev.mozdev.org>
Message-ID: <48AD9A4E.60401@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Giano wrote:

> Is it OK ??!?!

Yes!  Or, as the younger crowd is fond of saying:  It is wicked OK!

JOHN ;)
Timestamp: Thursday 21 Aug 2008, 12:39  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrZpMAAoJEBCGy9eAtCsPIuwH/0mh88S0RWuyTI4Tp9bAlcV6
DQUh5/loPQK7qPrpSSf6KmrzqRB3PdZdZzfuEPlxapELeVRCy/EjBlaPDtPo1PFs
aZm24OnCiXEzvs/1JJiRtuK3aS8stS1EMP3a/P1pTKVltgbXR1mFvl64MbJryAFi
VgiOSN0rpGRKLoRNMwW9KXX4FtEHJSVuIgh4ERfwLWiRqQb9TsGSCKlWmZGa92cM
P/WbNKntjiBQ/CSZP5jMUcR+KST7SW5hVz0fLcYG/NNA+sx/JyrLDXB1Iy90PX2d
NZ9H952bGZrBzum1oMt/HNRL54UjkVfa/LqwwlgYk7U2HzrWjaShxm4NjsAshik=
=K/Wb
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Thu Aug 21 09:55:14 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 21 Aug 2008 10:55:14 -0600
Subject: [Enigmail] Enigmail, PGP, Gmail and decryption
In-Reply-To: <g8k57t$65t$1@mozdev.mozdev.org>
References: <g8hua7$1v0h$1@mozdev.mozdev.org>	<48AD50EC.3050904@lrcressy.com>	<mailman.702.1219319289.57136.enigmail@mozdev.org>	<g8k1qu$2rkn$1@mozdev.mozdev.org>	<mailman.708.1219334387.57136.enigmail@mozdev.org>
	<g8k57t$65t$1@mozdev.mozdev.org>
Message-ID: <48AD9DF2.2050603@gmail.com>

On 8/21/2008 10:30 AM, Giano wrote:
> I'm X and I want to send an encrypted message to Y, so:
> 1) I pick up Y's public key.
> 2) I make this one-time-key, with which I encrypt the message (symmetric
> encryption).
> 3) I encrypt the one-time-key with Y's public key and append it to the
> message to be sent (asymmetric).
> 4) I encrypt the one-time-key with my public key and append it to the
> message to be sent (asymmetric).

Exactly right! :-)
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/c4d5be23/attachment.bin>

From alex89.ficus at gmail.com  Thu Aug 21 11:20:51 2008
From: alex89.ficus at gmail.com (Giano)
Date: Thu, 21 Aug 2008 20:20:51 +0200
Subject: [Enigmail] Keyservers
Message-ID: <g8kbm4$q0i$1@mozdev.mozdev.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ehi! That's Giano again!!
Thanks for replies to my first post here, I have another question.
I use GPG with both Enigmail (for emails) and Seahorse+Nautilus plugin
or command line (for files).
I discovered that the two programs have different keyservers to publish
keys.
Here is my question: to spread widely my key, do I have to publish it on
every server? Or are they spread "automatically" from one server to
another? I also find a server that requires email confirmation, what's
the difference?
Thank you!
- --
~~~~~ GIANO ~~~~~

E-mail:  alex89.ficus at gmail.com
Website: http://gianopage.altervista.org/
Skype:   alex89.ficus
Twitter: http://twitter.com/giano89

"Per una persona ottimista, il bicchiere e' pieno a meta'. Per una
persona pessimista, e' vuoto a meta'. Per l'ingegnere, e' due volte piu'
grande del necessario."

- -----PGP KEY FINGERPRINT-----
7B19 3021 2218 5AE5 F90D  895F 64E3 5598 5920 9728

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrbIDZONVmFkglygRAoAwAJ9NSRdEc56vtNqVplY+u2d1bcDiVACgqYdt
Y2Ddr5mA6Rq3rQY2I+EsIi8=
=SoxL
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Thu Aug 21 11:53:33 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 21 Aug 2008 13:53:33 -0500
Subject: [Enigmail] Keyservers
In-Reply-To: <g8kbm4$q0i$1@mozdev.mozdev.org>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>
Message-ID: <48ADB9AD.6010504@Mozilla-Enigmail.org>

Giano wrote:
> I discovered that the two programs have different keyservers to publish
> keys.

I don't see that as much of a problem, depending on the server software platform.

> Here is my question: to spread widely my key, do I have to publish it on
> every server? Or are they spread "automatically" from one server to
> another? 

One server is sufficient. Both of the most common keyserver software platforms,
SKS and the older PKS, propagate changes from one server to another.

PKS does this via email. SKS uses a set synchronization algorithm that detects
and exchanges all differences in the full key database (2,600,000+ keys) - it is
_very_ fast. A reconciliation cycle takes < 2-3 minutes.

As a choice of keyserver entry, I recommend hkp://pool.sks-keyservers.net. (This
is the equivalent of http://pool.sks-keyservers.net:11371.) This address is not
a single server, it is a collection of 20 server addresses chosen at random from
a larger collection of about 33-34 addresses representing currently online and
in-sync SKS servers.

> I also find a server that requires email confirmation, what's the difference?

Perhaps if you tell us which server, we could answer.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/4dc5bff9/attachment.bin>

From jmoore3rd at bellsouth.net  Thu Aug 21 13:51:15 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 21 Aug 2008 16:51:15 -0400
Subject: [Enigmail] Keyservers
In-Reply-To: <48ADB9AD.6010504@Mozilla-Enigmail.org>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>
	<48ADB9AD.6010504@Mozilla-Enigmail.org>
Message-ID: <48ADD543.9010605@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

John Clizbe wrote:

>> I also find a server that requires email confirmation, what's the difference?
> 
> Perhaps if you tell us which server, we could answer.

This sounds like the PGP Global Directory.  PGP GD _does_ require an
Email Ping on each address listed on a Key to verify that the
information they store is accurate.  PGP GD is _not_ a sharing/gossip
Server and the biggest advantage to Uploading Your Key there is for the
convenience of those who prefer Searching on a Semi-Private Server.  PGP
GD also prevents, in limited fashion, Others from Uploading Your Key
with unwanted Signatures without Your knowledge.

Bear in mind that PGP GD will Ping the addresses on Keys stored there
annually and I've heard some complain about having to run the 'clean'
Command to removed extraneous PGP GD Sigs placed upon their Key.

Is My Key on PGP GD?  Yes.  For the convenience of others.  My Mail
Listing is on Big Lumber at www.biglumber.com and a link to My Key there
may be found in the Comments within My armored header.

JOHN ;)
Timestamp: Thursday 21 Aug 2008, 16:51  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrdVBAAoJEBCGy9eAtCsP8rkH/iTUu3cGvUaPD92q7HxEhs6V
Xpls96uFDJdEIkrYHIggL9crWubZui8WoQ250819siDKuAvpB/GI4AgOx1ST1OK6
PW37ZNUeZ+WJShaj+DEWczcs59ZK8JfpGNGExyPCqHAXauWGvNfacT7gja63U7oF
4nM1UEErPrEHHQ/DeECJTx+j/0EBeaZVzPnF/U5aqjYKmPt+69N2XKwE9EC42qHe
bBRiS0drZuR5oGNvA8DqHEyMPVpHpT9VhJ4zZQhFA33dWzP8nzr4GM57cFG3xYY+
6iX+E9GkBufLEqJ4FJ9v3w4YnD89Gibrsjt2B3xoEmtvJsttq0fpz14YIRVbGeE=
=L64v
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Thu Aug 21 19:23:09 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Thu, 21 Aug 2008 19:23:09 -0700
Subject: [Enigmail] Keyservers
In-Reply-To: <48ADD543.9010605@bellsouth.net>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>
	<48ADD543.9010605@bellsouth.net>
Message-ID: <48AE230D.8020006@gmail.com>

John W. Moore III wrote:
> John Clizbe wrote:
> * * *
> Bear in mind that PGP GD will Ping the addresses on Keys stored there
> annually and I've heard some complain about having to run the 'clean'
> Command to removed extraneous PGP GD Sigs placed upon their Key.
* * *

... the 'clean' Command...' is this to 'Remove' the 'No Longer Good'
Addresses so the Pings will work?

From rbrtryn at gmail.com  Thu Aug 21 19:45:39 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 21 Aug 2008 20:45:39 -0600
Subject: [Enigmail] Keyservers
In-Reply-To: <48AE230D.8020006@gmail.com>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>	<48ADD543.9010605@bellsouth.net>
	<48AE230D.8020006@gmail.com>
Message-ID: <48AE2853.4050300@gmail.com>

On 8/21/2008 8:23 PM, Tom Hwy101 wrote:
> John W. Moore III wrote:
>> Bear in mind that PGP GD will Ping the addresses on Keys stored
>> there annually and I've heard some complain about having to run the
>> 'clean' Command to removed extraneous PGP GD Sigs placed upon their
>> Key.
> 
> ... the 'clean' Command...' is this to 'Remove' the 'No Longer Good' 
> Addresses so the Pings will work?

This removes any signature on a key that can't used or belongs to a key
not on your keyring. This makes the key smaller and it makes the valid
signatures easier to see.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/35d2923a/attachment.bin>

From jmoore3rd at bellsouth.net  Thu Aug 21 20:22:28 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 21 Aug 2008 23:22:28 -0400
Subject: [Enigmail] Keyservers
In-Reply-To: <48AE230D.8020006@gmail.com>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>	<48ADD543.9010605@bellsouth.net>
	<48AE230D.8020006@gmail.com>
Message-ID: <48AE30F4.90505@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> ... the 'clean' Command...' is this to 'Remove' the 'No Longer Good'
> Addresses so the Pings will work?

The 'clean' Command has nothing to do with addresses, per se.  Basically
it accomplishes exactly what it says; cleans the Key of all useless
matter.  This includes Revoked UID's, duplicate Signatures retaining
only the newest, anything that is not necessary or useful for the Key to
function properly.  It has nothing to do with the function of PGP/GPG
but is primarily cosmetic in nature and reduces the size of the Key.

As to the 'Pings'; if the UID is revoked there is effectively *no* Email
address to challenge.  A revoked UID is never Pinged because revoking
means that all information associated with that UID is no longer valid.

Far too many folks confuse 'clean' with 'minimize and they are to
totally different animals.  The 'minimize' Command removes everything
from the Key _except_ Valid UID's & Self-Signatures.

JOHN ;)
Timestamp: Thursday 21 Aug 2008, 23:20  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrjDxAAoJEBCGy9eAtCsPFUQH/jbpIvT+JmQWqDEZa+DLIAWB
7tvuZmtWvedNdO3tqkDj1u3gbIP4Hkvwxzhag3pN1EDKWAtfAksircyFJh1fXGio
kbwBhj9PlZ7mIVn+KNj64Qwu8rFj0Sh+lEuSfYkhp8Ey+O9clLG1I2BULyPt/eab
e3T1wl0Gx5TeI3ke6kYOerenGfsRXiTmmqbCbyssZCw6MPfcoBw79scBNRp4SDYD
zfxpyBEv7oZhodblrWktG/6FB/Eic/jFnVX2CkZc7JudDDDGmwGQFCevj8zEotGH
buQtOa/IDc4NJouVNRa5D8EmJsCKNVrnVF7KUFpke3t3jbEw/frl9AxtJZwT84o=
=oNTa
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Thu Aug 21 21:14:36 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Thu, 21 Aug 2008 21:14:36 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48AD84C6.2050506@bellsouth.net>
References: <48ACB90E.4080205@gmail.com> <48AD84C6.2050506@bellsouth.net>
Message-ID: <48AE3D2C.7090304@gmail.com>

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQMOA3WCrctoTFD6EAv+NCSkAYAJW99yRmVl9ObJfPqjoGAukak5iQFGTTuRf1OE
IhwccV1sbVU8nA9qkci8JzM1qvfh+twoJ6ACVIxN7lBHN6NAm5Vvpkp9Xwf45obD
3ewXdYeWlpE4M3+DB6xmAPQgawcb7a3CEk8RSqZkXVoPGVuLmf+OvcdByKeUwzsO
OIko0sixJgKBFasqA8L8TK7/q+ODzobyP1z1IHD4a8WImNymnXOShbNqmpV9q9c3
N4YRz/OHZf+t3XVoZWj4xaz51T1qVqXCdDejIL/wK/C9hxmxdYYE+ZXKnPsPrgId
duT4qnyVUu8BPoaINy+B4a+HLDQDUBiT5nyJnwJcYGtoIRLUXQteKmYilNonVd9b
2h/Iwuc9hNJh8MobovLfF41POuxwIsoZf/Sl60kKjYUBokY7proeaW6vG/cN62uW
hcVxf5OdGNN8zB3POY91P/ijk/SXV0FZwOzci8UwjRVYdS3fqUlDR7XnmstE3Dbj
48ijkLVw+AaBD2zE8Kv5C/0USMNt3kJXNz+hYuHpsdbHFVv8A7AEalmk0jRw7tYA
zVxuPqqL1XgpwVwm9LfkSIHvwv1nGxhZnlpJyKqGJFbGv3cTcUBvYRMd5YnNiSV7
UMEdyARkE/PmdWzcygowXSwuJWUE8kR+ynBG6T63bNB6Lxxi7KXp/LdVNXmIdpwk
avuG2EyjyqMzTfR4tuNQhxNGKr2XTTvqAhX4GCjm2a/k7Hkt1A2zV9m2sxYcrrcG
xVX8eRDilltSBDhBgkywLRo7nr74WL8FfmCVQOv5wNFJnybVufPS0Vy9aF+VWuj7
cz/UkdyhRnIEupcNpdbpyMCKfFOFdFj7MnqEbibMKxaOfhozUNEJSCOnOImnTNOz
v2L79F793YGfG+8v8UVkfZcuN0YiyKJdjSstDuDQYKcH+ydhEfOKIYu1HJkPsseu
rrr08tDhN6Y5krx9vRdyR+aOEBLVOSZS+7A50RYo+/kcOiU7FiWPqVWxahGivS1e
A0DR5DbY4ieMPB7pCx4mZkSFAg4DqHxxqfWdATAQCACvJKdNWAy3OuGjys3ImmWz
qxuM9Wkeobsr4hdZHq/jscKUMe7NNcjzT+aXV+Vg5ILHSVRkVQpPs+QswDj2u/Gm
t1GLf7QkFhOLZ1W84SGr0gQXPjL/j5W5+pxpe1xyO6JordEngeLWBRdkB0sII9uf
hUjIGlKT4TAMh6QLlQU8J7Vfwvtzu6AxXjmgfciFZ5+qldPNPcMTNbt7KM35TQbb
yyWkjw5sGhPgcnpe5FAhBwssMdXT5VMLufea9IgYuYK0ahX58D5W7GIeaawMbMit
ZNX1G6OeZ9OMMWemlKs1E13q/NNVm0PgkBYjJeCiV4nhg26NJPJe7yPTtC95UTaK
CACRFC6vwiJwwNjYqsU8c5lK2LhY0DIhslPTGmDagoCiHsEKE9rUCyCS5El4nUXn
ER82tStRcUZMVow/dwhNaJjniKU9AcRfJnBU2Kwt0u6LJzPvv6RQ/aQ3k/Rmc0Ug
3Z4JL2fQsAr4YQknEChL13WfaK4c+H1s+k0GzDSJFcAPldYfEte9rVAmJ0SMF+ed
2tzYlW2CLz9degCrI/cPISx9fCopfkPqYO5EqxzJOFIgFS3MyfGYZ+LbeyI12Z54
cS2XEHRVK4DmuG+WTI9DyHwPkaY/PplQs5sd05PGFOUxdHwQ08khSL6zme3LKN/X
B4b40OCDFVzUhz2GC9aaJPL90ukBxPFkZXowvy08NogKAVhrkRivyl5ebfERl1dP
vbHTYdnGJb9SmXzLEfLNiNOErVLWQa4UYvUQEEpu4o0yLnWFZrhf+nbYUvwwHy4t
/mZ8FF4a+4l8Ng9ECBDQ5CEcN1RECKADEm8K4XHL3hQQVroL673wcpoup7lCKjmv
ox27hF8D7OR52vla5CSG8ZY9m9UVPhAv3iTHlRAJ2I7zgp1FTVXIQgIcqVH1e6Mz
9v4SmfNXDMRgaFUVQ99a6/80TXqrA8L+YLi9sqiDs9IblYnxghlqP1VSfjMKBVK5
jk8cxlbNlIR52CJKOghhwzHyFUhdg880PCSgHUBrz7qcBLuv1S8YOTW9Xdaz/Rzz
QoS3x5N4uKBcpMwtI50OoMPynhTEvKKKyNfH8I+/Pin91sDlafty1Q9vl7anSjKz
kw5KZKD3ISC44Uoi4Wi2c5hKcl5e32La4/GSbC+LsRka7yIvE4rVTnLVuc+2W+IR
/OGJ2UJriogb2ibU24jpu3MG6rKytNT1o3oa93AqDaDNxNotWV2KQ19krawPJ+mf
ScvXWJhXG07RKipJojWLVLHpSrnsbAQ8XvXQABH1fXSxlSMJKxA7knLJf9l7Msdv
88HaxIigQOTrGvvuRmGw03iSueVMoeWrYquMzgrFiCn/r008fYcC5g6jONb2Nd75
N21Za8EdVs/4SHvrRV9aSZapSQGfiV/1nHugqS6BhhcMjQ89rMUcm227e+CQJrzJ
SYK3HLO2yhqhFpq4hm3LGwNzMNFmJl0S0zDqFGI6pqWG7DjCX1RadAt6H7nr+st1
h/k94dQ+Oty2prLPs8N2RVLvyv5gD3xPFE5jEg6CrmY1u+vCGcw3/xnAks7Z2/HH
ZbOjD1D8fFZR4CtBrQmHn5NTIqTr4CK7PpzKoGBiazMr7UgxtOP8K7mhMheDNT1O
rwAy2QfiFZPWeJbLQs+obf+NGz6oRF6fWkYYIT28Af3itXwo8qZ33e84ZtMF0Uc2
cafYGlWZth7pQAaWvuCN5OOLx5msjYsDJIfKdgdBa07GA6v9ta8Ed51yBFaivUO3
clkk/h2qXQFxyVblLEixE5mb96KsyhIn4uFYLiVj4+b0KaGmUgzwp7s9VgEXX2OH
GsPj6JHkTmIb3PS/lLZXxWvmmJtUp1psf1XpwAE8bGHoS+J6p+i7bWOH/ujdd+46
4filkfKbFvbBcqPiRPO2i6OSfFwoeKLUKIbL4SkLkt5akdzft28U9FZJqozd3YN2
X6EqthO75T09plKI5rdUB46u01HlkcwjqI/ZMHRX3cysoQlEGBd8+42uB5NlNYMm
/XlN
=TTC4
-----END PGP MESSAGE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/d28bb550/attachment.bin>

From gillespie.jp at gmail.com  Thu Aug 21 21:16:43 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Thu, 21 Aug 2008 21:16:43 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48AD838C.2090503@psipro.com>
References: <48ACB90E.4080205@gmail.com> <48AD838C.2090503@psipro.com>
Message-ID: <48AE3DAB.2010101@gmail.com>

-----BEGIN PGP MESSAGE-----
Charset: ISO-8859-1
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

hQIOA9nc/EgkR6woEAf+MA5ir/lo4uR1xvGhN8obfrGrQbN+mX4YuAKF5g2aZ2j6
4IQnIewx2/RWg37n3yRtQb7aHrsVTDE053hUNPdmbka5pcmYe73IraI/y9HwDxSi
n+Jh0S0mw17NEnJ8xP7nrWRHw7rtJmeNvfegHRjiS0v4deQ2ybpQfYcIdq+x44v2
O4kzDupqmlBVr0Bg4wZyAkT+V4L9YlaKpIguUQ2bW/f1PEEhuKJMrVAnyrEU5MaV
TCYA1I+WTsUM2kUoejZDCCai5pEPio0LXWZ4ssY6CrETfKKKVQwT8HDDgsnzAJRT
fA4et6TF8QFrKhFozQk7520qi+nfaZYzJHoDpEhZMgf/ewTSpIc0iKw1GtO2S+nL
JDPlhnk3GSDRd5aEKozH2ASW7V2+NMgYOpeE2DuK9fZXM+84H91bOEMmXVQ9qP2+
0r7nnSXVxEsMqKrd9RLU2hTkzkWZ4lHFhv+bMMbLO/mJ/ZZ9Dq41Itt9knzOJmqE
V4XJTdQXm6wDjgoPZCzxYzNoTblCTLfCvkF3MArYXkrLMT6gWlQn74CUHnGUhUuT
TJ+ZD/ir28bueJ8JD6EOy/aevYXrqA/Ht2VB/6uiKKRePtaRfcVH6j4MSb+ObTru
R10laKOCyw0SyVPBo/kX0fqgcXr77Ah1zLJK4zgnGg2FKTI6ygoM8jbOaAcm1BxJ
F4UCDgOofHGp9Z0BMBAH/3614FtS3aIjJ64+fLJM5l84q95qi33HxOZ7o8uYsPjf
lV1xjXaY4mxeQizdU5noTEmkQXwcr+69YM/Wk6ZqGSpLRdd3Gb30Y36MLRMY4iQ/
DN+aIC5b1M51l/8B++k7zKC46nh16PtIGweGqvPwb4cH4RK0CQKSX4KxLTJa4gxM
8WfsF1BLZcOeEbadUolMgZjvdRhSac8YVUzk8WHpUE3Bh3MfM9CTZMT+HXZuLsWN
wlVWZg3yYwGTTdvqZy7YUi4M1rZjgtPRR2iHaFvCeP9mDcbgGs/4jvc7iTeQlxOZ
jm/qXrtjAOJk3vpZzJ3T9izmjBvYLwFRnnelpp+/FkwH/i678X6w5fhEmg6KnEdR
c0LpPMpC5dFW9vysThIh6gMy7+KVOc8a4gXIVEZlvQIYacT6CQC+j2k7+wTs66jh
X/IIlftWX+ev8wEYbHK8tz63EddkgfngsoKvoQF3xaTrd2OAOPtcdhGodSEL/Hum
vG9QFQCHUy0UsujxkxLya30MZgwB7tarH7RJ918RIrmXdTpZ54TYjgg9W/95ubwb
M0sJvxvv6sFYVXAayk2PSc24d9kz1UdGRkWnvvSJTE1FzcCsszIWWqKIaiU8Gskq
SCEZb+3r95LiRo5ZDODU2hEXtlk5du4zdvyTrZni0xcIhPL7bNrXDHW1pI8L+nRx
UtXS6QEiNCwi8gWtu/Qan3+mmblKBtSUdCZSeWKsv3HO3fVWJZ/nkzHQTjheE5sL
e+2/0I85LotcPZH2lpFPHQu2mxLauBxO+mh2BqlHyllZS8yYJ4p6l+r09w3kydFn
FeUX1JR6vnY3BSi6jzv8qSuyiEixZJVT9Cjjx2r+GszEglsd1NO12qLhSSp63p3l
u31TYY/wXKabxYWll+NfmFDgE6sLSgKM7AuhMCqKr4cTEokMhRYvSYAwOGC3p0QI
1zbnFxtUGL5fZEz73j0ccZPIEtE6xRG/hl26u/o1OPNC1aUI4VU4YnUt0fnXrSKM
GMyUdMrTwL+/VtnlNizxQWBW1u5s5wWyJQJgEIaylYCswREJsjDwcYeA8+NdK0FA
vMgrJl7oT30LLweue6NbX/92K9SWQowiTptXbf6IvJ5bV8Wm9EX1w5+vMqPqUVEx
X3+fPRQiL87pgBOdjMjI/ncir3ox1Cw1fKV2Qdfh/nFnnt1WfUOPnuf+qB+wuH1P
DKfd5Y1NUvmIRRTIK878MopbPAxcWXkut8Nrg7sMcqAbv46BkjgGPXjKPNq0uzls
uRBl5n5GTXkYsfS7H9yFLr+QBN4XxQpW+XUBELJ+SqLX/nJ7g84DI4l4ujHS/xe2
azNVP3CisopS0BHXV6Dm05xgSxvpCObvZb2y8F4tCHOkwpuIwEcHSoZiVFLS70nf
8uVvwzw7eAZYy8/l+PeYkkqVfb9Nct2lGCs7kdrKGi0zYB4XTdwX8bLSunPa9zLc
FVUsrkRz4UOSnIdgGhrLGirSqzkNW53ZxGL2bBmSS1Xy2yTeiNItMHCnWH/+Guz6
XOfuBO01Zaci8vtcke9w4SdBLeSTPfQ4dMzq68Gi5RrDkUDhoASDA+SOgmygOHuH
xhi8a2lYi08wnR5pl8XleOtpn/ZTX+OVkHllTNNnvVo0PBCxE+cCugEOTl8tHVvE
xrH49U/wX9FWNdw8Hjjae791FNCUyHJ4e1ssNiNFqd/T7p5/kVedeHqDtheDnWBe
L4dJXm++Bny0Op1goQ==
=HIQf
-----END PGP MESSAGE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080821/3952dce6/attachment.bin>

From jmoore3rd at bellsouth.net  Thu Aug 21 21:32:02 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 00:32:02 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48AE3D2C.7090304@gmail.com>
References: <48ACB90E.4080205@gmail.com> <48AD84C6.2050506@bellsouth.net>
	<48AE3D2C.7090304@gmail.com>
Message-ID: <48AE4142.6060801@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

 > I will attempt to encrypt this message and hope for another
> acknowledgement from you and advice on my next step.

Decrypted message
UNTRUSTED Good signature from James Gillespie <gillespie.jp at gmail.com>
Key ID: 0xBA65B6B0 / Signed on: 8/22/2008 12:14 AM
Key fingerprint: 8B02 A1AC 5888 C2A5 2669 FAEB 11B2 D48F BA65 B6B0

Your attempt at Encryption + Signing was successful!  :-D

Speaking Personally, I can think of no 'Cons' associated with Uploading
Your Key to one or more Keyservers.  I have heard all the 'horror
stories' about Spam Bots harvesting Email Addresses from Keyservers but
I place no stock in that.  However, if You feel uncomfortable in
uploading Your Key then consider placing it on Big Lumber
[www.biglumber.com] and then providing a Link to You Key either in a
Comment Line added to Your gpg.conf File or, using Enigmail go to
Account Settings -> OpenPGP and in that area place Your Big Lumber Link
in the appropriate box so it will appear in the message header.  This
will prove more convenient that attaching Your Key to messages.

This also brings the Question; do You yet have a gpg.conf File?

JOHN ;)
Timestamp: Friday 22 Aug 2008, 00:31  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrkFBAAoJEBCGy9eAtCsPS2IIAIESburLWKA/NB4TUoJEPu9C
y3a82d2Osmx5oAO3Hi52b4ZPO8OIRgEWFlRQUwHZM0JNYd54LNHjnvslDNFziTOu
+stGF+6w+GyiHDS8JLWlk+BtNQA0jWKelPvDIq4RXruYUsE85v4FHSVZ8meW9YM3
9eKbES7hilFT8DTOo4rd00+VNsSqpUsDiSCZu8lmvnMa5p9DiGIw/7FNmF/vx3eG
1VmIaMZIdXxJnuUK9zpJyGXuiVpWlopu2ZadIngKhBxOHUlPGOp+v9s5geMRMTjK
1oHzMsJZ0t5Cvex9LLyTUJGNinwKi9N2ort4XRhfb9e90Kg4CX8PKTU/dRqHCf4=
=eITy
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Thu Aug 21 21:33:05 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 00:33:05 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48AE4142.6060801@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>
	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>
	<48AE4142.6060801@bellsouth.net>
Message-ID: <48AE4181.1060109@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

John W. Moore III wrote:
> James Gillespie wrote:
> 
>  > I will attempt to encrypt this message and hope for another
>> acknowledgement from you and advice on my next step.
> 
> Decrypted message
> UNTRUSTED Good signature from James Gillespie <gillespie.jp at gmail.com>
> Key ID: 0xBA65B6B0 / Signed on: 8/22/2008 12:14 AM
> Key fingerprint: 8B02 A1AC 5888 C2A5 2669 FAEB 11B2 D48F BA65 B6B0
> 
> Your attempt at Encryption + Signing was successful!  :-D
> 
> Speaking Personally, I can think of no 'Cons' associated with Uploading
> Your Key to one or more Keyservers.  I have heard all the 'horror
> stories' about Spam Bots harvesting Email Addresses from Keyservers but
> I place no stock in that.  However, if You feel uncomfortable in
> uploading Your Key then consider placing it on Big Lumber
> [www.biglumber.com] and then providing a Link to You Key either in a
> Comment Line added to Your gpg.conf File or, using Enigmail go to
> Account Settings -> OpenPGP and in that area place Your Big Lumber Link
> in the appropriate box so it will appear in the message header.  This
> will prove more convenient that attaching Your Key to messages.
> 
> This also brings the Question; do You yet have a gpg.conf File?
> 
> JOHN ;)
> Timestamp: Friday 22 Aug 2008, 00:31  --400 (Eastern Daylight Time)
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrkF6AAoJEBCGy9eAtCsPyj8H/0RQ1hDV92tg//Rei943cR+/
RrZ0MMdY3v1x5xLtZSNIrtwdOqHyOVtg8jaYRFfhNLw2XRcZw+NqNmQwcUKFMLNB
Id7dHCK4SAAYtN1wflz0taR0cPPrw2GtDZjMCPcvKK3jC/p9WSg7u9drB6lYOXqY
bfJ25a/6meEcHd9W1fczx7ovjsSO/V77dcd+rtTyoeNfipqhO0sMZGh1qGNcdibh
9lYcVqEonMrYHW/dV2gqomWcTEGeznD6fwX5HefeihinLWn18BSmSwhTxIe0vHfg
KztC+JeHXFmGNvR4alL74LckRyiVSmQGZtC1gRT54ssxHXp7u6DYdj+KBgyVvRQ=
=3P94
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Thu Aug 21 21:40:23 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 00:40:23 -0400
Subject: [Enigmail] My Bad, Sorry About That
Message-ID: <48AE4337.30300@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I didn't realize when replying to Mr. Gillespie that the Encrypted
Message I had received had come from the List.  :-[

I have since re-Posted My Encrypted Reply *without* Encryption so no One
will feel left out.

PLEASE; *never* Post to a List an Encrypted Message /unless/ it is
Encrypted to _every_ Member of the List!

JOHN :-[
Timestamp: Friday 22 Aug 2008, 00:40  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrkM2AAoJEBCGy9eAtCsPzqcH/2Yld07Nv5gesXYNp3UtbpXu
VwU3Fa4mevxBK7XxpW/WsR6iJgAh7mROImRQ98u7ywEEJMNhCw8GRpMIIEJakmOW
b7FDu9lUmLktoZI3pTJBE+1TA70Y1vzK9O/xxM7KBtOeph96FISI5nTADmy9mEmU
wBAZImcOLILDYJizoM6S/Dbhsgu0QXoxSSsQqcovXJNyleAb0PNe9vagznkA7ss5
60kDhUwUq0VJZayoJvLOA8qVyoYAPyzXDZBUqiRd8KgGATSwBUgr/JnadhdSiga6
OcRiYqgyR+ncddjhX0TqK8SZbqcTe2fXNls9rk0+NEd/46lXFBDLNsYmpw1ADx0=
=ExRb
-----END PGP SIGNATURE-----

From kuttruff at gmail.com  Thu Aug 21 21:47:20 2008
From: kuttruff at gmail.com (Christopher Kuttruff)
Date: Thu, 21 Aug 2008 21:47:20 -0700
Subject: [Enigmail] First encrypted message.
Message-ID: <48AE44D8.3090105@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm new to using pgp and enigmail.  I guess now is as good a time as
any to familiarize myself with greater security standards.

Anyways, just wanted to say hello to the board, since I don't know
anyone else that uses email encryption, and I wanted to test a couple
things out and check if anyone had some links to more info.  I've been
going through the enigmail manual as well as the intro howto, but
suggestions for further reading on cryptography and anonymity would be
much appreciated.

Thanks everyone.
- -Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiuRNgACgkQ8fnR0apPSGdqwgCdFvDgiSPZxD4ATBopHY2jbfJ0
qI0AoIJvhgdx95m3Yp5I3ec7hHIWyW8G
=Btq/
-----END PGP SIGNATURE-----


From jmoore3rd at bellsouth.net  Thu Aug 21 21:54:14 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 00:54:14 -0400
Subject: [Enigmail] First encrypted message.
In-Reply-To: <48AE44D8.3090105@gmail.com>
References: <48AE44D8.3090105@gmail.com>
Message-ID: <48AE4676.5010005@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Christopher Kuttruff wrote:
> I'm new to using pgp and enigmail.  I guess now is as good a time as
> any to familiarize myself with greater security standards.

UNTRUSTED Good signature from Christopher Kuttruff <kuttruff at gmail.com>
Key ID: 0xAA4F4867 / Signed on: 8/22/2008 12:47 AM
Key fingerprint: 684C 363F 70A0 2258 74A7 7D9F F1F9 D1D1 AA4F 4867

This 'Signed' Message was Good.

> Anyways, just wanted to say hello to the board, since I don't know
> anyone else that uses email encryption, and I wanted to test a couple
> things out and check if anyone had some links to more info.  I've been
> going through the enigmail manual as well as the intro howto, but
> suggestions for further reading on cryptography and anonymity would be
> much appreciated.

Welcome to the Enigmail List.  For more reading You may want to check out:

http://sixdemonbag.org/cryptofaq.xhtml

Note:  The above Link will *not* render in Internet Explorer but will in
all other Browsers.

Should You wish to test Encryption please do not hesitate to Send Me [or
any other List Member] a _direct_ Email and any & all assistance is
readily available.

JOHN ;)
Timestamp: Friday 22 Aug 2008, 00:53  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrkZ0AAoJEBCGy9eAtCsPdNEH/3OFwD05ariniL7jC343BpC8
0iwOtULRRMyBdS5huVpFi01yTJtaXn/Fd+fJmxKWwyxtRve6+qveE1KXpyho5VRg
akYIO26goc2LSC3oEodXZ8KRLfA8YZp419RIPgXDzMitnTZ92VwmkxuERCl31EGf
utTyCYOjtEgUhwGzUf1ZWSV2ZgbKNsE2xLIWi8BmYO5AkoCZz8mj5zYdUTa6Gz/5
q5klRiDp/9GqLnQezJymN1zSohIx7xt+kcKfT8laEV4fJ1QQRs2ChdWyIk1K/Jbz
xT9hks+BZtKM+yIMkvUKX9yCt7AO1776jhC7TjqsgSMpDNsQ2dEFv6zpTSgougQ=
=JiNu
-----END PGP SIGNATURE-----

From yaverot at nerdshack.com  Thu Aug 21 22:48:56 2008
From: yaverot at nerdshack.com (Matt)
Date: Thu, 21 Aug 2008 23:48:56 -0600
Subject: [Enigmail] Keyservers & Spammers Was: Re: First signed message
In-Reply-To: <48AE4142.6060801@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>
	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>
	<48AE4142.6060801@bellsouth.net>
Message-ID: <48AE5348.9080406@nerdshack.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> Speaking Personally, I can think of no 'Cons' associated with Uploading
> Your Key to one or more Keyservers.  I have heard all the 'horror
> stories' about Spam Bots harvesting Email Addresses from Keyservers but
> I place no stock in that.  

The only con of uploading your key to a keyserver is that it then
becomes permanently accessible - it goes into multiple 'public'
repositories and can't be deleted.  But any person who has your public
key can put it there just as easily.

As for spam-bots... let me use this email account & GPG key as an
example. I made the account and traded a few messages with tech support.
Then I created a new GPG key and went ahead and uploaded it to the
keyservers. I then signed up for both this & gpg-users mailing lists.

And lurked for 3 months.

During that time: 1 spam message, from before I was certain the account
was working right (IE I hadn't made the GPG key yet) from someone
sending and Ad their privacy policy said that they wouldn't do.
(This is spam that made it to my inbox, I have know way of knowing how
much my provider may have filtered. Other than that message everything
was a reply to a request.)

After that 3 months somebody said something that I had to reply to on
one of the two lists. Not everyone who archives this list on the web
munges email addresses. So once I posted, an address previously only
available only from: Me, my key, my mailhost and the list admins became
publicly archived. Then the spambots got it from the web archives.

So can they get the email address from the key? Yes. But I don't think
they do, because if they did, I probably would have gotten some during
that 3 month period. Spammers don't even care if the addresses are good
or not, some make up random name @ random domain just hoping to get
lucky. They don't care, email is practically free to send, so even a
single 'sale' is practically all profit.

Now one data point doesn't imply universal truth, especially when
attempting to prove that something doable just isn't done.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFIrlNI5fOwXjtW65kRAqBnAKCMJVe8QqfBIsMtgUnTFwfgFAeNfQCdEpMZ
fFf/WKoCQNcxLpcGvEHmmf8=
=bPOc
-----END PGP SIGNATURE-----


From post at lespocky.de  Thu Aug 21 23:35:59 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 22 Aug 2008 08:35:59 +0200
Subject: [Enigmail] First signed message
In-Reply-To: <48AE3D2C.7090304@gmail.com>
References: <48ACB90E.4080205@gmail.com> <48AD84C6.2050506@bellsouth.net>
	<48AE3D2C.7090304@gmail.com>
Message-ID: <0MKwpI-1KWQFq1Ypw-0006wK@mrelayeu.kundenserver.de>

Hi James,

> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Please do NOT send encrypted messages to this list. (Almost?) Nobody can
read this, it's just distraction.

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/d0774732/attachment.bin>

From post at lespocky.de  Thu Aug 21 23:39:12 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 22 Aug 2008 08:39:12 +0200
Subject: [Enigmail] Keyservers
In-Reply-To: <48AE30F4.90505@bellsouth.net>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>	<48ADD543.9010605@bellsouth.net>	<48AE230D.8020006@gmail.com>
	<48AE30F4.90505@bellsouth.net>
Message-ID: <0ML21M-1KWQIp3VWN-0008ME@mrelayeu.kundenserver.de>

Hi John,

> but is primarily cosmetic in nature and reduces the size of the Key.

I want to add, that it only affects the keys stored in your local
keyring not the ones on the keyservers.

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/df496a83/attachment.bin>

From post at lespocky.de  Thu Aug 21 23:40:20 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 22 Aug 2008 08:40:20 +0200
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AE4337.30300@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>
Message-ID: <0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>

Hi John,

> PLEASE; *never* Post to a List an Encrypted Message /unless/ it is
> Encrypted to _every_ Member of the List!

You know, this is not possible. ;-)

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/515a2691/attachment.bin>

From John at Mozilla-Enigmail.org  Fri Aug 22 01:23:42 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 22 Aug 2008 03:23:42 -0500
Subject: [Enigmail] Keyservers
In-Reply-To: <0ML21M-1KWQIp3VWN-0008ME@mrelayeu.kundenserver.de>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>	<48ADD543.9010605@bellsouth.net>	<48AE230D.8020006@gmail.com>	<48AE30F4.90505@bellsouth.net>
	<0ML21M-1KWQIp3VWN-0008ME@mrelayeu.kundenserver.de>
Message-ID: <48AE778E.2080703@Mozilla-Enigmail.org>

Alexander Dahl wrote:
> Hi John,
> 
>> but is primarily cosmetic in nature and reduces the size of the Key.
> 
> I want to add, that it only affects the keys stored in your local
> keyring not the ones on the keyservers.

You may clean as you retrieve from the keyserver. In gpg.conf include the
following for a keyserver-options line

keyserver-options auto-key-retrieve include-subkeys include-revoked import-clean

You may omit the include-* options as you see like

Adding 'export-clean' will clean keys (yours) when you send them to the keyserver.

'import-clean' and 'export-clean' may also be included on the respective
import-options and export-options lines. Those do not affect keyserver operations

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/6d6deecb/attachment.bin>

From John at Mozilla-Enigmail.org  Fri Aug 22 01:31:41 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 22 Aug 2008 03:31:41 -0500
Subject: [Enigmail] Keyservers & Spammers Was: Re: First signed message
In-Reply-To: <48AE5348.9080406@nerdshack.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>
	<48AE5348.9080406@nerdshack.com>
Message-ID: <48AE796D.9080501@Mozilla-Enigmail.org>

Matt wrote:
> John W. Moore III wrote:
>> Speaking Personally, I can think of no 'Cons' associated with Uploading
>> Your Key to one or more Keyservers.  I have heard all the 'horror
>> stories' about Spam Bots harvesting Email Addresses from Keyservers but
>> I place no stock in that.
> 
<snip>
> 
> So can they get the email address from the key? Yes. But I don't think
> they do, because if they did, I probably would have gotten some during
> that 3 month period. Spammers don't even care if the addresses are good
> or not, some make up random name @ random domain just hoping to get
> lucky. They don't care, email is practically free to send, so even a
> single 'sale' is practically all profit.
> 
> Now one data point doesn't imply universal truth, especially when
> attempting to prove that something doable just isn't done.

Having tested multiple addresses on several keys, I've found no difference
between an address only on a key being on a keyserver and totally unused
addresses on ISPs.

Yes, it's possible the address was pulled from the key on a keyserver, but the
volume of SPAM was not significantly different from that received as just random
SPAM noise from an unused ISP account.


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/c1f3bc8a/attachment.bin>

From post at lespocky.de  Fri Aug 22 01:31:54 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 22 Aug 2008 10:31:54 +0200
Subject: [Enigmail] Keyservers
In-Reply-To: <48AE778E.2080703@Mozilla-Enigmail.org>
References: <g8kbm4$q0i$1@mozdev.mozdev.org>	<48ADB9AD.6010504@Mozilla-Enigmail.org>	<48ADD543.9010605@bellsouth.net>	<48AE230D.8020006@gmail.com>	<48AE30F4.90505@bellsouth.net>	<0ML21M-1KWQIp3VWN-0008ME@mrelayeu.kundenserver.de>
	<48AE778E.2080703@Mozilla-Enigmail.org>
Message-ID: <0MKwpI-1KWS3w2gVc-0007C9@mrelayeu.kundenserver.de>

Hi John,

> keyserver-options auto-key-retrieve include-subkeys include-revoked import-clean
> 
> You may omit the include-* options as you see like
> 
> Adding 'export-clean' will clean keys (yours) when you send them to the keyserver.

I didn't know these options. This is very useful, thanks for pointing to it.

Greets
Alex

-- 
'With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.' (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/a684baf3/attachment-0001.bin>

From alaric at metrocast.net  Fri Aug 22 03:44:12 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Fri, 22 Aug 2008 06:44:12 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48AE3D2C.7090304@gmail.com>
References: <48ACB90E.4080205@gmail.com> <48AD84C6.2050506@bellsouth.net>
	<48AE3D2C.7090304@gmail.com>
Message-ID: <48AE987C.3090504@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie wrote:
> -----BEGIN PGP MESSAGE-----
> Charset: ISO-8859-1
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> hQMOA3WCrctoTFD6EAv+NCSkAYAJW99yRmVl9ObJfPqjoGAukak5iQFGTTuRf1OE
> IhwccV1sbVU8nA9qkci8JzM1qvfh+twoJ6ACVIxN7lBHN6NAm5Vvpkp9Xwf45obD

Please do not send encrypted messages to a public mailing list.  It
serves no purpose, since nobody can read it.

- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiumHwACgkQ0DfOju+hMkk2AQCdEMwYEDSk/pBsuNoHCVnzijf9
9CMAn3RK8Y6xUBueYs22xf5Llsig/lO3
=ke4F
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug 22 04:28:26 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 07:28:26 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
References: <48AE4337.30300@bellsouth.net>
	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
Message-ID: <48AEA2DA.1050602@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Alexander Dahl wrote:
> Hi John,
> 
>> PLEASE; *never* Post to a List an Encrypted Message /unless/ it is
>> Encrypted to _every_ Member of the List!
> 
> You know, this is not possible. ;-)

Perhaps not this List but there are Lists where it is common practice.  :)

JOHN ;)
Timestamp: Friday 22 Aug 2008, 07:28  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrqLZAAoJEBCGy9eAtCsPmUYH/jVBGCcRwZA6OOm3dCiThb7h
lb1NrisJOefyZrvzobePCuIqxBLW5BFHcT5UIinm7F/9kO7xj4ym/tACmE9zltzI
JIrpFqQnClNkWc2G3CwJ1ch7JONovvsVcbK3cxjgEDINfxSjwPcen5kETb0j43Ma
IAnCDBytvExheapmWRvGb5cHN3DNgBpsXLRBqT0ofxDDy5OVxjZC680mVYgqrL8S
qLMJcSr2P92xtm/WCC3JJ5NwIHNaGPocXXIt/UfneACQE8hyi5cdQyCXoXgqBit5
YOBeaRXHu7+EpKJAQQuwVHh1yxtXGzN0QoYH9POu+7EsrWomckpGfXjlytrbAO8=
=DwOB
-----END PGP SIGNATURE-----

From jeandavid8 at verizon.net  Fri Aug 22 04:39:46 2008
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 22 Aug 2008 07:39:46 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEA2DA.1050602@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>
	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
	<48AEA2DA.1050602@bellsouth.net>
Message-ID: <48AEA582.1040706@verizon.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> Alexander Dahl wrote:
>> Hi John,
> 
>>> PLEASE; *never* Post to a List an Encrypted Message /unless/ it is
>>> Encrypted to _every_ Member of the List!
>> You know, this is not possible. ;-)
> 
> Perhaps not this List but there are Lists where it is common practice.  :)
> 
Really? Those lists must be extremely small. Imagine that the list server
would have to look up the public key of everyone signed up for the list. And
it would need to encrypt the text of every message for each list subscriber.
The overhead would be tremendous, would it not?

- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 07:35:01 up 15 days, 13:41, 4 users, load average: 4.04, 4.21, 4.42
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFIrqWBPtu2XpovyZoRAnkTAJ0Q6Mh6JAXq0kMZu+sANZ83QXDyyQCggr3H
diavQh4tMjtm1zCmsK1Ticc=
=7g6w
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug 22 04:55:38 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 07:55:38 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEA582.1040706@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>
	<48AEA582.1040706@verizon.net>
Message-ID: <48AEA93A.2060404@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-David Beyer wrote:

> Really? Those lists must be extremely small. Imagine that the list server
> would have to look up the public key of everyone signed up for the list. And
> it would need to encrypt the text of every message for each list subscriber.
> The overhead would be tremendous, would it not?

No.  Every Post is Encrypted to the Key of Each List/Group Member.
There is never a need for Server look-up because each Member provided
His/Her Key at time of Joining.

In PGP this Key Selection is handled transparently via the 'Group'
function and with Enigmail is easily accomplished with the Per-Recipient
Rules.  Upon Joining such a Group or List there is a certain amount of
Set-Up required on the part of the New Subscriber.  This is what I
referenced " _a List_ " in My Original Post.

Interestingly, the size of the Group & number of Keys Encrypted to has
no effect on the ultimate size of the Message.

JOHN ;)
Timestamp: Friday 22 Aug 2008, 07:55  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrqk1AAoJEBCGy9eAtCsPS/sIAJ51MaPOpyLbYaRIucj8gXgV
46YBufNwf8AidFePxZXhxTHf7m90YnUKFZVC1SjTSAWCkNmhmrnmDwWmwawbmFxJ
Rjt/bvM/6MJT92Sj2YtjgtsbwD2BdpRlUQwjznlG+FYcbX+aP06z7znp324GUAhs
eRKAMPysH+dCnw/9RE10dMxrvmJkGF6tw60ICJzIQlU/Z44z5LlwFsEtg+7w3brC
ebBpe2LfM/a6kFTb9jC+N2x3iWW9LjqAZHZ+UB2GPUsiHn+sEMjnJlBcDpMEI/x9
KNNZhgRdxK0xMk9J+hd3qbPeuvIUmnqtWjXsOJRNJKm0MvOVApcaPNlyl2toDuw=
=xt0l
-----END PGP SIGNATURE-----

From jeandavid8 at verizon.net  Fri Aug 22 05:10:45 2008
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 22 Aug 2008 08:10:45 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEA93A.2060404@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>
	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>
	<48AEA93A.2060404@bellsouth.net>
Message-ID: <48AEACC5.6030402@verizon.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote (in part):
> Jean-David Beyer wrote:
> 
>> Really? Those lists must be extremely small. Imagine that the list server
>> would have to look up the public key of everyone signed up for the list. And
>> it would need to encrypt the text of every message for each list subscriber.
>> The overhead would be tremendous, would it not?
> 
> No.  Every Post is Encrypted to the Key of Each List/Group Member.
> There is never a need for Server look-up because each Member provided
> His/Her Key at time of Joining.
> 
> In PGP this Key Selection is handled transparently via the 'Group'
> function and with Enigmail is easily accomplished with the Per-Recipient
> Rules.  Upon Joining such a Group or List there is a certain amount of
> Set-Up required on the part of the New Subscriber.  This is what I
> referenced " _a List_ " in My Original Post.

I guess I do not understand this. (You are, of course, correct that the list
server need get my public key only once and keep it on hand locally, not do
this with every mailing.)

To send me an encrypted message, it must be encrypted using my public key,
right? To send you an encrypted message, it must be encrypted using your
public key too. So if there are 5000 members of a list, the message must be
decrypted by the list server using its private key (this is a very small
overhead) and then encrypted 5000 times, once for each recipient, right?

Now it may be that gpg can do some of that one time only (the compression
for sure and possibly the symmetric cypher), but then the public key part
must be done once per recipient, which could be a nuisance.

Furthermore, would it not be more secure to send each copy with a different
key for the symmetric key? I do not know which would be done on a mailing list.

- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 08:00:01 up 15 days, 14:06, 4 users, load average: 4.21, 4.28, 4.27
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFIrqzFPtu2XpovyZoRAjoKAJ9/nYLR67pigqEcbUy+6nQsRMD1GwCfX2Ap
eQBlow5/uHu+0CEgvsP7bFc=
=iqOO
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug 22 05:22:34 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 08:22:34 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEACC5.6030402@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>
	<48AEACC5.6030402@verizon.net>
Message-ID: <48AEAF8A.5050307@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-David Beyer wrote:

> I guess I do not understand this. (You are, of course, correct that the list
> server need get my public key only once and keep it on hand locally, not do
> this with every mailing.)

You are placing far too much work on the List/Group Server.  All it must
do is receive & disseminate the Posts to the List.  All
Encryption/Decryption occurs on the Member's computer.  Keyring
Maintenance is the responsibility of each individual member.

HTH

JOHN ;)
Timestamp: Friday 22 Aug 2008, 08:22  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrq+FAAoJEBCGy9eAtCsP5IwH/j4UQ+C5uzxUQMxcTE4NXX+4
45ytq2R1ySYCbiPaq9mVhmmOr268Hl1zeDmfGxu+nRv2fBQAz/aj5FCd9zFtD7kZ
5mOe3b+TRRaF9w8yhy+o9dNTyB0p9Gyr/UmunL0FEwh2EG77adCkiJiaEg6Td9ag
llrnPH1CUbPf8kKuCNZMD6BqYf2/aIuQWpe4TNWhJaLjFJzBdcqqllwq9IyMi2Ec
8REatNu0MszaGgdMt2a1QLlpLCqgsJ13HapTJQPs6SZgdO870CnyOiE+jJnCfSB7
rVj/M2Ns2ss4tHe/Oc3BO7Qr9jCBlnAkPLaIALnNqy5usT5VMNPNlcM5Eqj/nTk=
=JfcO
-----END PGP SIGNATURE-----

From post at lespocky.de  Fri Aug 22 05:29:04 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 22 Aug 2008 14:29:04 +0200
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEACC5.6030402@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>
	<48AEACC5.6030402@verizon.net>
Message-ID: <0MKxQS-1KWVlb0gBb-0000VC@mrelayeu.kundenserver.de>

Hi,

>> In PGP this Key Selection is handled transparently via the 'Group'
>> function and with Enigmail is easily accomplished with the Per-Recipient
>> Rules.  Upon Joining such a Group or List there is a certain amount of
>> Set-Up required on the part of the New Subscriber.  This is what I
>> referenced " _a List_ " in My Original Post.
> 
> I guess I do not understand this. (You are, of course, correct that the list
> server need get my public key only once and keep it on hand locally, not do
> this with every mailing.)

The list server doesn't need your public key, at least the mail server
does not. The other list members do. So one could put the keyring on a
webserver.

> To send me an encrypted message, it must be encrypted using my public key,
> right? To send you an encrypted message, it must be encrypted using your
> public key too. 

Right.

> So if there are 5000 members of a list, the message must be
> decrypted by the list server using its private key (this is a very small
> overhead) and then encrypted 5000 times, once for each recipient, right?

I think not. You have to encrypt the message to all of the members. I
suppose that's what John meant with ?Upon Joining such a Group or List
there is a certain amount of Set-Up required on the part of the New
Subscriber.? I think the others also have to adjust their settings by
adding the new subscriber.

What you propose is a special key for the server itself and some magic
on server side. You encrypt the message with the servers public key, the
server decrypts it and then reencrypts it with all the public keys of
the members. I never heard about that, I would not say this is
impossible, but I think it's not what John meant.

> Now it may be that gpg can do some of that one time only (the compression
> for sure and possibly the symmetric cypher), but then the public key part
> must be done once per recipient, which could be a nuisance.

I didn't understand that.

> Furthermore, would it not be more secure to send each copy with a different
> key for the symmetric key? I do not know which would be done on a mailing list.

So the server should not send one message encrypted to all members but a
message to each only encrypted with his own key?

Greets
Alex

-- 
'With the first link, the chain is forged. The first speech censured,
the first thought forbidden, the first freedom denied, chains us all
irrevocably.' (Jean-Luc Picard, quoting Judge Aaron Satie)
*** GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0 ***

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/78711d33/attachment.bin>

From jeandavid8 at verizon.net  Fri Aug 22 05:36:28 2008
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 22 Aug 2008 08:36:28 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEAF8A.5050307@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>
	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>
	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>
	<48AEAF8A.5050307@bellsouth.net>
Message-ID: <48AEB2CC.4030505@verizon.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> Jean-David Beyer wrote:
> 
>> I guess I do not understand this. (You are, of course, correct that the list
>> server need get my public key only once and keep it on hand locally, not do
>> this with every mailing.)
> 
> You are placing far too much work on the List/Group Server.  All it must
> do is receive & disseminate the Posts to the List.  All
> Encryption/Decryption occurs on the Member's computer.  Keyring
> Maintenance is the responsibility of each individual member.
> 
(I just put in a new version of Thunderbird and Enigmail.)

I guess my mental model of how this works is faulty.

One model goes like this: If I wish to send an encrypted message to a
mailing list that allows this, I must encrypt it before sending it to the
list. And the key I use to encrypt it must be the public key of the list
server, right? If so, the list server must decrypt it, since no one else has
the private key of the list server (I hope). That is the easy part. Then the
list server must encrypt it to each recipient.

Another way is to push the overhead back to the original poster. In that
case, the O.P. does not encrypt the message to the key of the list server
(if it even has one). Instead, the O.P. must encrypt it to each and every
recipient of the list, so the O.P. must possess all those keys. In this
case, the list server does no more than any other list server. But in that
case, the O.P. would have to send to the recipients individually (perhaps by
running a list server of his own). This does not seem to be a satisfactory
way of doing things.

So there must be at least one more model that does not have the problems of
the two I describe.

- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 08:25:01 up 15 days, 14:31, 5 users, load average: 4.34, 4.23, 4.24
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFIrrLMPtu2XpovyZoRApGvAKCydlEi/o6vrMG/jZoNNaVjATWE+ACgzJ7c
Wn36XW8AnfA849iaWmvgHxU=
=kBCl
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 22 05:50:21 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 22 Aug 2008 07:50:21 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEAF8A.5050307@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>
	<48AEAF8A.5050307@bellsouth.net>
Message-ID: <48AEB60D.5040406@sixdemonbag.org>

John W. Moore III wrote:
> You are placing far too much work on the List/Group Server.  All it must
> do is receive & disseminate the Posts to the List.  All
> Encryption/Decryption occurs on the Member's computer.  Keyring
> Maintenance is the responsibility of each individual member.


John, if you'll allow me --

This setup is not especially secure, nor is it especially scalable.  But
that's okay: the question is how well the group's policies advance the
group's goals, not whether the group is secure, scalable, fragrant,
purple, or any other adjective you wish to use.

First I'll explain the problems, and then I'll explain why they don't
matter much for John's purposes.

It's not especially secure because "three can keep a secret if two are
dead."  That's just basic common sense.  A mailing list with a large
number of people is going to have a hard time keeping secrets from
someone who is serious about finding out details.

It's not especially scalable because of something called a "combinatoric
explosion".  When the list is just one person, no keys need to be
exchanged.  When the second person joins, one key exchange needs to be
done.  When the third person joins, two key exchanges take place.  When
the fourth, three key exchanges.  And so on and so on.  With 100 people
on the list, you're going to have 4,950 key exchanges.  Assuming just
one in a hundred goes awry, you're talking about 50 pairs of people who
can't talk to each other and a flurry of messages like "I couldn't read
the last, it wasn't encrypted to my key, please fix this."

That said, these two problems are not critical -- at least, not for the
mailing list I think John has in mind.  That mailing list is a place for
people to get experience in using encrypted email, experience in pulling
down keys from the server, experience in managing keys, etc.

Given that's their goal, the two problems really aren't all that bad.
However, if you were running a mailing list devoted to, say, the
overthrow of a government, trafficking in contraband, or other such
high-risk behavior, you would probably want to set things up much
differently.

As with so many things in communications security, knowing what it is
you're trying to do is a major, major step towards successfully
achieving it.  :)



From jmoore3rd at bellsouth.net  Fri Aug 22 07:47:53 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 10:47:53 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEB2CC.4030505@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>
	<48AEB2CC.4030505@verizon.net>
Message-ID: <48AED199.4020708@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-David Beyer wrote:

> (I just put in a new version of Thunderbird and Enigmail.)

All appears functional here.  :-D

> Another way is to push the overhead back to the original poster. In that
> case, the O.P. does not encrypt the message to the key of the list server
> (if it even has one). Instead, the O.P. must encrypt it to each and every
> recipient of the list, so the O.P. must possess all those keys. In this
> case, the list server does no more than any other list server. But in that
> case, the O.P. would have to send to the recipients individually (perhaps by
> running a list server of his own). This does not seem to be a satisfactory
> way of doing things.

No need to run a List Server anywhere; simply put in place the
requirement that submission of a Public Key is necessary for
Subscription to the Group.Upon successful Subscription to the Group a
Keyring of other Members is automatically Sent to the New Subscriber.
As folks Un-Subscribe an Announcement is made and Keyring/Encryption
Rule maintenance is the responsibility of the individual Member.

This method keeps everything in line with the K.I.S.S. Principle.  :)

JOHN ;)
Timestamp: Friday 22 Aug 2008, 10:47  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIrtGXAAoJEBCGy9eAtCsPsnMH+wSua+T8OP6fvPkjXSPoYSDO
LXzWrpc//ICLB5xJTISW5ulRpeP/x+d9KDlPDZqq6NspiUI+aa33Rf0fOitU43uu
G7rEtmeGrBvbCEH5T84pjVzHKeg+V/1FCGnz0/YUQ2gXVSx08ERBUZl1SwdOdPyH
Q1KqQm/P1VVKNitS02ia3rf8TywsuyOj3fLHH1adcqoodnIsxfQ8S6YxfxMo14cx
GGsZ2zjJdoG0Z6QhbuIBkywRV0g+4V90MeWBcB/NEyLArXzZIxoLf+6mtGJfsdjV
PG3xyeGRtGu7aKlRe1zVCRDGkoK9OYurzJJ6UPR7DKVTYWMoiDRqfUHldCWcC1s=
=ERxQ
-----END PGP SIGNATURE-----

From jeandavid8 at verizon.net  Fri Aug 22 09:18:34 2008
From: jeandavid8 at verizon.net (Jean-David Beyer)
Date: Fri, 22 Aug 2008 12:18:34 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEB60D.5040406@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>
	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>
	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>
	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>
	<48AEAF8A.5050307@bellsouth.net> <48AEB60D.5040406@sixdemonbag.org>
Message-ID: <48AEE6DA.4030003@verizon.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote (in part):
>
> Given that's their goal, the two problems really aren't all that bad.
> However, if you were running a mailing list devoted to, say, the
> overthrow of a government, trafficking in contraband, or other such
> high-risk behavior, you would probably want to set things up much
> differently.
> 
> As with so many things in communications security, knowing what it is
> you're trying to do is a major, major step towards successfully
> achieving it.  :)
> 
Yes. And my mental model of the task at hand was different from the one JWM
had in mind and has a solution for. The confusion was on a higher level and
about more important things, as is sometimes said.

- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 12:15:01 up 15 days, 18:21, 4 users, load average: 4.24, 4.52, 4.56
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFIrubZPtu2XpovyZoRAjWuAJ9n63icqphFgwFBhFRMMxQ3yUFHmgCgxWMn
Bj/PN5stePEKjNSOsilUgTA=
=p6HM
-----END PGP SIGNATURE-----

From simon.smithers at gmail.com  Fri Aug 22 01:49:57 2008
From: simon.smithers at gmail.com (Simon Smithers)
Date: Fri, 22 Aug 2008 09:49:57 +0100
Subject: [Enigmail] Signing a key
Message-ID: <48AE7DB5.6080304@googlemail.com>

Hi - I know this is going to sound incredibly basic, but I have
digitally signed my own key - is this correct and, if not, is there
anyway I can remove the signature?

Many thnaks.

Kind regards
Simon Smithers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3265 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/c1814eaa/attachment.bin>

From jmoore3rd at bellsouth.net  Fri Aug 22 09:24:34 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 22 Aug 2008 12:24:34 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEE6DA.4030003@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>
	<48AEB60D.5040406@sixdemonbag.org> <48AEE6DA.4030003@verizon.net>
Message-ID: <48AEE842.9060803@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-David Beyer wrote:

> Yes. And my mental model of the task at hand was different from the one JWM
> had in mind and has a solution for. The confusion was on a higher level and
> about more important things, as is sometimes said.

Coming Full Circle, I repeat:  Please do _not_ send anything Encrypted
to _a List_ unless You are Encrypting to Everyone.  Much like a Teacher
saying "Do not eat in Class unless You brought enough for Everybody!"

JOHN :)
Timestamp: Friday 22 Aug 2008, 12:24  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIruhBAAoJEBCGy9eAtCsPic8IAJVpesh0URXuiMJrcPK71itk
QvlwsPOhmbJ6+ihsm98tlSVeAkPiZ9SfJE12dww1KtCMYTk6W6nZQNcF48aSh7q5
in5IS8E3oXJur26ndEaCD1jWTgxXjGgFVKsPyMCA+I1mzj0y+ejPpnXGFHnDyhuV
5FSCqox+YcY7OiHhmLtWf9XHgl3j1aD8/+eRskf2UwCSkx6zgi71YglkOntbfekE
OmNnwRmipHH6J6JPYQEjwZ3TxbLbL2ojcsJ7zx1H7B2hz4lTTEyULV93WNEH2n/r
UrDXx7hbDyipEIprmVmT10HTpjbp1UNwbcniiApmBe3YL6fUR1wblcs51SDl3Ys=
=QRBj
-----END PGP SIGNATURE-----

From floeff at gmail.com  Fri Aug 22 10:16:15 2008
From: floeff at gmail.com (Florian Effenberger)
Date: Fri, 22 Aug 2008 19:16:15 +0200
Subject: [Enigmail] automatic disabling of format=flowed
In-Reply-To: <eea901cd0808171051p21c9d7bbs24fe0cfac3050c86@mail.gmail.com>
References: <eea901cd0808160303q38a731f8td5b80a6d40359bda@mail.gmail.com>
	<48A8592E.4050309@mozilla-enigmail.org>
	<eea901cd0808171021t5587e86eg8bccd0f1d55c9a72@mail.gmail.com>
	<48A85F53.3030201@bellsouth.net> <48A86311.3060903@gmail.com>
	<48A86437.5020802@bellsouth.net>
	<eea901cd0808171051p21c9d7bbs24fe0cfac3050c86@mail.gmail.com>
Message-ID: <eea901cd0808221016l50bb255bn65c075b8bcdccef8@mail.gmail.com>

Hi,

> My understanding [& experience] is that it only happens during the
> Install.  You are free to Set it back after install and it will remain
> that way.

I now had it again, but don't know when exactly it happened - maybe
after decrypting a message. I've created a bug at
https://www.mozdev.org/bugs/show_bug.cgi?id=19804

Florian

From chd at chud.net  Fri Aug 22 10:21:30 2008
From: chd at chud.net (Chris De Young)
Date: Fri, 22 Aug 2008 10:21:30 -0700
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEB60D.5040406@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>
	<48AEB60D.5040406@sixdemonbag.org>
Message-ID: <48AEF59A.1010600@chud.net>

An alternate approach that has worked here, for certain lists, is to generate a
key pair for the list itself, and then distribute it (including the secret key
of course) to all the list members.

We've done this for local, departmental lists where you don't have more than a
dozen or two subscribers, and (more importantly) all the subscribers work in the
same building. In this case, doing they key distribution in person is feasible.
 This isn't likely to work for a widely distributed list like this because
distribution of the secret key becomes a significant problem.

Also, there's a legitimate security concern about having too many holders of the
secret key - obviously you only have to compromise one of them in order to own
all of them, and all past list traffic too. In our case the traffic on the list
is not so sensitive that this is an unacceptable risk, but of course your
mileage may vary.  :-)

Cheers,
-Chris

Robert J. Hansen wrote:
> John, if you'll allow me --
> 
> This setup is not especially secure, nor is it especially scalable.  But
> that's okay: the question is how well the group's policies advance the
> group's goals, not whether the group is secure, scalable, fragrant,
> purple, or any other adjective you wish to use.
> 
> First I'll explain the problems, and then I'll explain why they don't
> matter much for John's purposes.
> 
> It's not especially secure because "three can keep a secret if two are
> dead."  That's just basic common sense.  A mailing list with a large
> number of people is going to have a hard time keeping secrets from
> someone who is serious about finding out details.
> 
> It's not especially scalable because of something called a "combinatoric
> explosion".  When the list is just one person, no keys need to be
> exchanged.  When the second person joins, one key exchange needs to be
> done.  When the third person joins, two key exchanges take place.  When
> the fourth, three key exchanges.  And so on and so on.  With 100 people
> on the list, you're going to have 4,950 key exchanges.  Assuming just
> one in a hundred goes awry, you're talking about 50 pairs of people who
> can't talk to each other and a flurry of messages like "I couldn't read
> the last, it wasn't encrypted to my key, please fix this."
> 
> That said, these two problems are not critical -- at least, not for the
> mailing list I think John has in mind.  That mailing list is a place for
> people to get experience in using encrypted email, experience in pulling
> down keys from the server, experience in managing keys, etc.
> 
> Given that's their goal, the two problems really aren't all that bad.
> However, if you were running a mailing list devoted to, say, the
> overthrow of a government, trafficking in contraband, or other such
> high-risk behavior, you would probably want to set things up much
> differently.
> 
> As with so many things in communications security, knowing what it is
> you're trying to do is a major, major step towards successfully
> achieving it.  :)
> 
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/08a3c104/attachment.bin>

From rbrtryn at gmail.com  Fri Aug 22 10:46:31 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Fri, 22 Aug 2008 11:46:31 -0600
Subject: [Enigmail] Signing a key
In-Reply-To: <48AE7DB5.6080304@googlemail.com>
References: <48AE7DB5.6080304@googlemail.com>
Message-ID: <48AEFB77.6000700@gmail.com>

On 8/22/2008 2:49 AM, Simon Smithers wrote:
> Hi - I know this is going to sound incredibly basic, but I have
> digitally signed my own key - is this correct and, if not, is there
> anyway I can remove the signature?

You should *always* sign your public key. This ensures that the public
really belongs to you, you have the corresponding secret key, and that
the public key hasn't been modified in some unapproved way.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/8ab147df/attachment.bin>

From ldc at lrcressy.com  Fri Aug 22 14:20:38 2008
From: ldc at lrcressy.com (LeRoy Cressy)
Date: Fri, 22 Aug 2008 17:20:38 -0400
Subject: [Enigmail] Signing a key
In-Reply-To: <48AE7DB5.6080304@googlemail.com>
References: <48AE7DB5.6080304@googlemail.com>
Message-ID: <48AF2DA6.7020500@lrcressy.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Simon Smithers wrote:
> Hi - I know this is going to sound incredibly basic, but I have
> digitally signed my own key - is this correct and, if not, is there
> anyway I can remove the signature?

When you create a key pair normally GnuPG signs the key with your
signature with ultimate trust.  Even when you create a sub key it is
signed with your own signature.

- --
 Rev. LeRoy D. Cressy  mailto:leroy at lrcressy.com   /\_/\
                       http://lrcressy.com        ( o.o )
                       Phone:  215-535-4037        > ^ <

gpg fingerprint:  62DE 6CAB CEE1 B1B3 359A  81D8 3FEF E6DA 8501 AFEA

For info on enigmail:    http://lrcressy.com/linux/mozilla.pdf
For info on gpg:         http://www.gnupg.org/

Jesus saith unto him, I am the way, the truth, and the life:
no man cometh unto the Father, but by me. (John 14:6)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEVAwUBSK8tpquxGqN1iGbbAQgdmAgAojnDzfBbM/UqZTmQvTBCaKhbiQwhP0e9
gLSk3u5f171VWKMxuFCInkMPdZ9ipYp/Lp9H/MRaZjETkXqeTSNFZwVd3+IPjJBk
1/blD7mgRJonmGY6kJz0iJdTJar3DqK4oTckn0pVsJuWBYStM2NlNP27/HoJbbB9
dCTGqdPEZ/b2vKQm4FgMy1YlABfxquP47n+9xuREPBdd72BmaG9RTXolRbSf8q71
XNqE7RkjXWP4kD8gAEmGZZyovNqk+5OuoxLVSpXHiN4Xv54ONYJ48ByikUm/Am+b
aKuGZz/zVPUbMmrEvNVf4DO8Rkct2tPxA879KIAXnE+sIRFrdP8mog==
=/JB0
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 22 18:40:55 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 22 Aug 2008 20:40:55 -0500
Subject: [Enigmail] Signing a key
In-Reply-To: <48AEFB77.6000700@gmail.com>
References: <48AE7DB5.6080304@googlemail.com> <48AEFB77.6000700@gmail.com>
Message-ID: <48AF6AA7.2010604@sixdemonbag.org>

Robert Ryan wrote:
> You should *always* sign your public key.

Eh.  Yes and no.  GnuPG does this for you automatically when you create
the secret half, so there's no need for you to do it explicitly.

From rbrtryn at gmail.com  Fri Aug 22 19:05:05 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Fri, 22 Aug 2008 20:05:05 -0600
Subject: [Enigmail] Signing a key
In-Reply-To: <48AF6AA7.2010604@sixdemonbag.org>
References: <48AE7DB5.6080304@googlemail.com> <48AEFB77.6000700@gmail.com>
	<48AF6AA7.2010604@sixdemonbag.org>
Message-ID: <48AF7051.5030406@gmail.com>

On 8/22/2008 7:40 PM, Robert J. Hansen wrote:
> Robert Ryan wrote:
>> You should *always* sign your public key.
> 
> Eh.  Yes and no.  GnuPG does this for you automatically when you create
> the secret half, so there's no need for you to do it explicitly.

You're absolutely correct and I should have been more clear. I should
have said the self-signature should always be present. The
self-signature should not be removed and if it is accidentally removed
the key should be re-signed.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/b82c8626/attachment.bin>

From faramir.cl at gmail.com  Fri Aug 22 22:15:25 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 01:15:25 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEA582.1040706@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>
	<48AEA582.1040706@verizon.net>
Message-ID: <48AF9CED.7050704@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jean-David Beyer escribi?:
> John W. Moore III wrote:
>> Alexander Dahl wrote:
>>> Hi John,
>>>> PLEASE; *never* Post to a List an Encrypted Message /unless/ it is
>>>> Encrypted to _every_ Member of the List!
>>> You know, this is not possible. ;-)
>> Perhaps not this List but there are Lists where it is common practice.  :)
> 
> Really? Those lists must be extremely small. Imagine that the list server
> would have to look up the public key of everyone signed up for the list. And
> it would need to encrypt the text of every message for each list subscriber.
> The overhead would be tremendous, would it not?

  I don't think it would be the list server's duty to do that, it would
be each member of the list's duty to have the public key of the other
members in his/her keyring (and probably, associated to a group too)...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr5ztAAoJEMV4f6PvczxA8UoH+wao2I5XKYjsyDCFSGIhwNKd
7915CyiNiGtpkKQ7/hQMguXgHcDFQUgP2AYa/DxDRdm0TlYyjrjYMbnZVVzKrenR
LVQzGrPjWv5h68qr8s5qeTmsM/+RZVHzaE3Yo4fP2W31G9va09VmjNBVwBcc+InO
n9oS/flA1ZUNClL5Ncz4UFTV70+7jVBhXTBniMuGHEh/tJl2wP1jmvwPTl+Ikbtn
Qjjx2Qe6OmeYI5ktCdRl7i5e6WwFrBotP2apZPUdXPcVPm5yrHdBIWG4iTT3LdCM
tmd7yWas0xnDXWkukZ3IRWwE5qwFzcdNE4vr/dsxv6m2Pv3pNYQy1326t7o4mL0=
=hq6E
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug 22 22:44:42 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 01:44:42 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEB2CC.4030505@verizon.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>
	<48AEB2CC.4030505@verizon.net>
Message-ID: <48AFA3CA.7030101@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Jean-David Beyer escribi?:

> Another way is to push the overhead back to the original poster. In that
> case, the O.P. does not encrypt the message to the key of the list server
> (if it even has one). Instead, the O.P. must encrypt it to each and every
> recipient of the list, so the O.P. must possess all those keys. In this

  That is the way John W. Moore III 's list works...

> case, the list server does no more than any other list server. But in that
> case, the O.P. would have to send to the recipients individually (perhaps by
> running a list server of his own). This does not seem to be a satisfactory
> way of doing things.

  No, you don't need to deliver the messages individually... when you
encrypt a message to a recipient's key, what gpg does, it is to encrypt
it symmetrically to a one use key, and it encrypts asymmetrically to the
recipient's public key, and attach the encrypted key to the message. But
usually, when you send a message, you want to be able to read it in your
sent messages folder... in order to be able to do that, enigmail also
encrypts it to YOUR public key, and attach it to the message (so, at
that point, the message includes the symmetric one session key encrypted
to for recipient's public key, and the same symmetric one session key,
encrypted to your public key). And since it can be done to 2 different
public keys, it is trivial to keep adding more and more public keys...
you just need to have those keys available at your key ring, and to
group them... then you would just need to say "encrypt this message to
everybody in that group", and gpg would attach one copy of the symmetric
one session key, each copy encrypted to one public key... at some point,
maybe the size of the original message would be smaller than the added
size of all those encrypted keys... but John W. Moore III has said the
impact of attaching all those keys it is not noticeable... and in fact,
as he said, the word to describe that is "interestingly".

> So there must be at least one more model that does not have the problems of
> the two I describe.

  No, it is the second model, but using some advantages you are not
aware about... You just need to assign all these keys to a group, and
tell enigmail, using recipient's rules, to do that each time you send a
message to that list... and each time a new member joins the list, you
would need to include his key to that group...

 By the way, since I don't use recipient's rules, I am not really sure
how to setup it, but I bet it is not hard to do... I already know how to
encrypt files to a group of keys, using GPGshell, and it was very easy
to do...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr6PJAAoJEMV4f6PvczxAQTMH/2ckDRncNUD9zl6D42HYrikL
WH5bDeAJM4URJn2oRxUjpJCdFkavMqkkgT/N3EWfZybImOvtWujld43ivYfWvlXn
SXZDTUEk9xZ2aD5KPpSTc6qchCKuQn8BhQu50dD4p2xo8Hs7fFE2j8pdCQw8BqBl
+BNzeVqqDlIM76ISUuxGpEZ7onHW6F21ROjgyUNJtka2clX+efCwHTdReOEquYB+
uiZ8H1/3wQbWEkA+m03iP9c2SIWxhFegAufe9nwoS8/NgjprsFmYQKwsdKB9UTk1
fY79HfD6PeJoPzgaKkiu5vivZYI2rIydhlryMZuCNDLGQZ9srk/0+lJx+bHWovI=
=HJEz
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug 22 23:07:04 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 02:07:04 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AEB60D.5040406@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>
	<48AEB60D.5040406@sixdemonbag.org>
Message-ID: <48AFA908.6070803@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribi?:
> John W. Moore III wrote:
>> You are placing far too much work on the List/Group Server.  All it must
>> do is receive & disseminate the Posts to the List.  All
>> Encryption/Decryption occurs on the Member's computer.  Keyring
>> Maintenance is the responsibility of each individual member.

> It's not especially secure because "three can keep a secret if two are
> dead."  That's just basic common sense.  A mailing list with a large
> number of people is going to have a hard time keeping secrets from
> someone who is serious about finding out details.

  I agree, if 20 persons have access to a secret, it is very likely one
of them will either talk about it, or to make a mistake and leave it
where someone else can read it... however, if the only purpose is to
avoid sniffing, it would not be so bad... right?

> It's not especially scalable because of something called a "combinatoric
> explosion".  When the list is just one person, no keys need to be
> exchanged.  When the second person joins, one key exchange needs to be
> done.  When the third person joins, two key exchanges take place.  When
> the fourth, three key exchanges.  And so on and so on.  With 100 people
> on the list, you're going to have 4,950 key exchanges.  Assuming just

  Wait... isn't it the reason why public keys are supposed to be so
useful? I mean, the fact each one just need to get 1 key per
recipient... if the list has 100 persons, and I join it, I would just
need to get 100 public keys, and not to exchange a lot more keys... and
each of the other 100 members (now we would be 101), would need to
import my key, that would be 200 exchanges... me getting 100, and 100
people getting 1 new key...

> one in a hundred goes awry, you're talking about 50 pairs of people who
> can't talk to each other and a flurry of messages like "I couldn't read
> the last, it wasn't encrypted to my key, please fix this."

  Well, I figure in certain lists, if a member is unable to get the
keys... the list owner can apply the K.I.T.A. procedure... (kick in
the..) of course, it is not advisable to do it in a public support list,
like this, but it is very likely it can work in... let's say, an ogame
alliance list...

> Given that's their goal, the two problems really aren't all that bad.
> However, if you were running a mailing list devoted to, say, the
> overthrow of a government, trafficking in contraband, or other such
> high-risk behavior, you would probably want to set things up much
> differently.

  I agree, and I would not be willing to know anything about the subject
(at least, not in a list... I would be talking about the subject person
to person, and inside a bathroom with the shower open, the W.C. running,
and playing a Cannibal Corpse CD at high volume in the HiFi system...

P.S: if next time I hear Cannibal Corpse at high volume, police kicks my
door, I will tell you about it... (lol)

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr6kIAAoJEMV4f6PvczxAX/sH/REBNcQMzx67WS4yJ+4kKZq/
C3ANmZaSTwE8pZ+VSTBt+8kDFY45ASZhBhLRD3VHktUNiWO/RMW6zRHHNKH4Otpe
EL6Y5zE7RG0Mf9vt+ByeJp2s6mm1lPLEuxBPqJ+0bTrMcL1LvHYkovVb8Ei2MDPv
vC+KaOatOxLwXug2OwJCBA/GcK71/JQu2oL3q/v6hZ/NuCNhmxCu1ieF7XdvPaPb
mjUEl6zHf5QZrm7LjkZSKc5fyDmhYenHbJ6kk+5VlwkCiWBqcSe5DDcrvzGGB7r6
lcMDKPOlpMtsvjlgN3YFO0wc/Ve6gTJWm0drEAz+kaXiGcbf5A0zZGkBUMZXkbM=
=ux6N
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 22 23:47:17 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 01:47:17 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFA908.6070803@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>
	<48AFA908.6070803@gmail.com>
Message-ID: <48AFB275.7030106@sixdemonbag.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Faramir wrote:
> Wait... isn't it the reason why public keys are supposed to be so 
> useful? I mean, the fact each one just need to get 1 key per 
> recipient... if the list has 100 persons, and I join it, I would just
> need to get 100 public keys, and not to exchange a lot more keys...

Do the math.

The first person joins the list.  They're the only person on the list:
they don't need to exchange keys with anyone.  Total exchanges: 0.

The second person joins the list.  They have to share keys with the
first person on the list.  Exchanges required: 1.  Total: 1 + 0 = 1.

The third person joins the list.  They have to share keys with two
people.  Exchanges required: 2.  Total: 2 + 1 + 0 = 3.

The fourth person joins the list.  They have to share keys with three
people.  Exchanges required: 3.  Total: 3 + 2 + 1 + 0 = 6.

The fifth person joins the list.  They have to share keys with four
people.  Exchanges required: 4.  Total: 4 + 3 + 2 + 1 + 0 = 6.

And so on, and so on.  This turns into the summation of a simple
arithmetic series, which in turn gives us the following equation for the
total number of exchanges needed.  For a mailing list of N people, the
total number of exchanges is:

   N^2 - N
   -------
      2

Thus, by the time the list has grown to 100 people, 4950 key exchanges
have taken place.



-----BEGIN PGP SIGNATURE-----

iFYEAREIAAYFAkivsnUACgkQI4Br5da5jhAQwwDeJ7VDmWP1duzx3RVOQwDyj6h+
s2mnL0ahSc1ioQDguK4VA/9AqwVpPfPVDk3yY4jNrhHI/xcZRdeOKIkBHAQBAQgA
BgUCSK+ydQAKCRC3APSC/q+BCY4mCACM2ettglddgVBeOLNM7X4jqD4iHc3pSan8
RHl7mgHrhzt7zlTRvpdfwVL6X7JNj0gj38We5ZBMCsnevj7b/sV9J4SLPuZ9oYqC
igPhC8q5vb7VmMQbizEhLXlgYcP9ih/9EXV2azKbZh7YP5ppjMzfS8gQ+/4JHNTy
YZ3oneWFludiOz1ERptoJE1K7RgfDpToFFD8v5aXnToqF5P4UpTvlsjvptNcATkO
0pmLDuOdaFzyaPMpoED26FN+jBupHMM2VXWTGuI6fR9LMDrqpEQyNkIxiMcG1qlm
9s5qgAV8sOmtWfbWAnzHtLF1KnZTDYFtdeSwLv3d4sn5nrq6v0Cq
=qqPi
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug 22 23:59:05 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 02:59:05 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AED199.4020708@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB2CC.4030505@verizon.net>
	<48AED199.4020708@bellsouth.net>
Message-ID: <48AFB539.9040406@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III escribi?:

> As folks Un-Subscribe an Announcement is made and Keyring/Encryption
> Rule maintenance is the responsibility of the individual Member.
> 
> This method keeps everything in line with the K.I.S.S. Principle.  :)

  It is the first time I hear about the K.I.S.S. principle... some kind
of "kick in..." principle or it is another kind of principle?

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr7U5AAoJEMV4f6PvczxAWmcH/1iNsb2mMlUTH/nIwqz1AdQv
oWpuBZLFe9IdBHBd+yLp7HcFTQaLGposUEferQFYYXzSSXP17cKcsRCLsL337i44
ZO4LLDTTOWlc4UCuexviSHCZl45EvdjO1ndV0Bms+aLn3AmpDCjbh217C2NqfmQD
qIKDn/bBx21dZnkf23F72MRJf40e+MCfXd42g2rE1DbOKiRvRVlJb9D+5utnKSet
HrAHqI5w8r8Vfp14yh7e7LdaXJBjZGeYiaiNG1m0vOqVMLkeLVEHRutrHJS6AGz3
xH55GHHiulUrurHM4j3+scMWNdMok6bxxtixDDrgCcFlLAxt4ST63UQ6bXoAB1I=
=LqIN
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sat Aug 23 00:06:18 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 03:06:18 -0400
Subject: [Enigmail] Signing a key
In-Reply-To: <48AEFB77.6000700@gmail.com>
References: <48AE7DB5.6080304@googlemail.com> <48AEFB77.6000700@gmail.com>
Message-ID: <48AFB6EA.1010508@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert Ryan escribi?:
> On 8/22/2008 2:49 AM, Simon Smithers wrote:
>> Hi - I know this is going to sound incredibly basic, but I have
>> digitally signed my own key - is this correct and, if not, is there
>> anyway I can remove the signature?
> 
> You should *always* sign your public key. This ensures that the public
> really belongs to you, you have the corresponding secret key, and that
> the public key hasn't been modified in some unapproved way.

  But... isn't it handled by default by gpg? I thought it was... but
maybe I am wrong... Since I always use either Enigmail or GPGShell to
generate my keys, maybe they automate that part...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr7bqAAoJEMV4f6PvczxAy8oH/1MAHIiL8Az63f2w/v5vq8Rz
WB26dHjZkluZYFkdvJ2yPMuJSVr11hlq/dM/PfQ+ihapLy86jc7rdfvHT4nzcZ6P
xZBKTX+V+tGbtSGgEetp4lzxQeYPImHltD4VDskwel6iV6tRon3rSbJ1xPIRCS44
78uRooLZne7c10Ld3hO50JV/OhmjygSe6OMNsDJctskTdGPCWCJNowaJ2JAAzkWR
sxX5WwHXy95kKZM4AR07F7OWiOll5KB0DpZI+CmAk0nPknuT46wkMKHpgx7bZW5x
K6q8/ztc9M9Q2O5slDChtg88dOBeInGad6IBNy6XGFKyUxyDB8cXeUywrYbIVOw=
=c1sq
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Sat Aug 23 00:46:35 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sat, 23 Aug 2008 02:46:35 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFB539.9040406@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB2CC.4030505@verizon.net>	<48AED199.4020708@bellsouth.net>
	<48AFB539.9040406@gmail.com>
Message-ID: <48AFC05B.6020707@Mozilla-Enigmail.org>

Faramir wrote:
> John W. Moore III escribi?:
> 
>> As folks Un-Subscribe an Announcement is made and Keyring/Encryption
>> Rule maintenance is the responsibility of the individual Member.
> 
>> This method keeps everything in line with the K.I.S.S. Principle.  :)
> 
>   It is the first time I hear about the K.I.S.S. principle... some kind
> of "kick in..." principle or it is another kind of principle?

Keep It Simple, Stupid.

Nothing personal. Just don't overly complicate a simple process by
over-engineering it.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080823/76a22d28/attachment.bin>

From faramir.cl at gmail.com  Sat Aug 23 02:02:31 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 05:02:31 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFB275.7030106@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>
	<48AFB275.7030106@sixdemonbag.org>
Message-ID: <48AFD227.5030607@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribi?:
> Faramir wrote:
>> Wait... isn't it the reason why public keys are supposed to be so
>> useful? I mean, the fact each one just need to get 1 key per
>> recipient... if the list has 100 persons, and I join it, I would just
>> need to get 100 public keys, and not to exchange a lot more keys...
...
> And so on, and so on.  This turns into the summation of a simple
> arithmetic series, which in turn gives us the following equation for the
> total number of exchanges needed.  For a mailing list of N people, the
> total number of exchanges is:
> 
>    N^2 - N
>    -------
>       2
> 
> Thus, by the time the list has grown to 100 people, 4950 key exchanges
> have taken place.

  The "natural" numbers summation :o

  Yes, but each person would need to do just 100 "downloads" from a
keyserver... I wonder how many key exchanges have we done in enigmail
and gpg lists, since a lot of people sign their messages... (no need to
give an answer about that).

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr9ImAAoJEMV4f6PvczxAwmAH/RY3XbNB41ggv/ssZi98+tNd
Qwok2OMgHiFFw9l5PWM4ayJkIMMSfzDOUEvL1pP0si98Y2E6S75Ec/mewPQLyo8o
rkjJE+HhT9hlgAb7LV49ax5EuUyN+A2V9ng+CkOxtozn4KFPgg/t9J0rJC3XXGEM
5a8DSEVSjOrMC+YMXqFeygsKlFYBA9LGeAPaXxOVhdKLs7b+YJwxtgdidEmpO9FN
tJj29X0mvnWiUFzrT4dL0gLjF8tSq/lZ4PGTpX9Iaa8LalGNarqUsNY6g4GU3c5O
2ly9/Wkrelr0fDUaUxZuPPvO+6Ip3UiW7jV7+F2lhkNJWWntUCfP7qAYu470PtQ=
=Bk92
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sat Aug 23 03:49:48 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 23 Aug 2008 06:49:48 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFC05B.6020707@Mozilla-Enigmail.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB2CC.4030505@verizon.net>	<48AED199.4020708@bellsouth.net>	<48AFB539.9040406@gmail.com>
	<48AFC05B.6020707@Mozilla-Enigmail.org>
Message-ID: <48AFEB4C.9010209@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John Clizbe escribi?:
> Faramir wrote:
...
>>   It is the first time I hear about the K.I.S.S. principle... some kind
>> of "kick in..." principle or it is another kind of principle?
> 
> Keep It Simple, Stupid.
> 
> Nothing personal. Just don't overly complicate a simple process by
> over-engineering it.

  LMAO... I must write down that one... surely there are a lot of people
that should learn that principle...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIr+tMAAoJEMV4f6PvczxAiRoH/3rsHjsC1JmGiyelEuZToRuU
vx7/lKoC8VfF0PHxXnZb7rl85H2UNj7UT0YGhR6VXEQ0RfHFDGcDV9FP69bTpP4c
WFXsYsNOPvwoS+JpwdwgYv3nGlIhMOUw5GA1KRzVBpaHf6zY04ejmuyiB3rwg5Md
imQEaLOjQngj2mpSPNnRnQGtivRQYzJ1v4h2r/CRweFhVGP/G5hVYswciC4zs/Po
7PX1Ep4jSlEZ9fifDBAIcseH77XFHa/Djel6Eq58kXZl+Aaj3HMbPtWLUz4vLhHk
jxDiyjfOqYg61awBWzL6pv2TsIh/YRNgEsQYwZOYq3Q/s1H/I/54ddVOUnybmWQ=
=gXHR
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 23 04:21:32 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 23 Aug 2008 07:21:32 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFB539.9040406@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB2CC.4030505@verizon.net>	<48AED199.4020708@bellsouth.net>
	<48AFB539.9040406@gmail.com>
Message-ID: <48AFF2BC.5050003@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Faramir wrote:

>   It is the first time I hear about the K.I.S.S. principle... some kind
> of "kick in..." principle or it is another kind of principle?

=-O  Keep It Simple, S.......

JOHN ;)
Timestamp: Saturday 23 Aug 2008, 07:21  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIr/K2AAoJEBCGy9eAtCsPvuQH/AvuTi4C81ZNsmOtEfu3nJ/3
19WNVX10yUocmTypOvzsmLFeUSk7x7wqhw6b3OMeQ56DcBMAVZxmZFrs4jw/7n7E
SLhgovoaNkqT/HwlgJRomX522PEMjgDl3IGJUMaX//Gy+Ow708jRWTTOxIBy6FgG
1SEQuQ2MTlLchGBDabjPTroc5cXHi1/Jy/8VlvG2kERYTv8pxUfDO4UVg4t6Z00Q
3qMyr8Q0gZpq6BGAwHvpBmvoGw1wgYvMAZSmJNJcslrmPe8CzKHAt5hQQ//SRG4G
OtO+zeJaGkO51u771laG4o0sKSLdRcvMPwnSN/P7MGAnDm7szHKKO3RwNlla3Cs=
=XEQd
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 23 04:23:33 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 06:23:33 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFD227.5030607@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>
	<48AFD227.5030607@gmail.com>
Message-ID: <48AFF335.4060900@sixdemonbag.org>

Faramir wrote:
>   Yes, but each person would need to do just 100 "downloads" from a

Faramir, I've tried to explain this twice.  I don't know how to explain
it any clearer, I'm sorry.



From rjh at sixdemonbag.org  Sat Aug 23 04:26:25 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 06:26:25 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFB539.9040406@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB2CC.4030505@verizon.net>	<48AED199.4020708@bellsouth.net>
	<48AFB539.9040406@gmail.com>
Message-ID: <48AFF3E1.70408@sixdemonbag.org>

Faramir wrote:
>   It is the first time I hear about the K.I.S.S. principle... some kind
> of "kick in..." principle or it is another kind of principle?

Keep It Simple and Stupid.

Other people say it means:

* Keep It Simple, Stupid
* Keep It Simple, Sugarplum
* Keep It Simple, Sh-thead
* Keep It Simple, Scotty

There are many, many different etymologies.  The important thing is what
the KISS principle means: pursue simplicity and reliability.



From rjh at sixdemonbag.org  Sat Aug 23 08:15:15 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 10:15:15 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFF335.4060900@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>
	<48AFD227.5030607@gmail.com> <48AFF335.4060900@sixdemonbag.org>
Message-ID: <48B02983.8000806@sixdemonbag.org>

Robert J. Hansen wrote:
> Faramir, I've tried to explain this twice.  I don't know how to explain
> it any clearer, I'm sorry.

I'll make one last pass at it.

You're talking about what one person has to do.  But this is irrelevant.
 I don't care if one person has to do 100 lookups.  I don't care of one
person has to do 1000 or 10000 lookups.  Really, I couldn't care less,
and the overwhelming majority of people who have actually implemented
PKI will agree with me.

The health of the system is what matters, not the burden placed on an
individual user.

_The system_ requires 4,950 key transactions, each of which has a
nonzero failure rate.  Even assuming a 1% error rate, that means you
have _fifty_ pairs of people on a 100-person mailing list who cannot
communicate with each other.  That means half the list has at least one
person on the list they can't communicate with.

This can only be described as a catastrophic failure of the
communications system.

But wait, it gets worse.

With 200 people there are _19,900_ key transactions.  Assuming that one
percent of those transactions fail, suddenly you've got 199 people on
the list who cannot communicate with at least one other person on the list.

With 500 people there are _124,750_ key transactions.  Again assuming
just a one percent failure rate, this means there are 1250 failed
exchanges... or, amortized over the entire network, for every list
member there are 2.5 people on the list they can't talk to.  With 100
people, the amortized risk was that half the list had one person they
couldn't talk to... with 500 people, the amortized risk is that
_everyone_ has 2.5 people they can't talk to.

At some point the connection graph fractures and collapses under its own
weight.

To you, the idea of joining an encrypted mailing list (of the sort John
Moore is running) means "oh, I have to download 500 keys, that's a
little bit of a pain, but I can do it."  Your focus is on you.

My focus is on the network.  If I'm part of that network of 500 users
and you join, I get terrified.  I get terrified because the system is
coming apart at the seams already, and each additional user makes the
problem _exponentially worse_.

If you like, talk to one of your computer science professors about this.
 This is a very well known problem in network topology, and it tends to
pop up all over the place in computer science.

From alaric at metrocast.net  Sat Aug 23 08:21:12 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sat, 23 Aug 2008 11:21:12 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48AFF335.4060900@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>
	<48AFF335.4060900@sixdemonbag.org>
Message-ID: <48B02AE8.9010009@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> Faramir wrote:
>>   Yes, but each person would need to do just 100 "downloads" from a
> 
> Faramir, I've tried to explain this twice.  I don't know how to explain
> it any clearer, I'm sorry.

Faramir, try it this way:

Yes, you could just download from the keyserver.  100 list users, 100
downloads.  At that point you have ...  100 untrusted good signatures.


Remember the discussion of untrusted signatures, and the fact that they
don't actually convey any affirmative identity information?  Just
because the signature is good and the message decrypts doesn't mean the
owner of the key is who they claim to be.


If you're on a mailing list on which all traffic is individually
encrypted to every other member of the list, it's probably some pretty
sensitive material.  And that means you don't trust a keyserver.  Every
time an Nth member joins the list, every one of the N-1 previous members
is going to want to personally meet that new member and exchange keys.
And if the Nth person is properly cautious, they, too, are going to want
to personally exchange keys with the N-1 previous members.  Just to make
certain they're really who they say they are and that really is their
key and someone's not pulling a MITM attack.

And that's how you get to 4950 key exchanges by the 100th user.



If you're on a 100% person-to-person encrypted list at all, it's because
you need a list but want your list to be really, really secure.  So
think "How secure can I make it?", not "How easy can I get away with
making it?".  If you trust a public keyserver to give you the other
members' keys, you probably didn't really need an encrypted list that
badly in the first place.

(And in that case, you could probably get away with having a single list
key and just changing the key every time someone leaves the list.)



- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiwKugACgkQ0DfOju+hMkmvzQCglshbq4qG40dwTPcdTu4IAW75
ROkAoJVUlAPxHmg76SVfgSWp85dwrUdt
=A/ug
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 23 08:26:10 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 10:26:10 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B02AE8.9010009@metrocast.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>
	<48B02AE8.9010009@metrocast.net>
Message-ID: <48B02C12.6030004@sixdemonbag.org>

Phil Stracchino wrote:
> Every time an Nth member joins the list, every one of the N-1
> previous members is going to want to personally meet that new member
> and exchange keys.

I hadn't even thought about this.

I was looking at it just from a lens of "what happens if people screw up
communicating their key IDs and/or don't update their keyrings".

Phil is right -- the key verification step is where things _really_ fall
down and go boom.


From jmoore3rd at bellsouth.net  Sat Aug 23 09:05:51 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 23 Aug 2008 12:05:51 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B02AE8.9010009@metrocast.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>
	<48B02AE8.9010009@metrocast.net>
Message-ID: <48B0355F.9090505@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Phil Stracchino wrote:

> If you're on a 100% person-to-person encrypted list at all, it's because
> you need a list but want your list to be really, really secure.  So
> think "How secure can I make it?", not "How easy can I get away with
> making it?".  If you trust a public keyserver to give you the other
> members' keys, you probably didn't really need an encrypted list that
> badly in the first place.

Not necessarily; there are 'Training/Practice' Lists where Message
Secrecy isn't the Goal & in an Enterprise situation the Trust
Assignments and Key Issuance would all be handled by the IT or Security
Department.

Example of Former:  If an 'Enigmail2' List were established to assist in
Encryption Testing & Set-Up then individual meetings would be
unnecessary and pointless because Secrecy would not be attached to "Can
You Read This?" traffic.

This thread originated simply because it was pointed out that an
encrypted List is possible & feasible.  How it wandered down this
'rabbit trail' of musings escapes Me.  IIRC, Nobody recommended
implementation of such a device for use by a covert cell or classified
endeavor.  :-\  Common Sense [an Oxymoron] dictates that Encrypting to
/any/ group of multiple Recipients is only semi-private at best.

JOHN ;)
Timestamp: Saturday 23 Aug 2008, 12:05  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsDVdAAoJEBCGy9eAtCsPPQAIAJmTYhcs1m3LEWSbRoscH46Q
Ui1tpbrydCKLfqXc9mh3JP1uJagDRwGGjbSZ4UJ9FJY06Ps0xTe8ELP66mrmTQOX
ZUjZ/CxP4JklQuCrz10mrK54PUm4lnCsqTA1f/n2BjUmDos7+i8NHlm55eVCAJBD
VFS06fKxN9DWUCnrSv4b12Jnp5+0TPybVyA8a2bMyuzmKBgT2OKUlnXV9UT4Ddnc
drnEgOCVMLzFW73BrvScUz1cQ2muxn7lKR/LIvD12waxzYzCWrBPUaAXY2iyhax6
HYwMWwtSjAY9hA+9AAwf0qci25L0UyUAYdVbXx7beA1XreBQKe9zI3r3jHXpfAw=
=IlFv
-----END PGP SIGNATURE-----

From sean at rima.ws  Sat Aug 23 09:32:16 2008
From: sean at rima.ws (Sean Rima)
Date: Sat, 23 Aug 2008 17:32:16 +0100
Subject: [Enigmail] Sharing Enigmail settings etc
Message-ID: <48B03B90.9030100@rima.ws>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi
I use Tbird on a Windows and Linux box. I have to constantly move
setting esp PR rules from one box to another. Is there any way to store
the settings to a remote location automatically. Ok I know it is not in
the settings but such a feature would be handy

Sean
- --
publictimestamp.org/ptb/PTB-4049 whirlpool 2008-08-23 15:00:07
5A4E139D6E387A8AA4FF25CE2AA21E11314736A7D6976EA694D3118D708EDD54970DF1
C78DCD66DADE51961F1DD26C333C9306ACB294CDEF8845A284EC0B600


- --
A madness beings and ends here
TheCivvie

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEUEARECAAYFAkiwO48ACgkQDif86V/dzTtEDwCcCWAHjsdnsHVBO2S7xgw+GafZ
m0sAl0u57CRbcr2xdR47s6QrV/no6SA=
=8K+a
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 23 09:55:26 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 23 Aug 2008 12:55:26 -0400
Subject: [Enigmail] Sharing Enigmail settings etc
In-Reply-To: <48B03B90.9030100@rima.ws>
References: <48B03B90.9030100@rima.ws>
Message-ID: <48B040FE.7090002@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sean Rima wrote:
> Hi
> I use Tbird on a Windows and Linux box. I have to constantly move
> setting esp PR rules from one box to another. Is there any way to store
> the settings to a remote location automatically. Ok I know it is not in
> the settings but such a feature would be handy

In the Thunderbird Profile is a file 'pgprules.xml' which is the
complete P-R Rules Settings File.

JOHN ;)
Timestamp: Saturday 23 Aug 2008, 12:55  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsED4AAoJEBCGy9eAtCsPmVYH/jnEb059KdduK2MCwiJyZJyx
orUmPpasd19kq00o3aW8tv9Slqd8nIaCQZW4lYdipPmBsd61oqEvt48OGhwK8IJJ
rqpubEiOJtOcB5yrrK4OXblIHARm8LHN0x+e3YV1xwXTK8/mpnU+uUQXEjmzDgUh
xkUFZst/o6AmHzSNhcpkdVeXT/Nb1H/b419jx5RL12/J+bYXGNfP/W3n1kpVrOoe
vr1OrHHLDAb40jGyVer57FdCGjTn9pHYgXpRsRePUArT1DmeilxU8bxiPKf2ubjS
NEOGbqn3TCbOWScyCAvXJKxB1qAxsELlHB8sJObCNz3bYNbi10IbxjNG166NtR4=
=2Lg/
-----END PGP SIGNATURE-----

From sean at rima.ws  Sat Aug 23 10:04:55 2008
From: sean at rima.ws (Sean Rima)
Date: Sat, 23 Aug 2008 18:04:55 +0100
Subject: [Enigmail] Sharing Enigmail settings etc
In-Reply-To: <48B040FE.7090002@bellsouth.net>
References: <48B03B90.9030100@rima.ws> <48B040FE.7090002@bellsouth.net>
Message-ID: <48B04337.2030905@rima.ws>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:



- --
publictimestamp.org/ptb/PTB-4049 tiger2 2008-08-23 15:00:07
48DC72C92B8DFBBEA0C99414AC997705B776F14A0E00D760


> Sean Rima wrote:
>> Hi
>> I use Tbird on a Windows and Linux box. I have to constantly move
>> setting esp PR rules from one box to another. Is there any way to store
>> the settings to a remote location automatically. Ok I know it is not in
>> the settings but such a feature would be handy
> 
> In the Thunderbird Profile is a file 'pgprules.xml' which is the
> complete P-R Rules Settings File.
> 

Tis the problem that I forget to move it and both laptops are in
different locations. Maybe I will make a script to upload to a directory
and move it that way

Sean
- --
A madness beings and ends here
TheCivvie

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Gossamer Spider Web of Trust: http://www.gswot.org
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkiwQzcACgkQDif86V/dzTvr/QCfdiBMonAIJ4C7fMgVSr4fP+UB
91EAnRlY6cDnMkl+wphhxVbHxbvPE06C
=46hX
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sat Aug 23 13:54:51 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sat, 23 Aug 2008 13:54:51 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48AE4142.6060801@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>
	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>
	<48AE4142.6060801@bellsouth.net>
Message-ID: <48B0791B.3040700@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> consider placing it on Big Lumber[www.biglumber.com] and then providing a
> **Link to You Key** either in a
> Comment Line added to Your gpg.conf File or, using Enigmail go to
> Account Settings -> OpenPGP and in that area place **Your Big Lumber Link**
> in the appropriate box so it will appear in the message header.  This
> will prove more convenient that attaching Your Key to messages.

By "Link to Your Key" and "Your Big Lumber Link" do you mean simply the
URL (www.biglumber.com)?

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiweRcACgkQEbLUj7pltrAq9gCdGJ466P4mCEqFl1ev0rX/S+E9
Az8An2lAfqNThOtVF31pv9Dyj9/t2/vm
=XYZ+
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 23 15:44:08 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 23 Aug 2008 18:44:08 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48B0791B.3040700@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>
	<48B0791B.3040700@gmail.com>
Message-ID: <48B092B8.4060206@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> By "Link to Your Key" and "Your Big Lumber Link" do you mean simply the
> URL (www.biglumber.com)?

No, I was referring to the Link that displays Your Key at the Big Lumber
Site.  Usually this is a very long Link so most of Us use
www.TinyURL.com to covert it into a shorter link.  Mine is:
www.tinyurl.com/8cpho  I can't remember whether or not they will Send
this Link to Ya or if You just need to go to the Site, find Your listing
[without logging in] and then use the URL in the Browser Address bar.

JOHN ;)
Timestamp: Saturday 23 Aug 2008, 18:43  --400 (Eastern Daylight Time)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsJK0AAoJEBCGy9eAtCsP/OkH/jkgCL+Pmens7XKASfmrPmAi
GJjqk2NNlWSqWIcDxtlXRoudvnqJ1ntnDh11nVh/VU6K0Bj3WhczzV2l7WzxvC+X
ZbwWRL2Prba+vHIW7+AyTtv27qpTxdp8g8kN9EfVkYBiJ3gX+c9p81C1H3NLJEKc
QanXSI3EGVGGCAH7kPareAyqTOnyRjWmGUjKyBkQ7n/pLPIaVCmFf+tYAA5Yhxng
S2u9ssCSZkaFQ0iof3af+rhaxxoNwtyuW0s4VCfST51Fon2W4ccmYcp6BakeirPU
MB0UgRuu/xiV3mve+W1P7UTRK0zw2Ro3oK44VwWOCnRbqNne653Gks+gcgozVfw=
=jseM
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Sat Aug 23 15:46:23 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sat, 23 Aug 2008 17:46:23 -0500
Subject: [Enigmail] First signed message
In-Reply-To: <48B0791B.3040700@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>
	<48B0791B.3040700@gmail.com>
Message-ID: <48B0933F.2040203@Mozilla-Enigmail.org>

James Gillespie wrote:
> John W. Moore III wrote:
>> consider placing it on Big Lumber[www.biglumber.com] and then providing a
>> **Link to You Key** either in a
>> Comment Line added to Your gpg.conf File or, using Enigmail go to
>> Account Settings -> OpenPGP and in that area place **Your Big Lumber Link**
>> in the appropriate box so it will appear in the message header.  This
>> will prove more convenient that attaching Your Key to messages.
> 
> By "Link to Your Key" and "Your Big Lumber Link" do you mean simply the
> URL (www.biglumber.com)?

No, John means a link specifically to your key; e.g.,
https://biglumber.com/x/web?pk=B4D6FE41208D46283DED751E1D04AC4A608D2A10

or

http://www.somedomain.tla/~someuser/my_key.asc

But neither of these is of benefit in the case of GnuPG or PGP automatically
fetching a key needed for signature validation; keyservers are still the best
option for that.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080823/552fa8c0/attachment.bin>

From original.hwy101 at gmail.com  Sat Aug 23 17:57:15 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sat, 23 Aug 2008 17:57:15 -0700
Subject: [Enigmail] Sign & Sign (local)
Message-ID: <48B0B1EA.5050908@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
What's the difference between the two?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkiwsegACgkQ21btHJTHnM3CQACdGYHN3JlTEqvbYn/93W6nUme3
FCIAoMVy+rwRYB2oS9g1AVvtNv2/019i
=Uque
-----END PGP SIGNATURE-----


From olav at mozilla-enigmail.org  Sat Aug 23 18:13:09 2008
From: olav at mozilla-enigmail.org (Olav Seyfarth)
Date: Sun, 24 Aug 2008 03:13:09 +0200
Subject: [Enigmail] Sign & Sign (local)
In-Reply-To: <48B0B1EA.5050908@gmail.com>
References: <48B0B1EA.5050908@gmail.com>
Message-ID: <48B0B5A5.4090700@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Tom,

> What's the difference between signing a key and signing it locally?

'local' sigs aren't exported so they don't show up e.g. in keyservers.

Olav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Diese ist eine Digitale Signatur nach OpenPGP-Standard
Comment: Weitere Informationen: http://privat.seyfarth.de/olav/schluessel.html

iEYEAREIAAYFAkiwtaQACgkQL/NBt8fdKe0Q7wCgnpvG7NsIyOk9nMm70wqsmCBZ
mhUAniZaqks4rdIiEnz8Q1aov5vN6bNm
=ETX+
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sat Aug 23 19:12:21 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sat, 23 Aug 2008 19:12:21 -0700
Subject: [Enigmail] Big Lumber Quetions
Message-ID: <48B0C385.6090202@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
When I goto add my key to Big Lumber I get:

"That key has already been imported."

But, when I goto Log-In, I see:
"If you have already added your key, you can request another login token:"

Since Key '... already been imported.' I figure the Login Token is for
me, I get:

"Sorry, that ID does not match any key."  Yipes! Talk about a
Round-Robin...

What do I do to get a Login Token?  Thanks


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkiww4IACgkQ21btHJTHnM3tigCgnLXHVRJlAKUSxG5jQp8j1cuY
Fy8AnjzYTSfNxjdi+xhj1RnL9AMmwISs
=h1HG
-----END PGP SIGNATURE-----


From jmoore3rd at bellsouth.net  Sat Aug 23 20:38:27 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 23 Aug 2008 23:38:27 -0400
Subject: [Enigmail] Sign & Sign (local)
In-Reply-To: <48B0B1EA.5050908@gmail.com>
References: <48B0B1EA.5050908@gmail.com>
Message-ID: <48B0D7B3.7030706@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:
> What's the difference between the two?

A 'Local' Signature is _not_ Exportable which means that it exists
*only* on Your Keyring but nowhere else.

An Exportable [non-Local] Signature is affixed to the Key that is Signed
and 'travels' with the Key whenever it is Exported or Uploaded.

Once a Key is returned to the Key Owner with Your Regular/Exportable
Signature on it then wherever the Key Owner chooses to publish His Key
it will have Your Signature displayed upon it.  What this display of
Your Signature on another's Key actually represents is basically a
subjective evaluation in the eye of the beholder.  If they know You and
Your Character/Diligence then they can form an opinion regarding the Key
Owner based upon the fact that You trusted them enough to Sign their Key.

If they don't know You from Adam's house cat then seeing Your Signature
will likely result in nothing more than "Huh, Tom Hwy101 trusts this
Individual; whoever Tom Hwy101 is. :-\ "

The various 'Trust Models' also convey mathematical weights to
Signatures but the most basic premise behind having a Signature on One's
Key is to indicate that some form of Trust Relationship exists between
the 2 parties.  Because of the careless & lackadaisical issuing of
Signatures over the years a great many folks view 'beards' of Signatures
on a Key with more than a few grains of salt.  :-D

FWIW, I never Refresh My Own Key from the Keyservers because it
inevitable results in My having to spend precious time removing the
Signatures of folks & Institutions with whom I have no ongoing
acquaintance.  There is another 'level' of Exportable Signature call
variously 'Trusted Introducer' by PGP [Black Pencil] & Trust Signature
by GnuPG.  With this type of Signature it is possible to indicate within
the Signature just how carefully You have validated the Identity of the
Individual, Your faith in their ability to properly validate/sign other
Keys & just how many 'degrees of separation' You are granting the Key
You signed to pass Your evaluation & trust onto other Keys signed by
that Key. [depth of trust]  It is through the concept of 'Depth of
Trust' that the Web of Trust extends beyond those of Your immediate
acquaintance.  Without due diligence the Web of Trust can become
extremely tangled and come back to bite You.

Clear as Mud?  :-D

JOHN ;)
Timestamp: Saturday 23 Aug 2008, 23:38  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsNewAAoJEBCGy9eAtCsPMLwH/3LXQ9b6a0LDV6GmgdsB8QOD
Lr1Dygp8TN/dmSI/wUzoUhnUudNWexQDu1TFZJKNuKpCKaKmspzjvd1jao0Ppzvt
0FOssfcvADLIb4HFOM46YFGj08LQWs/NVBda0E7G0KShM2jf4ufaIP+qLi/SLLrm
jV6LRxBj1lb95lmdO+jB6iABBH81+hN6HCF9FTEBU4dr7DkG3BVAmpBeS1eIsxcQ
uxEOCPDdNdMV6x86gCdzRR/UxMjheyKx11njpYYn93lE7nqf5I6x2Ut+NE+lUK4J
Fg4nJElvdJwSk9wzfyvaN+CHA5nQllce5+PXqe8FEF3LOrnutUM0KPuh9jhEO3s=
=1Duo
-----END PGP SIGNATURE-----

From original.hwy101 at gmail.com  Sat Aug 23 20:52:40 2008
From: original.hwy101 at gmail.com (Tom Hwy101)
Date: Sat, 23 Aug 2008 20:52:40 -0700
Subject: [Enigmail] Sign & Sign (local)
In-Reply-To: <48B0D7B3.7030706@bellsouth.net>
References: <48B0B1EA.5050908@gmail.com> <48B0D7B3.7030706@bellsouth.net>
Message-ID: <48B0DB08.5050401@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
John W. Moore III wrote:
> Tom Hwy101 wrote:
> > What's the difference between the two?
>
> * * *
>
> Clear as Mud?  :-D
>
> JOHN ;)
> Timestamp: Saturday 23 Aug 2008, 23:38  --400 (Eastern Daylight Time)
_______________________________________________
* * *
This looks like it also explains my next question about O.Trust vs
C.Trust -> Leading to MORE Reading... Arrrrrgggg!
(  but, Thanks John, for Preparing the Way ;-^)  )  Tom
- ---
'Using Yesterday's Software to create Tomorrow's problems Today'
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4799: (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAkiw2wYACgkQ21btHJTHnM3k6QCaA/FeXp3gTIKKYLxHqqO8lvi7
ulQAoNHzOjw4apPfLOsdyayWCskCxbCD
=TiOw
-----END PGP SIGNATURE-----


From gillespie.jp at gmail.com  Sat Aug 23 20:56:52 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sat, 23 Aug 2008 20:56:52 -0700
Subject: [Enigmail] First signed message -- Is tinyurl.com safe and
	reliable?
In-Reply-To: <48B092B8.4060206@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>
	<48B092B8.4060206@bellsouth.net>
Message-ID: <48B0DC04.7020006@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:

> No, I was referring to the Link that displays Your Key at the Big Lumber
> Site.  Usually this is a very long Link so most of Us use
> www.TinyURL.com to covert it into a shorter link.  

John,

This is no doubt an old and settled issue on this list, but I could find
no way to search the list archives for past discussions.

Zone Labs does not advise connecting to tinyurl.com. ZoneAlarm Spyware
Blocker blocks the site by default. Gurus on the ZA forum claim that
tinyurl.com "does not check and bar links containing malware" and that
it "is known to actually send the user to the wrong site or list".
(http://forums.zonelabs.com/zonelabs/board/message?board.id=Antivirus&message.id=27514&query.id=27973#M27514)

Of course, you would not recommend tinyurl.com if you considered it
unsafe for the purpose at hand, but I thought I should get your input on
this Zone Lab position.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiw2/oACgkQEbLUj7pltrBjMACgoiKWAMJiUncII8CK7IjQmaom
+McAn3dmHpYVd92k5vtga5lPeQy912pn
=JiY4
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080823/d4daa58d/attachment.bin>

From jmoore3rd at bellsouth.net  Sat Aug 23 21:13:58 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 00:13:58 -0400
Subject: [Enigmail] Big Lumber Quetions
In-Reply-To: <48B0C385.6090202@gmail.com>
References: <48B0C385.6090202@gmail.com>
Message-ID: <48B0E006.1000300@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Tom Hwy101 wrote:

> What do I do to get a Login Token?  Thanks

When You 1st Uploaded Your Key Big Lumber sent a Log-In Token to the
Email Address on the Primary UID on the Key.  Big Lumber identifies Keys
by the Primary UID on the Key.

There are 3 Main ways to get in 'trouble' with Big Lumber.

1.)  Lose/Forget Your Log-In Token/Password
2.)  Upload a Key with a Free Form UID as Primary. [Free Form means no
Email Address associated with it]
3.)  Lose the Password *and* have abandoned the Email Address shown as
Primary UID on the Stored Key.  This results in even if You successfully
identify the Email Address showing as Primary on the Uploaded Key; Big
Lumber will send the replacement Token/PW to that address & if You've
abandoned or lost access to that address You are S.O.L.  Using Big
Lumber _requires_ that attention be paid to proper maintenance of Your
stored Key there.

Big Lumber offers 3 Features that make it superlative in My estimation.

a.)  It is FREE
b.)  I have 100% Control over the appearance of the Key stored there.
c.)  The 'Key Exchange Service' prevents being burned by Signature
Deadbeats.  :)

If You have fallen victim to any of the items listed 1 through 3 then
all is not lost.  There is an inconvenient & time consuming method of
regaining access to Your Key.  This entails Emailing the Owner and
outlining Your plight.  Chris does make every reasonable effort to
assist.  However, due to item a.) listed above maintaining Big Lumber is
primarily a labor of love and at the time Your request arrives Chris may
be 'in love' with doing other things and it can take some time for Him
to attend to Your problem.

Contact Me Off List and I shall attempt to offer some constructive
suggestions if any of the above applies in Your case.  :-\

HTH

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 00:13  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsOAFAAoJEBCGy9eAtCsPHYoIAJMyTvJt3sIpiYV62oVa5Clx
XJgE6qHFamRr0yx3LbOWmk9LLJGdrW/6bJRcB3n11PJ/JHb2RMueBCIFIaYDTMrt
N9sfSoI+zD0PWIZ0Y0VOEjYNOIj/zE1/dDVC3MBPn1VoO97YODv08IOXxBpcdyYe
1/Hejts3jx5cKZdqKPzuiPh4X89lvifjKRs4GZ/+7wrrwNaE2nXcci30A8N76kD/
cbPXtGrJdrH397BiD4Xc78BxqQWpu6kKhq2Rs8XsYzTTnZHthkeulmFCThtG8IUU
s15ktUEQThjzmpvUOJP5EBnekfSpi2oXpxojURnreVI9yvU64UF9/R1INxaAi94=
=4+Da
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 23 21:17:10 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 23:17:10 -0500
Subject: [Enigmail] First signed message -- Is tinyurl.com safe
	and	reliable?
In-Reply-To: <48B0DC04.7020006@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>
	<48B0DC04.7020006@gmail.com>
Message-ID: <48B0E0C6.9050301@sixdemonbag.org>

James Gillespie wrote:
> This is no doubt an old and settled issue on this list, but I could find
> no way to search the list archives for past discussions.

Google is your friend.  E.g., a few months ago I wrote a detailed
explanation of why there is no difference between a bad signature and a
missing signature.  To find it, I go to Google and enter:

site:mozdev.org enigmail "Robert J. Hansen" signatures

Lo and behold, "On signatures" is the fourth link listed.

> Zone Labs does not advise connecting to tinyurl.com. ZoneAlarm Spyware
> Blocker blocks the site by default. Gurus on the ZA forum claim that
> tinyurl.com "does not check and bar links containing malware" and that
> it "is known to actually send the user to the wrong site or list".

I think ZoneAlarm is being unreasonable.  TinyURL is just a link
redirector.  Expecting TinyURL to also check for malware and hostile
sites is an unreasonable burden.  Think about how much more difficult
TinyURL's job would be if they had to scan all sites they link to for
malware -- not just when the URL first goes up, but _constantly_, since
the contents of a URL can change over time.

That said, I would not visit a TinyURL link that was sent to me by a
person I did not know/trust.



From jmoore3rd at bellsouth.net  Sat Aug 23 21:29:36 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 00:29:36 -0400
Subject: [Enigmail] First signed message -- Is tinyurl.com safe
	and	reliable?
In-Reply-To: <48B0DC04.7020006@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>
	<48B0DC04.7020006@gmail.com>
Message-ID: <48B0E3B0.10606@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> Of course, you would not recommend tinyurl.com if you considered it
> unsafe for the purpose at hand, but I thought I should get your input on
> this Zone Lab position.

I use ZoneAlarm Free and have never had an issue with TinyURL.  I also
utilize the TinyURL Extension in Firefox and haven't had a problem.  All
TinyURL does is condense very long Links/URL's into much shorter, more
manageable ones.  There are undoubtedly other similar services.

As to Zone Lab's position; I have never been a big believer in _any_
all-in-one Suite.  Maybe it's just a peccadillo of Mine but I don't
think there is any 'Super Utility' and therefore choose to use several
individual Applications for specific purposes based upon My Own research
and evaluation of what 'they' do well + what works for Me.  I also do
not chase 'New & Improved' versions of everything I hear or read about.
 I am a devout believer in the adage "If it ain't broke; don't fix it!"
 To date I have never suffered any malware problems.

> tinyurl.com "does not check and bar links containing malware"

Why should it?  It isn't making judgments for  You; it is just
condensing Links for Your convenience.  I also don't believe in "Gurus"
so have equally little faith in some Forum Poster with whom I am
unfamiliar.  I also cannot comment on TinyURL sending folks to the
'wrong site' since this could also be a function of giving TinyURL the
wrong Link to condense or an issue with One's Own DNS Server.

I will state that many folks whose opinion & judgment I admire & respect
also use TinyURL and I have not heard any reported gripes.

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 00:29  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsOOZAAoJEBCGy9eAtCsPsxMIAIDlOPImmLFfZx5Hf9PvTyVz
jmYye/4F4ougLBI/9QLKFlKp9TKiJlMoAZ3pAtfDSY4RUW600/kopRsjYlPvjdKb
A5QT9borlJst2lqUvnweRP0Ezbr6bYvdtJv9PZATNGFegB9WSIMZpt7xTmnafzzR
E0+viu0tlhc3jjLmyJ1jzegAgqXVqOsPbS6mdVRtg1Tc3ThqQc9sSvW9gWoj+N1W
K5EjZtV6mIc7AP/LV95XhQiD1NRgV123BiyPpyclFG1BPD4GExwiZAH6fmWTEiNS
78yNXY8zOeVRxXVUAkmB0QeyRd5vgmgaUtAeUL9pVYbsbK+PkmZ6TK4DPz7zuYw=
=jEYG
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 23 21:34:11 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 00:34:11 -0400
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E0C6.9050301@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E0C6.9050301@sixdemonbag.org>
Message-ID: <48B0E4C3.1080804@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:

> That said, I would not visit a TinyURL link that was sent to me by a
> person I did not know/trust.

You're Awake!  :-D  I was beginning to think there was nobody on the
Internet tonight who was wrong.  *LMAO*

[an admittedly Private Joke between 2 individuals whose nocturnal Online
habits coincide :-D ]

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 00:34  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsOTAAAoJEBCGy9eAtCsPi70H/j5D054ZLw+shFdyevpfncwq
GY+VY7Gb6NfKDEupSl/gO3Al5j6EmCOQV7vJ04XRMIGO1Pf5/NyAMA/LL9/H56BL
LSGc8dbhv7cB5IE7JK6UMvNcydJ3YjNX1lsajAkoM7LkQgm88G9xbX4Eprg2LvCq
IV7rtM0tLKSyLbM4IKPSCEVLiB77FeYOPpif/cXiXKVUmsYDSQKF/zD+yQ3Zg7kW
y1U0egmKo2wHwEW9kzLEetI8tm4mNcUhXjRtWN+t1WKZ3BCxaNn7Ws/VwHdzwgBz
Rv0uc0BChPkZdgDskfD8dn9UM3D6duVvH3aLMr8f6j2fPLJevewoj1Nw7WpYPOk=
=kUEC
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sat Aug 23 21:36:58 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 00:36:58 -0400
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E0C6.9050301@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E0C6.9050301@sixdemonbag.org>
Message-ID: <48B0E56A.6010206@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:

> site:mozdev.org enigmail "Robert J. Hansen" signatures
> 
> Lo and behold, "On signatures" is the fourth link listed.

With such a narrowly defined Search term I'm hardly surprised.  *LOL*

May I also assume that the first 3 links are also discourses on
Signatures by You with more hits?

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 00:36  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsOVnAAoJEBCGy9eAtCsPSboH/3Rsf+oOT+61hzAlIcXIHXKG
RUZFvWieClzkq1t8Y1/idEvnwqBa1z8qiASXEYwRH/V1Yk5xQmhcm4mRXttB0V58
lrOWtLNKPVPnkXjFQ0Baa8eKiFQOzEdMUtswGYv4sff6o+NcB26Igw7wWBW7yLyT
Kg5W4HZB1TJRN2fPy0xuqL5sAyUTqeU2vocjdGCoX9YMBs6F951WzcRZwH9us9mN
+YvK+meqD1P/bVm0M8UKshYSUQFbn9Zv+htAzJpC3p+gjSwyAGDa4Dc6KI+/G4R2
VwbV/W11jKMHsiClHy86Ixm3Zs3sUoJGa2txEWlC6Lz65MGpz0Ey4lF7ih+KG80=
=TTPn
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 23 21:43:46 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 23 Aug 2008 23:43:46 -0500
Subject: [Enigmail] First signed message -- Is
	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B0E56A.6010206@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E0C6.9050301@sixdemonbag.org>
	<48B0E56A.6010206@bellsouth.net>
Message-ID: <48B0E702.8050908@sixdemonbag.org>

John W. Moore III wrote:
> May I also assume that the first 3 links are also discourses on
> Signatures by You with more hits?

Strangely, the first one is by John Clizbe, with my only reference being
a key ID mentioned in the message.  The next two are similar trifles.

But yeah, I plead guilty to crafting a highly specific Google query.
Then again, highly specific Google queries tend to be really, really
effective.  :)



From gillespie.jp at gmail.com  Sun Aug 24 08:24:07 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 08:24:07 -0700
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E0C6.9050301@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E0C6.9050301@sixdemonbag.org>
Message-ID: <48B17D17.2020100@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:

> 
> Google is your friend.

Thank you for that tip. I can use that elsewhere, too.

> 
> I think ZoneAlarm is being unreasonable. 
> 
> That said, I would not visit a TinyURL link that was sent to me by a
> person I did not know/trust.
> 

Thank you. That helps.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkixfRIACgkQEbLUj7pltrDKegCcCxguo8M89FX95Xxc8ruqm+t2
dsIAni78qewoQVu+RrcRasUCTM2g6oc+
=GUpZ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/b2d27b45/attachment.bin>

From gillespie.jp at gmail.com  Sun Aug 24 08:26:03 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 08:26:03 -0700
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E3B0.10606@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E3B0.10606@bellsouth.net>
Message-ID: <48B17D8B.2000905@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John,

Thanks to your reply, and Robert J. Hanson's, I feel comfortable dealing
with the ZA alert.

John W. Moore III wrote:
> 
> As to Zone Lab's position; I have never been a big believer in _any_
> all-in-one Suite.  Maybe it's just a peccadillo of Mine but I don't
> think there is any 'Super Utility' and therefore choose to use several
> individual Applications for specific purposes based upon My Own research
> and evaluation of what 'they' do well + what works for Me.  I also do
> not chase 'New & Improved' versions of everything I hear or read about.
>  I am a devout believer in the adage "If it ain't broke; don't fix it!"
>  To date I have never suffered any malware problems.
> 
If it's not too far off topic, what do you use, other than ZA  to guard
against virus and malware?

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkixfYYACgkQEbLUj7pltrBp3QCePrMvoF93/h2gh1rQAgY0Mnr7
GMoAnRST9BP+OgwkSkz8RgvXkQ6yw7XW
=BIrt
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xBA65B6B0.asc
Type: application/pgp-keys
Size: 1704 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/472a7107/attachment.bin>

From rjh at sixdemonbag.org  Sun Aug 24 08:36:16 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sun, 24 Aug 2008 10:36:16 -0500
Subject: [Enigmail] First signed message -- Is
	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B17D8B.2000905@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>
	<48B17D8B.2000905@gmail.com>
Message-ID: <48B17FF0.3030800@sixdemonbag.org>

James Gillespie wrote:
> Thanks to your reply, and Robert J. Hanson's, I feel comfortable dealing
> with the ZA alert.

Hansen, not Hanson.  You can think of me as being just like the Mozilla
security guy Robert Hansen -- except that I use my middle initial.

Or think of me as just like the Alaskan serial killer Robert Hansen, or
the Chicago Bulls Hall of Famer Robert Hansen, or the other security
geek at http://www.robhansen.com, or... etc.  There's not a shortage of
us Robert Hansens.

(For those who wonder, my friends all call me "Rob".  I only go by
"Robert J. Hansen" to avoid confusion with the other "Robert Hansen" in
the security geek community.)

> If it's not too far off topic, what do you use, other than ZA  to guard
> against virus and malware?

This may seem like a flip remark.  It's not meant to be.

I use OS X and Linux.

One of the reasons why viruses and malware flourish is because of the
software monoculture of Windows.  There's a reason why farmers plant
slightly different seeds of crops -- that way, if a blight hits one
farmer, other farmers have a better chance of being unaffected.  A
little genetic diversity improves the resistance of the entire community
against disease.

Similarly with OS X and Linux.  By choosing those operating systems, I
essentially immunize myself against viruses and malware, and help
contribute to the health of the entire internet ecosystem.

If you're concerned about viruses and malware, the best way to defend
against them is to move to a non-Windows operating system.  Many Linux
distributions today are very well-polished and easy to use.  There's a
learning curve, of course, but it's not a bad one -- many people even
find it to be fun.  And OS X is just ... well ... magic.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 573 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/38873cc6/attachment.bin>

From jmoore3rd at bellsouth.net  Sun Aug 24 08:59:15 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 11:59:15 -0400
Subject: [Enigmail] First signed message -- Is
	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B17D8B.2000905@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>
	<48B17D8B.2000905@gmail.com>
Message-ID: <48B18553.8010607@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> If it's not too far off topic, what do you use, other than ZA  to guard
> against virus and malware?

AVG for A/V, Spybot S&D + Spyware Blaster & Windows Advanced Care 3 Beta
2.8.5 for routine sweeps.  These Apps are merely back-ups to intelligent
& prudent Web practices.

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 11:59  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsYVRAAoJEBCGy9eAtCsPDXQH/0uDqBqUtqEuIBeVg+pguF25
vpSPusx7JxterDg/9RsqpAQZ9QEakrliesT/i4o5dnvmN9NM3CL9Yw7jx7kJNSRQ
G8HZYcR7r3pyiYK923SIkHy9/9eAI2wfuat0Xd8v21IlejbfM51yptwglHhOXVM9
pdwpae2+rKwoDpH7oI0bmA2zoOM2MZi4Cox3dAgcm9gZXz3j8qgs6gIpEy+xFqjA
M3BkTWNTOGu/I1stEFVSXG2sPmtgPETrayhBaYq91Y9TRTuUG7XsoV43hHItMRgG
8+FYtNAmUQ2XSPq2c1MG5C0I9oytG4TwaGxOMOz4BCVhnjl/pNKEtRuNT8upTak=
=Vbdc
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Sun Aug 24 09:06:53 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sun, 24 Aug 2008 12:06:53 -0400
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E0C6.9050301@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E0C6.9050301@sixdemonbag.org>
Message-ID: <48B1871D.9020203@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> James Gillespie wrote:
>> Zone Labs does not advise connecting to tinyurl.com. ZoneAlarm Spyware
>> Blocker blocks the site by default. Gurus on the ZA forum claim that
>> tinyurl.com "does not check and bar links containing malware" and that
>> it "is known to actually send the user to the wrong site or list".
> 
> I think ZoneAlarm is being unreasonable.  TinyURL is just a link
> redirector.  Expecting TinyURL to also check for malware and hostile
> sites is an unreasonable burden.  Think about how much more difficult
> TinyURL's job would be if they had to scan all sites they link to for
> malware -- not just when the URL first goes up, but _constantly_, since
> the contents of a URL can change over time.

As it happens, this subject came up on geeks at sunhelp.org recently.
Anthony Ortenzi pointed out http://lmk.nu/tools, which has a URL
shortened that embeds the target domain in the new URL.  For example,
http://cgi.ebay.com/Intel-BOXD945GCLF-MINI-ITX-945GC-Atom-230-1-6GHZ-30092T_
W0QQitemZ310072960433QQihZ021QQcategoryZ131535QQssPageNameZWDVWQQrdZ1QQcmdZV
iewItem becomes http://lnk.nu/cgi.ebay.com/n3t

It does at least give you some assurance you're not going to, say, goatse.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEUEAREIAAYFAkixhx0ACgkQ0DfOju+hMkl8ZgCYjUxAAAc3qtWuz8Jemfnn8Z4R
AwCfeBhkjBCb7jgOdjQI0RFsH7CHMpA=
=Ot6Y
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug 24 09:11:19 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 12:11:19 -0400
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B17FF0.3030800@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B17FF0.3030800@sixdemonbag.org>
Message-ID: <48B18827.300@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:

> I use OS X and Linux.

> Similarly with OS X and Linux.  By choosing those operating systems, I
> essentially immunize myself against viruses and malware, and help
> contribute to the health of the entire internet ecosystem.
> 
> If you're concerned about viruses and malware, the best way to defend
> against them is to move to a non-Windows operating system.  Many Linux
> distributions today are very well-polished and easy to use.  There's a
> learning curve, of course, but it's not a bad one -- many people even
> find it to be fun.  And OS X is just ... well ... magic.

That said; it is also known that as more & more folks migrate to these
Systems it has attracted the attention of the Bad Guys.  Exploits of
both above mentioned O/S's have been crafted and found 'In the Wild'.

Assuming that You have neither the Capital nor desire to completely
revamp/replace Your present configuration then simply choose to become
proactive about Your own safeguards.  As long as M$ continues to be the
dominant O/S in the World it will always attract the most attention from
exploiters.  Larger Market = Larger Target.  :)

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 12:11  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsYglAAoJEBCGy9eAtCsPkTsH/R9YwRWHW20YnjkVSAUU2nOW
clemItPLyQIfqbX0cTRRtuEe4kQA38gwR4pJMEzjUDQfOcaRZuOTXjFGUL2wiVgz
LBMZQDLC+vcuuhdeaYer/gN1v1jVKnWU7IZuozkLf/BjBQS+1wUp/LsCR17tLoHe
SKTpmlB+KuiotF2Tkrs6h5gI05uSVStMkrJ1T3iCJaaaAKXVI/LLJ3gCGFPRoYdZ
iFFKKX+7F42dcdYMFJRY9sGoiCTRekGA/e7UQ15kHVQutZ3hrFaOjakAfAxXT5cG
XejEOrYJxFHDitVxYWn5OXy/xxMZxuXC2267CWApFZLs+xCCxvi7oaPjcO6jT+4=
=v+bG
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Sun Aug 24 09:14:10 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sun, 24 Aug 2008 12:14:10 -0400
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B18553.8010607@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B18553.8010607@bellsouth.net>
Message-ID: <48B188D2.5030008@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III wrote:
> James Gillespie wrote:
> 
>> If it's not too far off topic, what do you use, other than ZA  to guard
>> against virus and malware?
> 
> AVG for A/V, Spybot S&D + Spyware Blaster & Windows Advanced Care 3 Beta
> 2.8.5 for routine sweeps.  These Apps are merely back-ups to intelligent
> & prudent Web practices.

While I've used AVG for a long time, about a month after Grisoft EOL'd
AVG7.5 and forced updates to AVG8.0, I ditched it.  AVG7.5 was good,
though slower than AVG7.  AVG8 is an utter CPU hog that loads even fast
machines to a crawl and, in my experience, has a nasty habit for
silently breaking mail delivery without telling you it did anything.
(On every machine we installed it on, it silently installed a mail
filtering proxy on both incoming and outgoing mail, which - when
relaying outgoing mail to the server - HELO'd as 127.0.0.1 and could not
be configured to do otherwise, which of course caused the mailserver to
reject the mail.)

So anyway, I switched to Avast! 4.8 and have been happy with it thus
far.  Among other nice features, it receives virus database updates much
more frequently than AVG - sometimes several times a day - and has an
option to perform a boot-time scan before Windows finishes loading,
which I'm given to understand circumvents certain ways in which malware
can exploit Windows kernel behavior in order to hide from filesystem scans.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkixiNIACgkQ0DfOju+hMklBIwCeI5dN46JlFT/wIibYmtqJIInG
PgMAoO2wDoQXbaRZInYbDpVMIebjmUfP
=kbqD
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Sun Aug 24 09:16:05 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sun, 24 Aug 2008 12:16:05 -0400
Subject: [Enigmail] First signed message -- Is
	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B1871D.9020203@metrocast.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E0C6.9050301@sixdemonbag.org>
	<48B1871D.9020203@metrocast.net>
Message-ID: <48B18945.1010606@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Phil Stracchino wrote:
> As it happens, this subject came up on geeks at sunhelp.org recently.
> Anthony Ortenzi pointed out http://lmk.nu/tools, which has a URL
> shortened that embeds the target domain in the new URL.  For example,
> http://cgi.ebay.com/Intel-BOXD945GCLF-MINI-ITX-945GC-Atom-230-1-6GHZ-30092T_
> W0QQitemZ310072960433QQihZ021QQcategoryZ131535QQssPageNameZWDVWQQrdZ1QQcmdZV
> iewItem becomes http://lnk.nu/cgi.ebay.com/n3t
> 
> It does at least give you some assurance you're not going to, say, goatse.
> 

Sorry, that's http://lnk.nu/tools

I caught the typo, went to correct it, and somehow didn't notice that I
"corrected" it with the same typo again....

- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkixiUUACgkQ0DfOju+hMkmg9gCcCrmY1qNmDEwfd+JhEZyYzBFh
uGkAoOg6VjO+b5wher8PGPINK08x3ke7
=J9+c
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Sun Aug 24 09:34:38 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sun, 24 Aug 2008 12:34:38 -0400
Subject: [Enigmail] First signed message
	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B18827.300@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>
	<48B18827.300@bellsouth.net>
Message-ID: <48B18D9E.8070805@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III wrote:
> Assuming that You have neither the Capital nor desire to completely
> revamp/replace Your present configuration then simply choose to become
> proactive about Your own safeguards.  As long as M$ continues to be the
> dominant O/S in the World it will always attract the most attention from
> exploiters.

Plus, frankly, it's the low-hanging fruit.  Not only is it a more
vulnerable OS in the first place, it's far more likely to be unprotected
on the 'Net and far more likely to be owned by users who don't know the
first thing about how to secure it.

While it's true there are exploits in the wild for Linux and OSX, they
tend to be (a) much less common in the first place, (b) somewhat
mitigated by the inherently better security design of the OS, and (c)
usually patched much more quickly.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkixjZ4ACgkQ0DfOju+hMkmHpACdE8tGCW9JicOnqY1WYt5P7DL/
qOAAoPb2IAMg6cRVOoVX6N4CJyo0I/cF
=4ytL
-----END PGP SIGNATURE-----

From bob.henson at galen.org.uk  Sun Aug 24 11:02:35 2008
From: bob.henson at galen.org.uk (Bob Henson)
Date: Sun, 24 Aug 2008 19:02:35 +0100
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B17FF0.3030800@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B17FF0.3030800@sixdemonbag.org>
Message-ID: <48B1A23B.2000200@galen.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256



Robert J. Hansen wrote:

> James Gillespie wrote:
>> Thanks to your reply, and Robert J. Hanson's, I feel comfortable dealing
>> with the ZA alert.
> 
> Hansen, not Hanson.  You can think of me as being just like the Mozilla
> security guy Robert Hansen -- except that I use my middle initial.
> 
> Or think of me as just like the Alaskan serial killer Robert Hansen, or
> the Chicago Bulls Hall of Famer Robert Hansen, or the other security
> geek at http://www.robhansen.com, or... etc.  There's not a shortage of
> us Robert Hansens.

As a variant of the above, I wonder how far back we have to go to our
common ancestor?

> (For those who wonder, my friends all call me "Rob".  I only go by
> "Robert J. Hansen" to avoid confusion with the other "Robert Hansen" in
> the security geek community.)
> 
>> If it's not too far off topic, what do you use, other than ZA  to guard
>> against virus and malware?
> 
> This may seem like a flip remark.  It's not meant to be.
> 
> I use OS X and Linux.
> 
> One of the reasons why viruses and malware flourish is because of the
> software monoculture of Windows.  There's a reason why farmers plant
> slightly different seeds of crops -- that way, if a blight hits one
> farmer, other farmers have a better chance of being unaffected.  A
> little genetic diversity improves the resistance of the entire community
> against disease.
> 
> Similarly with OS X and Linux.  By choosing those operating systems, I
> essentially immunize myself against viruses and malware, and help
> contribute to the health of the entire internet ecosystem.
> 
> If you're concerned about viruses and malware, the best way to defend
> against them is to move to a non-Windows operating system.  Many Linux
> distributions today are very well-polished and easy to use.  There's a
> learning curve, of course, but it's not a bad one -- many people even
> find it to be fun.  And OS X is just ... well ... magic.

I still miss DOS. Sadly I'm one of those forced to use Windows by
compatibility issues - Office for work, etc. However I do my best to
avoid Microsoft with Thunderbird, GnuPG/Enigmail, Firefox etc. At least
these let us add some security to the situation.

Like John, I add a tad of security with Avast!, Spywareblaster and Spybot.


Regards,


Robert H. Henson (Bob)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsaI4AAoJEJ3GodtqGtFCV04H/2yljBUFLejNSDFeUvDnJjvD
Qudd8tw13J9zBd82o1M2IJFKALfMOADbnfSKGro3axc2zrEHr+F/nRdWVz7FeCq6
dWZpZ3ZUydj+BJUzthIDJdyaalsQkuxycQn2Slmlepln/ONbZ1F2gaF1nhPzYfQz
ym8zpwe29Dx3t5+O/5tdv8lWSym88sWaGtVMaSrTz/Q4FFUKj+BcU0pVeAFqmDe7
UTE5Tki5/P9o/6GVCgppJbrirc1ilmHIYzp1zqgXuvigxZIni2IJwDhQJui9veXX
G968Q7jCO6rNzNGKY0ibVoxp5IWudSDRUn/jWktWhxF639CRn/va1W1AwnalRcg=
=Q4Gm
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 12:18:46 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 12:18:46 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48B092B8.4060206@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>
	<48B092B8.4060206@bellsouth.net>
Message-ID: <48B1B416.2040703@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> James Gillespie wrote:
> 
>> By "Link to Your Key" and "Your Big Lumber Link" do you mean simply the
>> URL (www.biglumber.com)?
> 
> No, I was referring to the Link that displays Your Key at the Big Lumber
> Site.

I found it.

> Usually this is a very long Link so most of Us use
> www.TinyURL.com to covert it into a shorter link.  Mine is:
> www.tinyurl.com/8cpho

I shortened my biglumber link and elected to place it in my OpenPGP
message header, so I hope it appears in this message. I'll attach my key
just in case.


> I can't remember whether or not they will Send
> this Link to Ya or if You just need to go to the Site, find Your listing
> [without logging in] and then use the URL in the Browser Address bar.

They automatically place it on your clipboard when they shorten it.

Thanks for the great help.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkixtBMACgkQEbLUj7pltrCxkACgmQlPOP3FKibxpyZrKQbQGyfO
KPYAn2YvrpvoONBLKBg77fCvlXdqg++V
=rE3y
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 12:20:06 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 12:20:06 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48B0933F.2040203@Mozilla-Enigmail.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>
	<48B0933F.2040203@Mozilla-Enigmail.org>
Message-ID: <48B1B466.9050506@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:

> 
> No, John means a link specifically to your key; e.g.,
> https://biglumber.com/x/web?pk=B4D6FE41208D46283DED751E1D04AC4A608D2A10
> 

Thanks. I found it. Your example helped.
> 
> http://www.somedomain.tla/~someuser/my_key.asc
> 
> But neither of these is of benefit in the case of GnuPG or PGP automatically
> fetching a key needed for signature validation; keyservers are still the best
> option for that.
> 

I take it that having the link to my key in my message header suffices
to allow my recipient to validate my signature but that having it on a
keyserver is "best option" because this affords the convenience of
automatic fetching and perhaps helps promote pgp use. Am I on the right
track?

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkixtGMACgkQEbLUj7pltrDqPQCfVzymIz0ikvHtpU04S0Ny13u+
CZ8AoKwx6NfiJxyDlagjXJ3wNyKVLAkv
=pVqy
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Sun Aug 24 13:08:45 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Sun, 24 Aug 2008 14:08:45 -0600
Subject: [Enigmail] First signed message
In-Reply-To: <48B1B466.9050506@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B0933F.2040203@Mozilla-Enigmail.org>
	<48B1B466.9050506@gmail.com>
Message-ID: <48B1BFCD.8030906@gmail.com>

On 8/24/2008 1:20 PM, James Gillespie wrote:
> I take it that having the link to my key in my message header
> suffices to allow my recipient to validate my signature

Putting a link in the message headers is really not a good solution.
Most of the message headers are hidden by default in most email clients.
The same goes for putting the link in the comment fields of the PGP
signature. These are usually hidden if the message verifies. The
recipient won't look for it unless they look at the message source.

If you want to include a link to your key, put it in a small text file
(also confusingly called a signature file) and have T'Bird put it at the
end of every message. For an example see below.

> but that having it on a keyserver is "best option" because this
> affords the convenience of automatic fetching and perhaps helps
> promote pgp use. Am I on the right track?

Putting the key up on the keyservers is the best option.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/0a31287d/attachment.bin>

From jmoore3rd at bellsouth.net  Sun Aug 24 15:57:38 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 18:57:38 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48B1B416.2040703@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>
	<48B1B416.2040703@gmail.com>
Message-ID: <48B1E762.2070401@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> I shortened my biglumber link and elected to place it in my OpenPGP
> message header, so I hope it appears in this message. I'll attach my key
> just in case.

YEP!  The Key ID & the Link are both located in Your Header info.  :)

BTW, You may sometimes see Headers referred to as 'kludges' so don't let
the term throw Ya if it happens.

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 18:57  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsedfAAoJEBCGy9eAtCsPO3wH/iu1Y9FkveatGiRYH2pGwDgd
tmW0+NtmgVCdTP3UMW/sO6u6RuR6Tzy/FOjjR03/vFFbkSrff3iSGL51u8W/LUZh
ePujrctQ3/MLKSpKsmvQG+hfXNVODybvKuhNdzn8vxxneQhmvEgXhIMGo3zeBhNw
Kd7CImEg84xON8/4sYpFxFfCPsKW7yqnHevt+jBVJ5Em/kge/k+fWxlvqRE4QqdL
w6ErKyIuM8sQIupcG2AJtGSbEL/GNU6StnnDkGFFzH/W5fF2gTsQZBnzolnA3qIc
BKCoinGFXc/q1mBpObJlVYfPTqYyGgt9N63mY6d/e9hGgqbAGmmqAjujvXeIdoU=
=UNER
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 17:37:45 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 17:37:45 -0700
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B17FF0.3030800@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B17FF0.3030800@sixdemonbag.org>
Message-ID: <48B1FED9.6080000@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My apologies, Robert J.

Robert J. Hansen wrote:

> 
> Hansen, not Hanson.  
<snip>
> If you're concerned about viruses and malware, the best way to defend
> against them is to move to a non-Windows operating system.  Many Linux
> distributions today are very well-polished and easy to use.  There's a
> learning curve, of course, but it's not a bad one -- many people even
> find it to be fun.  And OS X is just ... well ... magic.
> 
I am gradually weaning myself from Microsoft (Thunderbird, Firefox,
OpenOffice) and my next computer will be a Unix.

James

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkix/tYACgkQEbLUj7pltrAijQCcDVoflkL21kDj5zv0h35na39p
SIoAmwbm3XWE57wuf4CwGGqW1N+VC5DL
=FSi3
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 18:24:34 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 18:24:34 -0700
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B18553.8010607@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B18553.8010607@bellsouth.net>
Message-ID: <48B209D2.8070205@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> James Gillespie wrote:
> 
>> If it's not too far off topic, what do you use, other than ZA  to guard
>> against virus and malware?
> 
> AVG for A/V, Spybot S&D + Spyware Blaster & Windows Advanced Care 3 Beta
> 2.8.5 for routine sweeps.  These Apps are merely back-ups to intelligent
> & prudent Web practices.
> 
I used to use Spybot S&D and Spyware Blaster, but they never turned
anything up after I installed ZA Security Suite, so I stopped using
them. Perhaps I should not be so complacent.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiyCcsACgkQEbLUj7pltrAlvQCgkGdXPMCndazMZchOhVxt0YD2
Y0wAniGrrC5nbHhboqP42KssoUhjImYF
=oK3H
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 18:28:02 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 18:28:02 -0700
Subject: [Enigmail] First signed message -- Is
	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B1871D.9020203@metrocast.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E0C6.9050301@sixdemonbag.org>
	<48B1871D.9020203@metrocast.net>
Message-ID: <48B20AA2.3020401@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Phil Stracchino wrote:

> 
> As it happens, this subject came up on geeks at sunhelp.org recently.
> Anthony Ortenzi pointed out http://lmk.nu/tools, which has a URL
> shortened that embeds the target domain in the new URL.  For example,
> http://cgi.ebay.com/Intel-BOXD945GCLF-MINI-ITX-945GC-Atom-230-1-6GHZ-30092T_
> W0QQitemZ310072960433QQihZ021QQcategoryZ131535QQssPageNameZWDVWQQrdZ1QQcmdZV
> iewItem becomes http://lnk.nu/cgi.ebay.com/n3t
> 
> It does at least give you some assurance you're not going to, say, goatse.
> 
> 
That sounds like a good idea. Thanks.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiyCp8ACgkQEbLUj7pltrBN7wCgmtiyoAnrlryOC3RC7Hp0Rf0a
rKMAn3WcvHXPBgJPAWOm9iKV49T1F9TU
=abkr
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 19:02:01 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 19:02:01 -0700
Subject: [Enigmail] First signed message
	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B1A23B.2000200@galen.org.uk>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>
	<48B1A23B.2000200@galen.org.uk>
Message-ID: <48B21299.2070907@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Hansen, Robert J. Hansen, and Robert H. Henson? I don't know if I
can handle it.

Bob Henson wrote:
> 
> 
> I still miss DOS. Sadly I'm one of those forced to use Windows by
> compatibility issues - Office for work, etc. However I do my best to
> avoid Microsoft with Thunderbird, GnuPG/Enigmail, Firefox etc. At least
> these let us add some security to the situation.
> 
> Like John, I add a tad of security with Avast!, Spywareblaster and Spybot.
> 
> 
> Regards,
> 
> 
> Robert H. Henson (Bob)

For better or worse I came to computing too late for DOS. My next
computer will run Linux. Thank you for your input.

James
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiyEpUACgkQEbLUj7pltrChZgCfWupoj97Z7Y8m/tLpYNHaUEny
hq4AoK+Yfpl6o+Oa/mLAdersltn+sR6p
=6XQ+
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Sun Aug 24 20:19:41 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sun, 24 Aug 2008 22:19:41 -0500
Subject: [Enigmail] First signed
	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B21299.2070907@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>
	<48B21299.2070907@gmail.com>
Message-ID: <48B224CD.1@Mozilla-Enigmail.org>

James Gillespie wrote:
> Robert Hansen, Robert J. Hansen, and Robert H. Henson? I don't know if I
> can handle it.
>
> Bob Henson wrote:
>> I still miss DOS. Sadly I'm one of those forced to use Windows by
>> compatibility issues - Office for work, etc. However I do my best to
>> avoid Microsoft with Thunderbird, GnuPG/Enigmail, Firefox etc. At least
>> these let us add some security to the situation.
> 
>> Like John, I add a tad of security with Avast!, Spywareblaster and Spybot.
> 
> For better or worse I came to computing too late for DOS. 

Some of us predate DOS as in MS-DOS.

DOS before then was an IBM "Big Iron" OS for the 360 series dating from the
mid-1960s. See http://en.wikipedia.org/wiki/DOS/360 for dusty history

Trivia: the Widipedia statement, "The Hacker's Jargon File incorrectly states
that GECOS (also known as GCOS) was copied from DOS/360, which was not the
case." is very correct. The GECOS field comes from Multics. Odd that ESR from
get basic unix history wrong.

> My next computer will run Linux. Thank you for your input.

'course, you could do a Mac or a Hackintosh (BIY or Psystar) and run OS X then
run Windows or Linux under Parallels.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/d5170114/attachment-0001.bin>

From rbrtryn at gmail.com  Sun Aug 24 20:29:29 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Sun, 24 Aug 2008 21:29:29 -0600
Subject: [Enigmail] Spyware Blaster and Spybot
In-Reply-To: <48B1A23B.2000200@galen.org.uk>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>
	<48B1A23B.2000200@galen.org.uk>
Message-ID: <48B22719.5070209@gmail.com>

On 8/24/2008 12:02 PM, Bob Henson wrote:
> Like John, I add a tad of security with Avast!, Spywareblaster and Spybot.

What's the difference between Spyware Blaster and Spybot?

Why do you need both?
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/d1f733c8/attachment.bin>

From jmoore3rd at bellsouth.net  Sun Aug 24 20:45:16 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 23:45:16 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48B209D2.8070205@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>
	<48B209D2.8070205@gmail.com>
Message-ID: <48B22ACC.3040709@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> I used to use Spybot S&D and Spyware Blaster, but they never turned
> anything up after I installed ZA Security Suite, so I stopped using
> them. Perhaps I should not be so complacent.

Whenever an Application stops returning 'Problems to Solve' My 1st
impulse is to pat Myself on the back; not assume the Application has
ceased being functional.  Another suggestion; I also use the 'No Script'
Extension/Add-On with Firefox.  Blocking the running of Scripts on Web
Pages until I have decided to authorize them is another good
prophylactic measure.

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 23:45  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsirHAAoJEBCGy9eAtCsP/5MH/0D8oW91Nt9X0uyQ6Umh15SO
fTtV+t/E36Zeq79VzYIDjKjs9wqy33cTLoHzWrgYgtoknXdDUIMOI/L1r8iNzlZM
MxyKAAQVl0lJfzD7JTUR4hRmyPsh0zoaKyX5bz5NHXFVag7InFbXF08Fy3e8TXX/
PB9XRPl2HT/bwgIdgw6q4GqD10VK8uUlD/nuJCko6z01OagXbsKtD0aMXgacf6y2
xutrC+KJYzieX+czkc1p5wvi68qfOxTThFgh8dKhibA8/0+UNGqOU9W8vKu7Hin4
3wusQm7sd5JXM70nl47Y7N3shQyGW7+gyieDmsDkijsHhqV38xR2gvhicnaw8E8=
=mjEB
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Sun Aug 24 20:45:53 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Sun, 24 Aug 2008 22:45:53 -0500
Subject: [Enigmail] Spyware Blaster and Spybot
In-Reply-To: <48B22719.5070209@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>
	<48B22719.5070209@gmail.com>
Message-ID: <48B22AF1.3050407@Mozilla-Enigmail.org>

Robert Ryan wrote:
> On 8/24/2008 12:02 PM, Bob Henson wrote:
>> Like John, I add a tad of security with Avast!, Spywareblaster and Spybot.
> 
> What's the difference between Spyware Blaster and Spybot?
> 
> Why do you need both?

Subtle differences in selection sets. I use Spybot and Ad-Aware

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080824/7bb1e257/attachment.bin>

From jmoore3rd at bellsouth.net  Sun Aug 24 20:48:29 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 24 Aug 2008 23:48:29 -0400
Subject: [Enigmail] Spyware Blaster and Spybot
In-Reply-To: <48B22719.5070209@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>
	<48B22719.5070209@gmail.com>
Message-ID: <48B22B8D.4030209@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert Ryan wrote:

> What's the difference between Spyware Blaster and Spybot?
> 
> Why do you need both?

Same reason I wear a belt & suspenders; they compliment each other.  :-D

JOHN ;)
Timestamp: Sunday 24 Aug 2008, 23:47  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsiuKAAoJEBCGy9eAtCsPyN8H/2dCW55iW0cLgXzKWyWDSKyZ
PlsFPMDWBqRmpka3njcDgjMNzeXuv/ZkbcyPDQUyScB97NPoE4kQz/eD0QOXIAro
QrSFKJYkow3u8evlarFSLBGSGlc/E6Q8k1H38gp7mh3pRMkTC3vrJ6F9no7L8IhT
+iW4tTpRmS+wvapRGhCsZcIj7FRwC6D5gSPSPNSAp8pvSR60aaXocrII4QTcMVNu
4voW//9r0t8Giu9R1i86kTqFN/5oQjHU/lBtCdshC3LD9jcN7NpmF1l2ib6ffXzJ
PaqAdTUKKJOvlBhElxKw+vfM4UWk7RNoWCZng92lji4/n/EzK2C8J0sDIO5QZA8=
=UL3e
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 21:59:25 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 21:59:25 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48B1BFCD.8030906@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B0933F.2040203@Mozilla-Enigmail.org>	<48B1B466.9050506@gmail.com>
	<48B1BFCD.8030906@gmail.com>
Message-ID: <48B23C2D.9010602@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert Ryan wrote:

> If you want to include a link to your key, put it in a small text file
> (also confusingly called a signature file) and have T'Bird put it at the
> end of every message. For an example see below.

I liked this idea so much I figured out how to do it. I even copied your
motto, which seems to be a common sentiment on this list. Thanks.
> 
> 
> Putting the key up on the keyservers is the best option.
> 

I am moving in that direction. The thought lurks, though, that *IF* the
state should finally go completely paranoid over some crisis in its
permanent war against terrorism, pgp keyholders would be among the first
to be neutralized in some fashion. But I suppose if there were enough
keyholders, they couldn't do it. (I didn't encrypt this to show them I'm
not dangerous) (Joke, just kidding, etc.)

jg

- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiyPCcACgkQEbLUj7pltrAmHgCfUivhnIymQ6WD/0eKLeB5+N8S
kYsAn3aM4C9H0LdDbtPZkAr0oMd9c6jz
=1scJ
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Sun Aug 24 22:11:24 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Sun, 24 Aug 2008 22:11:24 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48B1E762.2070401@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B1B416.2040703@gmail.com>
	<48B1E762.2070401@bellsouth.net>
Message-ID: <48B23EFC.8020606@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:

> 
> YEP!  The Key ID & the Link are both located in Your Header info.  :)
> 
> BTW, You may sometimes see Headers referred to as 'kludges' so don't let
> the term throw Ya if it happens.
> 
I just figured out how to view my full header. I can see why it is
referred to as a kludge.

jpg

- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiyPvUACgkQEbLUj7pltrChigCgstuuT9soqyCXDkK2serQppGu
+GkAoJVqTEnvm10fP0HnovQaB1Yswfsn
=Y/zX
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sun Aug 24 23:45:42 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 02:45:42 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B02983.8000806@sixdemonbag.org>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>
	<48AFF335.4060900@sixdemonbag.org>
	<48B02983.8000806@sixdemonbag.org>
Message-ID: <48B25516.9040807@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribi?:
> Robert J. Hansen wrote:
>> Faramir, I've tried to explain this twice.  I don't know how to explain
>> it any clearer, I'm sorry.
> 
> I'll make one last pass at it.

  Now I got it, we were looking at the problem from a different point of
view, you see it as a system, I was looking at it as a simple user.


> To you, the idea of joining an encrypted mailing list (of the sort John
> Moore is running) means "oh, I have to download 500 keys, that's a
> little bit of a pain, but I can do it."  Your focus is on you.
> 
> My focus is on the network.  If I'm part of that network of 500 users
> and you join, I get terrified.  I get terrified because the system is
> coming apart at the seams already, and each additional user makes the
> problem _exponentially worse_.

  Ok, we had different focus... now I get the point.

> If you like, talk to one of your computer science professors about this.
>  This is a very well known problem in network topology, and it tends to
> pop up all over the place in computer science.

  I have not studied networks yet... Probably next year I will, and
then, hopefully, I will get used to think considering this focus...

  I would ask how is this kind of problems solved, but I figure there is
not an standard way to do it... and we are going way out of topic
(anyway, I think it is an interesting subject...).

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIslUWAAoJEMV4f6PvczxADq4H/2Zdc3avzPcY8oDFl6veCIPm
lcgc0Djpt1ISly1VFR0y245Sk4KSC004bQyYeQBjlPh5k9OGnCmTPSKafV9gqfuK
kEo5M3RUzLoUN2l9oQiP2e/4W/mwXguW4VnT8osJKoVDepTn6RwPt2XbzerNfPB4
fNuBTlU4WmYcTYE7BxXi93nFm7xVYZh9+6tCygOBaWpGJGYhPQO2fZa0JXBP6WXl
NHLAuvykMUqdtGKRTOIbjKuc/Rw7JoW6oiut/TiTZ4J9bbmoWhslGR6MtXw4dpfx
hzPjjX5xRfnxzHbYSHjqz9KLJ2d+LX+ePF5+IyKj+3CSC3tDDUINrIfZLPL/VCU=
=lrtl
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sun Aug 24 23:59:43 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 02:59:43 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B02AE8.9010009@metrocast.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>
	<48B02AE8.9010009@metrocast.net>
Message-ID: <48B2585F.5010305@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Phil Stracchino escribi?:
...
> Yes, you could just download from the keyserver.  100 list users, 100
> downloads.  At that point you have ...  100 untrusted good signatures.

  OMG... and PKI was supposed to have the advantage of not having to
exchange keys peer to peer (as symmetric encryption requires), but...
well, I suppose maybe each member could get assured by CAcert, and get
their keys signed by them... But you are right, unless it is a list made
to practice PKI encryption, probably it is not worth the effort to make
it work...

...
> think "How secure can I make it?", not "How easy can I get away with
> making it?".  If you trust a public keyserver to give you the other
> members' keys, you probably didn't really need an encrypted list that
> badly in the first place.

  I get it... maybe using a CA could help, but it would have to be a
good one, not the kind of "he paid with a valid credit card, so we
assume he is who he is supposed to be".

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIslhfAAoJEMV4f6PvczxAmGsH/0TQgb1Oc09Uuw9aZvb2r3qJ
X7KM/8VYpimBuV7Hnng8Oekmg0SfN68l9vPezoiFVp3Sw2b21Fj2Rck3nbaO06S5
jIQ2zF2iHrwXYhEWscfQi311RUDKdAqI0K5WvmckwiRXKWx9yaQOapb9QD1zesib
+zgAgv0yH6P0p0re2ogYdJwr9Hbpb3j1xeJO6ll/YqxhOsJeGYp8KDUnGHEj39NK
ksr4nkmSLNAtX3WeuTn5ml0xPxd7x+Ny/gTZZ9vpgROK/XLqD4bdPdWRIkK1+LtY
AtI0dLPAhmHuHJuzD7oR6YcekzjK7ToRE/seuXDOgVTMrKy5S7lpLIsk7KnLz3I=
=eo53
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug 25 00:14:36 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 03:14:36 -0400
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B0355F.9090505@bellsouth.net>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>	<48B02AE8.9010009@metrocast.net>
	<48B0355F.9090505@bellsouth.net>
Message-ID: <48B25BDC.20600@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III escribi?:
> Phil Stracchino wrote:
> 
>> If you're on a 100% person-to-person encrypted list at all, it's because
>> you need a list but want your list to be really, really secure.  So
...

> Not necessarily; there are 'Training/Practice' Lists where Message
> Secrecy isn't the Goal & in an Enterprise situation the Trust
> Assignments and Key Issuance would all be handled by the IT or Security
> Department.

  In that context (the IT Department acting as a CA), it looks better...

> This thread originated simply because it was pointed out that an
> encrypted List is possible & feasible.  How it wandered down this
> 'rabbit trail' of musings escapes Me.  IIRC, Nobody recommended

  Well, since most of us are interested in how GPG work in different
situations, and what problems can be solved by using it, and what kind
of problems shouldn't be solved with GPG, it was very likely we would
discuss about the good and bad points of having an encrypted list (if
the list is not a "test list").

  By the way, and completely off topic, what does IIRC means?

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIslvcAAoJEMV4f6PvczxAt6sH/33SXDws6k9mgR8Hzvehhn0t
qcZo9el3Ls/vEZkWzGbj0Vp/PPDFER0vlsvYpvRKkwMj2dKV/Onm86yPYQZygEwt
p44DhSPEayqZd/x2YmcNaBhS0lr3UATnSic+7drHADRyucnWTXT/rjjjUmClSlGr
zZ2TgP6bVABACmhhY7D+e91hYKloujSE0TsF7bBZWewQZ1Svp/VJYdqdq/RcBhnp
jPMADwrUF2PuSTCPfsFjsHjteY1Jii6xnBuSDBt4119m+0s87bzieIyCC/gMvh/l
CEctleGNlGllEutBFWZFMkRXUpUNmBfWz7utEA1PxqLXwVyxQ77jbmZLatZtZxM=
=BgUB
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Mon Aug 25 01:03:49 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 25 Aug 2008 03:03:49 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B25BDC.20600@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>	<48B02AE8.9010009@metrocast.net>	<48B0355F.9090505@bellsouth.net>
	<48B25BDC.20600@gmail.com>
Message-ID: <48B26765.807@sixdemonbag.org>

Faramir wrote:
>   By the way, and completely off topic, what does IIRC means?

If I Recall Correctly.


From rjh at sixdemonbag.org  Mon Aug 25 01:05:11 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 25 Aug 2008 03:05:11 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B2585F.5010305@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>	<48B02AE8.9010009@metrocast.net>
	<48B2585F.5010305@gmail.com>
Message-ID: <48B267B7.3020200@sixdemonbag.org>

Faramir wrote:
> OMG... and PKI was supposed to have the advantage of not having to
> exchange keys peer to peer (as symmetric encryption requires)

Err... what?

The purpose of PKI is to _facilitate_ exchanges and introductions, to
make it easier to scale public key encryption up to networks.  It's not
supposed to eliminate the need of key exchange.



From rjh at sixdemonbag.org  Mon Aug 25 01:13:01 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 25 Aug 2008 03:13:01 -0500
Subject: [Enigmail] My Bad, Sorry About That
In-Reply-To: <48B25516.9040807@gmail.com>
References: <48AE4337.30300@bellsouth.net>	<0ML2xA-1KWQJv1uGm-0003aC@mrelayeu.kundenserver.de>	<48AEA2DA.1050602@bellsouth.net>	<48AEA582.1040706@verizon.net>	<48AEA93A.2060404@bellsouth.net>	<48AEACC5.6030402@verizon.net>	<48AEAF8A.5050307@bellsouth.net>	<48AEB60D.5040406@sixdemonbag.org>	<48AFA908.6070803@gmail.com>	<48AFB275.7030106@sixdemonbag.org>	<48AFD227.5030607@gmail.com>	<48AFF335.4060900@sixdemonbag.org>	<48B02983.8000806@sixdemonbag.org>
	<48B25516.9040807@gmail.com>
Message-ID: <48B2698D.4090803@sixdemonbag.org>

Faramir wrote:
> I would ask how is this kind of problems solved, but I figure there is
> not an standard way to do it... and we are going way out of topic
> (anyway, I think it is an interesting subject...).

<moderator>

This discussion about public key infrastructure and problems with
real-world deployments is very much on topic for Enigmail.  Enigmail is
a tool for public key cryptography, but the only public key
_infrastructure_ tool it provides is the PGP Web of Trust... which, as
far as PKI goes, is really a rather poor solution.

If the volume ever gets to the point where other conversations are being
drowned out, then of course we may have to swing the Moderator Hammer.
But for now, the conversation is just fine.

</moderator>


From rjh at sixdemonbag.org  Mon Aug 25 01:21:48 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 25 Aug 2008 03:21:48 -0500
Subject: [Enigmail] First signed message
	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B1A23B.2000200@galen.org.uk>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>
	<48B1A23B.2000200@galen.org.uk>
Message-ID: <48B26B9C.3010209@sixdemonbag.org>

Bob Henson wrote:
> As a variant of the above, I wonder how far back we have to go to our
> common ancestor?

The Stone Age.  Since "the Stone Age" is defined as ten years before you
were born, that means 1965 or so.  :)

> I still miss DOS.

This list has a lot of dinosaurs on it.  I cut my teeth with serious
computing in 1982, 1983, in there, on a Symbolics LISP Machine.  I'm
pretty sure there are people on this list who go back to the days of
MULTICS, the IBM 360, and the Burroughs B5000.



From faramir.cl at gmail.com  Mon Aug 25 01:36:31 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 04:36:31 -0400
Subject: [Enigmail] First signed message -- Is tinyurl.com
	safe	and	reliable?
In-Reply-To: <48B0E3B0.10606@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>
	<48B0E3B0.10606@bellsouth.net>
Message-ID: <48B26F0F.4070504@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III escribi?:
> James Gillespie wrote:
> 
>> Of course, you would not recommend tinyurl.com if you considered it
>> unsafe for the purpose at hand, but I thought I should get your input on
>> this Zone Lab position.
> 
> I use ZoneAlarm Free and have never had an issue with TinyURL.  I also

  Maybe you should try Comodo Firewall Pro (it ranks a lot better at
matousec's firewall challenge). It is free too.

> As to Zone Lab's position; I have never been a big believer in _any_
> all-in-one Suite.  Maybe it's just a peccadillo of Mine but I don't

  I agree, some good AV manufacturer is VERY bad at making firewalls...
And I also don't think my firewall should think for me... usually, when
software "thinks" it knows better than you what you need, the problems
and headaches are very common...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsm8PAAoJEMV4f6PvczxAEgcIAJ2/v4c9hTNJUi9qEMPF3Llz
z6RYtM69Fj9ssuf1maGho/ujGO8/NGJad1+Qq35eHQ9bUFaNiiYVdKoOimwVfCZA
ArcJf91CAlcU2ZXh+gEuiTcpBj4zWaJfGW+8fel9/3NCVkJudzwNAH9npTA+o9ff
1bUaXdRxvBHcEgJ0xlrNesI5WunCZyv5XuWO800Jx21Ep78+gbKvH2tdBllu0a4i
zbKyXaP0WnZz2991+Vd2by2pmZ5j9HzSziTHGOHZRbavUIoA7I42J2Lbixeh/LuP
Xdmvk4TxyElSeMLHgi1yP40Eua+xO/Bz6K+5+aLg3BYtlY4HJ36x1kqdRk4UZN8=
=l8Ec
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug 25 01:58:21 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 04:58:21 -0400
Subject: [Enigmail] First signed message --
	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B18553.8010607@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>
	<48B18553.8010607@bellsouth.net>
Message-ID: <48B2742D.3000500@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

John W. Moore III escribi?:
> James Gillespie wrote:
> 
>> If it's not too far off topic, what do you use, other than ZA  to guard
>> against virus and malware?
> 
> AVG for A/V, Spybot S&D + Spyware Blaster & Windows Advanced Care 3 Beta
> 2.8.5 for routine sweeps.  These Apps are merely back-ups to intelligent
> & prudent Web practices.

  Or as my friends use to say: "8th layer AV" (the user being careful
about what to do, and what to don't do). It is also refereed as the
"chair-keyboard interface".

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsnQtAAoJEMV4f6PvczxAv+cH/3pRol1HY1XXilQNRA8brjhV
qp0KWJIh5K4IF1ErWs8eCHQxHc49VfwJAct9tUeVry25pira0EfswacsN6v3xmEF
yo+cLENkD/j65J3hPOa7BjfrY/uV6r5Pc2+qYFkJV9nM+oZt49rGkKdeqWiyuwOx
mq5XcmZmWQwjVEB9ETEssB37VNZpW5DS1wTqEeINYw02KeCWLJS8rRuw25v5pyGU
KUz5ZxGk5nYbLFM9wh8RqLWa9yDjZVLhJiRKP3r0UqMG4Q5kQMnU3/TqV1Y/soul
XneYZ5i2KPBKNW0xKN0Ytf0ZUmGTGg4An53qvt3VpviQdU7Xr9E7cD+2+4YZre0=
=k3z1
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug 25 01:59:16 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 04:59:16 -0400
Subject: [Enigmail] First signed message
	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B188D2.5030008@metrocast.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>
	<48B188D2.5030008@metrocast.net>
Message-ID: <48B27464.9060107@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Phil Stracchino escribi?:

> So anyway, I switched to Avast! 4.8 and have been happy with it thus
> far.  Among other nice features, it receives virus database updates much
> more frequently than AVG - sometimes several times a day - and has an
> option to perform a boot-time scan before Windows finishes loading,
> which I'm given to understand circumvents certain ways in which malware
> can exploit Windows kernel behavior in order to hide from filesystem scans.

  If I am not wrong, by default it searches for updates 6 times each
day... I use Avast! Free (free for personal use), and Comodo Firewall
Pro (free for any use). Comodo has a "proactive defense" (named
defense+) which is supposed to stop any untrusted (or unknown) program
from doing anything, unless you authorize it to do it. It can be very
annoying until it has trained enough (it is recommended to run it in
Training Mode for a few days... of course, you must be extra careful
these days). I have not had problems since I changed Norton for my
current AV and firewall... but I have not tried to test them (I just
tested Avast! once... I got infected by just loading a website... I had
to reinstall windows, installed Avast!, and returned to the site -since
I had nothing to lose- the AV gave me a warning and stopped the malware
from loading. I was still using norton firewall then, so I can't tell
what would CFP do with that site).

  Sorry if I talk too much about CFP, it is not usual to find a very
good firewall, for free (and I mean, it is not the free version of...
there is no paid version of that firewall. However, they sell support,
if their support forum is not enough for you). Ok, no more "advertising"
from me ;-)

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsnRkAAoJEMV4f6PvczxAiVUH/iF6+5XllY7pgAi5/nHzITmA
y5V2HRRXwDHudJwvBUuiznkH2RxQNLXXjRZLDiVyb8joE2aEx2krzFNUv9nqRL9V
efeWHzcFyxguJKBQc49VAmf4x1ppTIWzzpSUG9l2HfcYgbSHpn+g1hg3b/HE1qpR
cKKO55ASthQK9AMKWHISFFHnIgUl0FBo5Sa1fPhsKVMUhaB1UlS1wY8cA/Gob4Hf
Kl40/yzkOYCVakHXpQ98jINUzo0PyxljTXhTrHvk3iBKdZROeYyAyiEmgdNRHKvW
A3TG2NKvbj3duHxyI98S9X56Om+MqhEDNUBf6hUpsuNo25HynlCoY0CHpJlfSeI=
=rier
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug 25 02:50:47 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 05:50:47 -0400
Subject: [Enigmail] First signed message
	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B209D2.8070205@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>
	<48B209D2.8070205@gmail.com>
Message-ID: <48B28077.7000306@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie escribi?:

> I used to use Spybot S&D and Spyware Blaster, but they never turned
> anything up after I installed ZA Security Suite, so I stopped using
> them. Perhaps I should not be so complacent.

  While Spybot S&D has a real time protection (tea timer, if I am not
wrong), I have had problems with that... so I use it mainly to check if
something has entered my system. It can also remove infections (that is
why it is Search&Destroy), but malware has became very good reinstalling
itself, so it is a lot better to prevent than to cure. By the way, last
time I got malware (it infected my msn messenger), it got rid of it
using system restore (after restarting into safe mode). Of course, you
must also check the malware has not been backed up in the restore
points... or you will be actually reinstalling the bug...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsoB3AAoJEMV4f6PvczxAoHcH/1amZUW1f5xu6Zo1viksOp7n
t03DYeRyYw5/OW2d/xk5aujt6hvr/V1MSTCJBbUvLF80tXr1ksVjHrNG/CR1G08T
ESkwdWRrciKQxQX5YOMkYNZsbtOXneenee3oo3C23BEkEY6k/yFUHDOPLP5KIn0F
7NX3xUaNzCF8wcf7ks5uYpQPk9BXCSyHF29BFgrURkCkVtRZMlkw/KwPrUhYvRfw
3L6VTx7ia7K23YQBgrZxUXB0ltKKr+e1YGXJX2XlzxpRPR2OmyE1A7+AZ5lJhDOT
kKvS1PGnrKCZuXQSffa9djsqI6mLiD0eRdVUTdw5V7eqX4qu8QkMNh+wAJSw33E=
=778C
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Mon Aug 25 02:56:40 2008
From: faramir.cl at gmail.com (Faramir)
Date: Mon, 25 Aug 2008 05:56:40 -0400
Subject: [Enigmail] First signed
	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B21299.2070907@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>
	<48B21299.2070907@gmail.com>
Message-ID: <48B281D8.6080402@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie escribi?:

> For better or worse I came to computing too late for DOS. My next
> computer will run Linux. Thank you for your input.

  Ubuntu 8.04 has an utility that allows you to install it inside a file
in your windows computer... you can boot to either windows or ubuntu. I
would advice you to "try it" before you change one OS for another... I
mean, unless you are planning to keep your current computer while you
learn linux, it would be better to learn before having it as your only
option...

  You can also try it on a virtual machine... but I don't know if there
are free software for that...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIsoHYAAoJEMV4f6PvczxAdm0IAJhG9L7jhlDr03i5Vhya4C2i
llAEAkyiY9RVqZNbTM07aPj3vueMURQ+4JcqWYgeLOHwGXKuXYQgdqH2J+DlcY3O
lDxfgMQiM0mAqLdu1rlZFlafxwEk03s/TE08Z5uDMlI7UIjkViAZ6Ew4Yb8fcvXn
gJeWddJtWgHB91IbyUA0Xa9mPL3JBhKnFDLvx17AOxH1Xl3A0Gb8Fps/vcopxKPN
v6KTBgdz+nOLSnGH8uehL+trLlQL1wUDDF1y2LyHyJMimLkLIWQDvFb+Kpgz+vp4
FFgdMLF1ExKMe8HgaN4ButnVXgg46WwVfj2+NtT3KutQc+TRpbyIyCGNwjFJI34=
=vY5+
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Mon Aug 25 03:46:05 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Mon, 25 Aug 2008 06:46:05 -0400
Subject: [Enigmail] First signed
	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B26B9C.3010209@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>
	<48B26B9C.3010209@sixdemonbag.org>
Message-ID: <48B28D6D.7070001@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen wrote:
> This list has a lot of dinosaurs on it.  I cut my teeth with serious
> computing in 1982, 1983, in there, on a Symbolics LISP Machine.  I'm
> pretty sure there are people on this list who go back to the days of
> MULTICS, the IBM 360, and the Burroughs B5000.

Admissions:  My first exposure was BASIC and a little FORTRAN on the
Hatfield system, a PDP-10 and a PDP-11/70 linked by a custom high-speed
interface called HETTI (Hatfield Eleven To Ten Interface), in (I think)
1976.  After that, I next got exposed to a Burroughs/NCR 8100, on which
I learned NCR NEAT and Algol 60.  Core memory and punch-tape readers, whee!


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiyjW0ACgkQ0DfOju+hMkn77wCg6TKN2WEWEfKeDaNqr9ZSwne1
mZIAoM9gMtm0E2uIFT5+jIGJ384v60TO
=C9Fx
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Mon Aug 25 03:49:28 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Mon, 25 Aug 2008 06:49:28 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48B23C2D.9010602@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B0933F.2040203@Mozilla-Enigmail.org>	<48B1B466.9050506@gmail.com>	<48B1BFCD.8030906@gmail.com>
	<48B23C2D.9010602@gmail.com>
Message-ID: <48B28E38.2060502@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie wrote:
> I am moving in that direction. The thought lurks, though, that *IF* the
> state should finally go completely paranoid over some crisis in its
> permanent war against terrorism,

Whereas now it's just incompletely paranoid?  :)


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkiyjjgACgkQ0DfOju+hMklO7wCdHhqwVPaEnANBJ7mR6ZVM04cb
VDcAoKF5k1m9XeuVJkJ63Hx5G+HAT7mj
=718B
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Mon Aug 25 04:11:41 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Mon, 25 Aug 2008 06:11:41 -0500
Subject: [Enigmail] First
	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B28D6D.7070001@metrocast.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B26B9C.3010209@sixdemonbag.org>
	<48B28D6D.7070001@metrocast.net>
Message-ID: <48B2936D.1090205@sixdemonbag.org>

Phil Stracchino wrote:
> Core memory and punch-tape readers, whee!

Off topic, but kind of funny --

Years ago I was taking the graduate series in computer security.  One
question on the final exam was something as follows:

"You are a virus author who has managed to get your code running on
untrusted hardware within your target's perimeter.  Since your host
machine is untrusted, the RAM is scanned by an uninfected process on a
different machine every thirty seconds to ensure its integrity.  The
scan requires two seconds.  Your computation task will require five
minutes of computing.  How will your virus avoid ten independent virus
scans, potentially with ten different detection algorithms?"


=====

I read the question, then walked up to the proctor's desk, where Dr.
Jones was reading the latest _Communications of the ACM_.  "Can we
assume we have total control over the software for thirty seconds?" I
asked.  Dr. Jones nodded.

"Do you mind if I hypothesize some exotic networking?"

Dr. Jones shook his head no.  As long as it was firmly rooted in modern
technological capability, he didn't care if my attack used fibre
channel, ATM, token ring or anything else.

So I went back and drafted my answer.

=====

"My process will do a partial computation.  It will then beam itself out
of the system, encoding both itself and its data in a laser pulse aimed
at the Moon.  The last thing it does on its way out is clean up after
itself.  Once it hits the Moon, it hits the reflector array left behind
by the Apollo astronauts, and bounces back to Earth.  The 2.6-second
round trip time is enough to allow the virus detector to run.  When the
pulse returns to Earth, it's picked up by the network and re-infects the
system all over again, restoring it to the point in computation it was
at before it left."

I received full credit for the answer.  Dr. Jones presented it in class
as an example of an "unorthodox" and "too complicated" solution -- he
said it would have been far more effective just to bounce it around the
internet -- but as one that was technically correct.

The class, of course, was horrified.  One person turned to me, scowled,
and loudly said "EINSTEINIAN SPACETIME IS NOT A STORAGE MEDIUM!"  (I
couldn't help but howl at that.  Well, um, _usually_ it's not.)

To which Jones just muttered something about he didn't understand why
people thought this was either (a) creative or (b) offensive to the
sensibilities, since it was just a really long-path delay-line memory
cell, and we've had those since the 50s...

Everything that's old is new again.  :)

http://en.wikipedia.org/wiki/Delay_line_memory


From jmoore3rd at bellsouth.net  Mon Aug 25 04:20:54 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 25 Aug 2008 07:20:54 -0400
Subject: [Enigmail] First signed message
In-Reply-To: <48B23EFC.8020606@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B1B416.2040703@gmail.com>	<48B1E762.2070401@bellsouth.net>
	<48B23EFC.8020606@gmail.com>
Message-ID: <48B29596.80905@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

James Gillespie wrote:

> I just figured out how to view my full header. I can see why it is
> referred to as a kludge.

In Thunderbird Ctrl+U will take You to the Message Source which contains
the Full Headers.

JOHN ;)
Timestamp: Monday 25 Aug 2008, 07:20  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIspWUAAoJEBCGy9eAtCsP1kwH/judYjHmDbUaL6Iu08sDuZNc
upjf/cU+jHs+ocsghcKL6nUJlYlzvLLCtS5HYSZTlGd8XQegsBscwzN7Bu+Fia9y
eQQn7cZIkgtGmH8KCgkr8JcclRWcOqbEYcsqLbYpaQUsELWjiA1ePALZR+GSCzu+
kcpDOawVxOxWoIwMQyaMykjwtzOAj9XeYvMAAAEerWu1YmycKS92NQ4qR1Qd5g+J
4QTif73Yn0YgleIPh3ydA0l+2xB7dDB7OuZC+lItCtKcpMm7AZK8Ip8yFgyWD6Lg
m/kKYiYxf83mYFJHIhOVsATQ0h+tqxlCCR9XHP3Lfc9JhhbyNH6s5QX+UwCLZp0=
=fmGG
-----END PGP SIGNATURE-----

From sonia.bues at gmail.com  Mon Aug 25 09:48:31 2008
From: sonia.bues at gmail.com (Sonia Bues)
Date: Mon, 25 Aug 2008 17:48:31 +0100
Subject: [Enigmail] Testing
Message-ID: <48B2E25F.1040801@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Just seeing whether the signing works. Really grateful for the
opportunity, as I am trying to find my way about it and it's all a
little confusing to be honest. Would anyone be so kind as to assist me
with the encryption features? Thanks ever so much!

Oh, and I'm 26 and from the UK.


Sonia
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkiy4l8ACgkQMYAlWQU8DvfvFQCgnx+PP/6NzAFMQvLOnwQ1j7Lz
lN0An0pQwT6S87XuMDzhRLfUEEduCgzz
=f3SF
-----END PGP SIGNATURE-----

From dcameronw5 at yahoo.co.uk  Mon Aug 25 10:49:12 2008
From: dcameronw5 at yahoo.co.uk (Duncan Cameron)
Date: Mon, 25 Aug 2008 18:49:12 +0100
Subject: [Enigmail] Testing
In-Reply-To: <48B2E25F.1040801@gmail.com>
References: <48B2E25F.1040801@gmail.com>
Message-ID: <48B2F098.9020206@yahoo.co.uk>

UNTRUSTED Good signature from Sonia Bues <soniasparkle44 at hotmail.com>
Key ID: 0x053C0EF7 / Signed on: 25/08/2008 17:48
Key fingerprint: 16A4 2953 366F 5B58 E405 10F1 3180 2559 053C 0EF7

Will send an encrypted version to you directly.

Regards

Duncan



-------- Original Message  --------
Subject: [Enigmail] Testing
From: Sonia Bues <sonia.bues at gmail.com>
To: enigmail at mozdev.org
Date: 25 August 2008 17:48:31
> Hi,
>
> Just seeing whether the signing works. Really grateful for the
> opportunity, as I am trying to find my way about it and it's all a
> little confusing to be honest. Would anyone be so kind as to assist me
> with the encryption features? Thanks ever so much!
>
> Oh, and I'm 26 and from the UK.
>
>
> Sonia



From sean at rima.ws  Mon Aug 25 10:55:01 2008
From: sean at rima.ws (Sean Rima)
Date: Mon, 25 Aug 2008 18:55:01 +0100
Subject: [Enigmail] Testing
In-Reply-To: <48B2E25F.1040801@gmail.com>
References: <48B2E25F.1040801@gmail.com>
Message-ID: <48B2F1F5.5010504@rima.ws>

Sonia Bues wrote:
> Hi,
> 
> Just seeing whether the signing works. Really grateful for the
> opportunity, as I am trying to find my way about it and it's all a
> little confusing to be honest. Would anyone be so kind as to assist me
> with the encryption features? Thanks ever so much!
> 
> Oh, and I'm 26 and from the UK.
> 
> 
> Sonia

Worked fine. Will leave encryption to others :)

Sean
-- 
Sean
Thawte, GSWoT and CaCert WOT Assurer

I believe that every human has a finite number of
heartbeats. I don't intend to waste any of mine
running around doing exercises. - Neil Armstrong

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 318 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080825/526ef306/attachment.bin>

From jmoore3rd at bellsouth.net  Mon Aug 25 11:01:15 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Mon, 25 Aug 2008 14:01:15 -0400
Subject: [Enigmail] Testing
In-Reply-To: <48B2E25F.1040801@gmail.com>
References: <48B2E25F.1040801@gmail.com>
Message-ID: <48B2F36B.2080509@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sonia Bues wrote:

> Just seeing whether the signing works. Really grateful for the
> opportunity, as I am trying to find my way about it and it's all a
> little confusing to be honest. Would anyone be so kind as to assist me
> with the encryption features? Thanks ever so much!

UNTRUSTED Good signature from Sonia Bues <soniasparkle44 at hotmail.com>
Key ID: 0x053C0EF7 / Signed on: 8/25/2008 12:48 PM
Key fingerprint: 16A4 2953 366F 5B58 E405 10F1 3180 2559 053C 0EF7

I am always willing to assist with Encryption practice.  :)

JOHN ;)
Timestamp: Monday 25 Aug 2008, 14:00  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIsvNpAAoJEBCGy9eAtCsPYosH/RVWvbaQCnQ5lBNjZUR+uxZG
5TUZGr7WcZuNkcn8Tk11HgSikS8og9TY56VBOnZtmmAdfOh5dO6VP6kNVuDDPjZ0
pJlRfF5Lq9RH3urxnFsZQt0LOCsSamANXuK8pV8O8doeaZML8Mr7gYTDzUOuzcy/
K++IKiNrf2vxmDus1Bg6AIRAsqjUi1BIj8VHs5d9QGsi+WAYOuyCj1kAr4RhFnUl
W99gsTTm/ToWX1l2ojo0p+SoRkeKg9vvrLU5PpTwkczmBxyT15vSeiLSB91n+k0m
xDbUb611aTCfyPtI11Qh9WlpSstYUBDOg6DAMxmjH4kqIayprK26hVriRkH2q/Y=
=mZ47
-----END PGP SIGNATURE-----

From wastekonto at yahoo.se  Mon Aug 25 13:46:29 2008
From: wastekonto at yahoo.se (Waste)
Date: Mon, 25 Aug 2008 22:46:29 +0200
Subject: [Enigmail] First signed message	--	Is tinyurl.com	safe and
	reliable?
In-Reply-To: <48B27464.9060107@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B188D2.5030008@metrocast.net>
	<48B27464.9060107@gmail.com>
Message-ID: <48B31A25.6090905@yahoo.se>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Faramir skrev:
> Phil Stracchino escribi?:
> 
>> So anyway, I switched to Avast! 4.8 and have been happy with it thus
>> far.  Among other nice features, it receives virus database updates much
>> more frequently than AVG - sometimes several times a day - and has an
>> option to perform a boot-time scan before Windows finishes loading,
>> which I'm given to understand circumvents certain ways in which malware
>> can exploit Windows kernel behavior in order to hide from filesystem scans.
> 
>   If I am not wrong, by default it searches for updates 6 times each
> day... I use Avast! Free (free for personal use), and Comodo Firewall
> Pro (free for any use). Comodo has a "proactive defense" (named
> defense+) which is supposed to stop any untrusted (or unknown) program
> from doing anything, unless you authorize it to do it. It can be very
> annoying until it has trained enough (it is recommended to run it in
> Training Mode for a few days... of course, you must be extra careful
> these days). I have not had problems since I changed Norton for my
> current AV and firewall... but I have not tried to test them (I just
> tested Avast! once... I got infected by just loading a website... I had
> to reinstall windows, installed Avast!, and returned to the site -since
> I had nothing to lose- the AV gave me a warning and stopped the malware
> from loading. I was still using norton firewall then, so I can't tell
> what would CFP do with that site).
> 
>   Sorry if I talk too much about CFP, it is not usual to find a very
> good firewall, for free (and I mean, it is not the free version of...
> there is no paid version of that firewall. However, they sell support,
> if their support forum is not enough for you). Ok, no more "advertising"
> from me ;-)
> 
>   Best Regards

I can nothing but recommend NOD32. Have used it for 5 years now and i
have had only one virus infection during that time (this last spring).
The ironic thing is that 15 minutes after my infection the virus
definition for NOD32, for that actual virus, was sent out by ESET. But
regardless, NOD32 is the without question the best Anti-Virus I have
used. It's fast, effective, and uses very little resources.

When it comes to OS I really wish that software companies would make
their software available for Linux. That would be really great. For the
moment I can't move to Linux, mostly because of my production in music.
And moving to Mac and OSX is no alternative. I will NEVER pay the double
price for the same hardware as used in PC's, just because it is an apple
on it. That's pure stupidity.

But soon it's time for another upgrade and could result in this setup:
- - Desktop PC (Linux - new setup)
- - Pure music production PC (Windows - new setup)
- - Server PC (OpenBSD - existing setup)


_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10-svn4809 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJIsxokAAoJEIjrKyJ4MaoKU7UP/A+rzPHm6MgA7bx8SC0GXgs7
iGXp4wqR0uJjrrDDjIGntZwMKe9+mVglcggKYAU/nX2q4nVQCms8Fv+uK2LGMVq5
V3egKZKwUShtUkjuyQN+L3AUv9qhMgdS2a6iC3Wg3XVEGuCKQoT2w6eJItfgVG5e
jVAXaj18fv0bxfG1IWxZ0jLqCsBHPmRMtCUtcgnoWXsf/2lFkA2NJ5sknQxUhBIB
Kucn1Ng11udDjAdiu5eWmCH9iW1TuAjrhym8t2OvMI4t6LYtEZ0rmpYaZyksd9wH
1J15fX/k0fuYHO/ztVSfp3R2GDq/C/7GiUgV4OBtlwpLSzQZz/gFihKx9rTq42/z
dVOMNq/Ns44UwMqHgc8abC9X5WgL58ABgFQKF7U57Y3E8YxLmt9EGY12PsBWHb6A
ND/jk2DRsYrCkHFzRoSnbCrX3kkC477qo7icXEkEIOKsNOzt+0p6kJG32mx1RHoN
lOlfzxknScGKS9HyklD6VukdLguZAPJ7e/rtPZ4eKeLMtSo39D+FRx6BeHuLd8KF
hDrYpO3Oy2hsMeZHPTAkbhBfpoYAVL5HNZPKXKzc8IfH3lh1I0i0Etu6F3pUWclZ
Qsl0bc6D83j0ua/95xpbRdZxMmePt1NXCmA0FdWuDjfndkochbDeVBeBDRWIvZio
8GPW1q4Y5zikrPt/gBNI
=kVz8
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Mon Aug 25 14:52:39 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Mon, 25 Aug 2008 17:52:39 -0400
Subject: [Enigmail] Testing
In-Reply-To: <48B2E25F.1040801@gmail.com>
References: <48B2E25F.1040801@gmail.com>
Message-ID: <48B329A7.7030801@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sonia Bues wrote:
> Hi,
> 
> Just seeing whether the signing works. Really grateful for the
> opportunity, as I am trying to find my way about it and it's all a
> little confusing to be honest. Would anyone be so kind as to assist me
> with the encryption features? Thanks ever so much!
> 
> Oh, and I'm 26 and from the UK.

UNTRUSTED Good signature from Sonia Bues <soniasparkle44 at hotmail.com>
Key ID: 0x053C0EF7 / Signed on: 08/25/08 12:48
Key fingerprint: 16A4 2953 366F 5B58 E405 10F1 3180 2559 053C 0EF7


Signature is fine.  Feel free to send an encrypted test message,
person-to-person, NOT to the list.  (Sending encrypted messages to the
entire list just wastes everyone's bandwidth.)


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkizKacACgkQ0DfOju+hMkmBNgCfTx/zzkeYuPeAEP3iqgacy0zK
9QgAniROaDn1GlGpJf6dBwXz+jEuiZhG
=xrod
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Tue Aug 26 20:37:38 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Tue, 26 Aug 2008 20:37:38 -0700
Subject: [Enigmail] First signed message
In-Reply-To: <48B22ACC.3040709@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>
	<48B22ACC.3040709@bellsouth.net>
Message-ID: <48B4CC02.1050500@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John W. Moore III wrote:
> James Gillespie wrote:
> 
>> I used to use Spybot S&D and Spyware Blaster, but they never turned
>> anything up after I installed ZA Security Suite, so I stopped using
>> them. Perhaps I should not be so complacent.
> 
> Whenever an Application stops returning 'Problems to Solve' My 1st
> impulse is to pat Myself on the back; not assume the Application has
> ceased being functional.  Another suggestion; I also use the 'No Script'
> Extension/Add-On with Firefox.  Blocking the running of Scripts on Web
> Pages until I have decided to authorize them is another good
> prophylactic measure.
> 
I updated and acitvated Spybot and Spyware Blaster. Spybot turned up a
dozen tracking cookies. I expect I removed them, but I expect to see
them turn up again.

I also installed the NoScript Add-On. It looks like a very useful tool.
Thanks for the tip.

jg

- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki0zAEACgkQEbLUj7pltrByHwCePUNH2e8zoSRyY6GOos+egqV1
dBgAnie/JeABRvH90kfD/j37H6U+H3Y4
=E5OY
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Tue Aug 26 21:06:46 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Tue, 26 Aug 2008 21:06:46 -0700
Subject: [Enigmail] First signed
	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B28077.7000306@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>
	<48B28077.7000306@gmail.com>
Message-ID: <48B4D2D6.8050700@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Faramir wrote:
 By the way, last
> time I got malware (it infected my msn messenger), it got rid of it
> using system restore (after restarting into safe mode). Of course, you
> must also check the malware has not been backed up in the restore
> points... or you will be actually reinstalling the bug...
> 
How do you check that the malware has not been backed up in the restore
points? Is it just a matter of knowing about when you got the virus and
making sure you select a restore point that predates the infection?

jg


- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki00tIACgkQEbLUj7pltrDndACZARp5jdvAQ4vnUeyx+grkRJgL
7GoAn2Fx1bL70IIPoHtOGRYsOdpWJxfD
=klFe
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Tue Aug 26 21:18:35 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Tue, 26 Aug 2008 21:18:35 -0700
Subject: [Enigmail] First
	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B281D8.6080402@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B21299.2070907@gmail.com>
	<48B281D8.6080402@gmail.com>
Message-ID: <48B4D59B.9070704@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Faramir wrote:

> 
>   Ubuntu 8.04 has an utility that allows you to install it inside a file
> in your windows computer... you can boot to either windows or ubuntu. I
> would advice you to "try it" before you change one OS for another... I
> mean, unless you are planning to keep your current computer while you
> learn linux, it would be better to learn before having it as your only
> option...
> 
Is there anything you can do when booted to Ubuntu within Windows that
could destroy Windows? Is that something to worry about?

jpg
- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki01ZkACgkQEbLUj7pltrDoQgCgslWs1H1q8ExRzB3G3i4tafCV
IPYAn0MkL7tyG0w4p55w+z/Q2pBPbBMY
=nSj4
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Tue Aug 26 21:32:50 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 26 Aug 2008 23:32:50 -0500
Subject: [Enigmail] Malware (was re: tinyurl)
In-Reply-To: <48B4D2D6.8050700@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>
	<48B4D2D6.8050700@gmail.com>
Message-ID: <48B4D8F2.9010606@sixdemonbag.org>

James Gillespie wrote:
> How do you check that the malware has not been backed up in the restore
> points?

I've found that prayer works about as reliably as anything else.

> Is it just a matter of knowing about when you got the virus and
> making sure you select a restore point that predates the infection?

No.

The only reliable cure for malware -- the _only_ reliable cure for
malware -- is to format your hard drive and restore it from backups that
predate the infection.  A restore point isn't a backup.  Restore points
can be read, altered, modified.  If you get infected, you should assume
all your restore points are infected, too.



From rjh at sixdemonbag.org  Tue Aug 26 21:35:54 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Tue, 26 Aug 2008 23:35:54 -0500
Subject: [Enigmail] Ubuntu and Windows (was re: tinyurl)
In-Reply-To: <48B4D59B.9070704@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B21299.2070907@gmail.com>	<48B281D8.6080402@gmail.com>
	<48B4D59B.9070704@gmail.com>
Message-ID: <48B4D9AA.3060004@sixdemonbag.org>

James Gillespie wrote:
> Is there anything you can do when booted to Ubuntu within Windows that
> could destroy Windows? Is that something to worry about?

Swing a fire axe at your hard drive.  That would probably do a real
number on your setup.

Barring that, the answer is pretty much "no".


From aleksei.sinjuk at mil.ee  Tue Aug 26 22:07:27 2008
From: aleksei.sinjuk at mil.ee (Aleksei Sinjuk)
Date: Wed, 27 Aug 2008 08:07:27 +0300
Subject: [Enigmail] Hello Engmail
Message-ID: <48B4E10F.5010202@mil.ee>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thank you for Engmail application you made. I am a new one in this
PGP world and could you help me a litle bit. Let me know how can i
delete my public key from keyserver "pool.sks-keyservers.net"?

Looking forward from you,
Aleksei Sinjuk


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki04Q4ACgkQQ+HDsoIHZLAIQwCeL2I9iiqnNRAfk0FdkznuMgGb
LJwAn0fSwkZMm/GOjUoSUBFt0ieaJIUm
=TSm1
-----END PGP SIGNATURE-----

From mlisten at hammernoch.net  Wed Aug 27 02:38:03 2008
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Wed, 27 Aug 2008 11:38:03 +0200
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B4E10F.5010202@mil.ee>
References: <48B4E10F.5010202@mil.ee>
Message-ID: <48B5207B.508@hammernoch.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Aleksei,

Aleksei Sinjuk wrote on 27.08.2008 7:07 Uhr:
> Thank you for Engmail application you made.

You're speaking to the users mailing list :-) Well, the development team
is listening though.

You might want to subscribe to the mailing list (e.g. at
http://www.mozdev.org/mailman/listinfo/enigmail), so that you can
receive other answers as well. Otherwise you have to read them in the
archives (http://mozdev.org/pipermail/enigmail/index.html)

> I am a new one in this
> PGP world and could you help me a litle bit.

No problem, you're at the right place :-)

> Let me know how can i
> delete my public key from keyserver "pool.sks-keyservers.net"?

Nobody can delete keys from the keyservers. They are intended to hold
every key they receive and to synchronize with other keyservers. So,
once you send a key to one of them it spreads to other keyservers.

The only way to mark a key as "please do not use it any more" is to
revoke a key and update this information on the server (send the key again).

I hope you still have all your generated private keys - they are
necessary to generate the revocation certificate.

Hope that helps!

Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSLUgelYnpxVXVowdAQq7jwgAij12XGRHOWVCiCGGVB1jiaZxVCJ8TQjA
hJ7S8WvN4hk8zAnO6klCf0K1ScgTAkfreezh0kLV3mpF7M3X2UEy7YxKgaI30M+P
KgtEejl+rfpZz1ilS4AQcTuWVG3g8fCZ9ISYcV/Dr2ofbt76u0BFKY8gdOJTwslf
yE8gvfRYCvbea2bQxRToDkFVuwP+vFrnosaAftdctKmDJ/EFLgla/J8fXWSRqm7c
J+udCTVXiKGrqrISnS7sHx5lIs12a/nx4lKEI2L7E91PV0yBfdHhLD48PhrPdedP
zqnz7yYI/r/7A7k5V5NxrfgJrQkLw7ZYpVp5+wbN+rgEb7KTlHpe5Q==
=mHIl
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Wed Aug 27 04:40:49 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 27 Aug 2008 07:40:49 -0400
Subject: [Enigmail] Malware (was re: tinyurl)
In-Reply-To: <48B4D8F2.9010606@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>
	<48B4D8F2.9010606@sixdemonbag.org>
Message-ID: <48B53D41.8060602@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Robert J. Hansen wrote:

> I've found that prayer works about as reliably as anything else.

*/
Knowing Grin
/*

> The only reliable cure for malware -- the _only_ reliable cure for
> malware -- is to format your hard drive and restore it from backups that
> predate the infection.  A restore point isn't a backup.  Restore points
> can be read, altered, modified.  If you get infected, you should assume
> all your restore points are infected, too.

Er.....  In the above, shouldn't "reliable" be changed to 'guaranteed'?

JOHN ;)
Timestamp: Wednesday 27 Aug 2008, 07:40  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJItT0/AAoJEBCGy9eAtCsP8qEH/1OAK7CbCMdSsYwt7VnFH3+B
Fof7v9xQ4jQkypq3DU73hdv2H1MLANFjcGFms1LLWcgtaC54c9OgZGbpJZEozws3
GVwj+/omgdkAr0TnLx+iG+oI2VmrHKZqqVu0sT06Kin0MF+e4B2yeL9kWz+pPL1U
/anOG1AdvLWuFC3+YBR2tfXVGU4hZtI5QBQmUKBT5m7TKAFp7P/adI7yfmoRwu9O
OH3B5p4FxnXl7uiqFB5ljzBqZaluuCTa2CH81i2KsbLne4F14y4WLb6m2N7FXC6x
A9XwqJOc6C6W1i+LuxMYm/OZ0mKqO75FBWbYb0S1TVzVe6+Pc/oSw9urYLX/tX8=
=qtDk
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Wed Aug 27 04:45:34 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Wed, 27 Aug 2008 07:45:34 -0400
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B4E10F.5010202@mil.ee>
References: <48B4E10F.5010202@mil.ee>
Message-ID: <48B53E5E.7070005@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Aleksei Sinjuk wrote:
> Thank you for Engmail application you made. I am a new one in this
> PGP world and could you help me a litle bit. Let me know how can i
> delete my public key from keyserver "pool.sks-keyservers.net"?

Good News/Bad News!!

NO, You cannot delete a Key from the Keyservers.

YES, You can do /something/ about it.  Revoke the Key.  After revoking
the Key send the Revoked Key to the Keyserver(s).

JOHN ;)
Timestamp: Wednesday 27 Aug 2008, 07:45  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4815: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJItT5dAAoJEBCGy9eAtCsPXZ4IAJIj5fqSDJSwmWVxjBHRVFmC
OgVX8fzPupsZBFg8DBApzJ41pA7rvSFJcwKyhraBFKjMazxxnOiW4Pw75yWB7QjG
bWwewH4Tl6tdHmgBlKXqphsJzrb4S8vDSnsKyMKPNFyyZjOlMghG7XMfU9K9s9eq
zoSEoZQZWccEo1MI6yFZmM8u5yUCH5vCHZuSyRt8jkGc2zs8WDroaRG5CPCQhe5X
D7Fe+jurxbkJSNy2dISgJ2IgZZ61RIKULy3TIzooumRvMqiZ7XafL9vamSOJmeo+
6b996eX87DgmwM69WCqOWDum48ZhgSLOBaSka03Mxv8Em2x27MDoDoWrnL6UuIg=
=Kf6f
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Wed Aug 27 05:11:13 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 27 Aug 2008 07:11:13 -0500
Subject: [Enigmail] Malware (was re: tinyurl)
In-Reply-To: <48B53D41.8060602@bellsouth.net>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B4D8F2.9010606@sixdemonbag.org>
	<48B53D41.8060602@bellsouth.net>
Message-ID: <48B54461.5060503@sixdemonbag.org>

John W. Moore III wrote:
> Er.....  In the above, shouldn't "reliable" be changed to 'guaranteed'?

Nope.  I've found zero reliable ways to deal with malware other than
wiping the drive and starting over from a known good disk image.

The nuclear option is, AFAIK, the only reliable option.


From faramir.cl at gmail.com  Wed Aug 27 10:19:19 2008
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 27 Aug 2008 13:19:19 -0400
Subject: [Enigmail] First
	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B4D2D6.8050700@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>
	<48B4D2D6.8050700@gmail.com>
Message-ID: <48B58C97.8040403@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie escribi?:
> Faramir wrote:
>  By the way, last
>> time I got malware (it infected my msn messenger), it got rid of it
>> using system restore (after restarting into safe mode). Of course, you
>> must also check the malware has not been backed up in the restore
>> points... or you will be actually reinstalling the bug...

> How do you check that the malware has not been backed up in the restore
> points? Is it just a matter of knowing about when you got the virus and
> making sure you select a restore point that predates the infection?

  Well, yes, if you know when did you catch the virus, you know restore
points older than that date are "clean". My AV also scan the restore
points, so I can know if one of them is infected. IMHO, having a good
firewall, it is more likely you will notice at once when you get a
malware, since a lot of them will try to either spread themselves using
your network resources, or they will try to send data to their "owner".
In both cases, the firewall should warn you about a new program trying
to access internet... and if you know you have not installed or upgraded
anything... in that case, I would block that program, and scan it or
look for info about it. I would try to clean the computer, or end the
process, and restart my computer into safe mode and apply AV, anti
malware, etc. And then, I would try to restore to a previous point.

  But if you don't know when did you catch the infection, things can be
a lot more complicated... if I succeed in removing the malware, I would
do a general scan of all the system, including restore points, and use
tools like hijackthis to be sure the computer is safe to use. Once I
read a paper that says "if your computer got a virus, you should format
and reinstall". It is up to you to decide if you will trust your system,
or suspect the malware could have damaged your AV tools...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJItYyXAAoJEMV4f6PvczxAfr8H/AwJJfETRfRfw2mG6tXjda4T
BPg9snqadvmjW8tWmENJk8FIb64ARmuvzXkF5uNBI8FOmCmEolzIGYvXKyNb5csi
NrnBcyiAz2nwtyW4/mnLP2GwOdAZXwkJTGMcOXNHdEC5H+Ih04waRGJlxBvWiUUu
I/rUJGnnswAQvQTKne+HsXzXO7xQAj5uqJCN/i8ERlTowtWqTgWV5sX60z5OTlHb
1iGU4ldp5294NHDkfyWgGPq0zeWhgPfEnwjzMs12coDR2wxsMCSHjlplnAVHzl60
6LRi9W/+quK6BJW14SxqYTWsmycLKD2N7prO9jHyusDvNXbf61UMDi7ZpNU7iW4=
=0h2y
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Wed Aug 27 10:37:01 2008
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 27 Aug 2008 13:37:01 -0400
Subject: [Enigmail]
	First	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B4D59B.9070704@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B21299.2070907@gmail.com>	<48B281D8.6080402@gmail.com>
	<48B4D59B.9070704@gmail.com>
Message-ID: <48B590BD.7000705@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie escribi?:
> Faramir wrote:
> 
>>   Ubuntu 8.04 has an utility that allows you to install it inside a file
>> in your windows computer... you can boot to either windows or ubuntu. I

> Is there anything you can do when booted to Ubuntu within Windows that
> could destroy Windows? Is that something to worry about?

  I suppose it should be safe, but I have not tried it myself, so maybe
you should look at ubuntu's website, they have support forums, FAQs...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJItZC9AAoJEMV4f6PvczxAuSgH/iLfSV5TVhQLJcDG/C3ll+av
Yquvnz4rJM4XS+f1GnKzH7WVa6W/YV1G4vC2KkBHelzGi8llqNVYNkulHNtUBxYa
vN63NCyGIgHYTmoP8EfnSraryxnbQ17HgVOaGRJkyQgGiH51RtDE9G4nlzALbBgL
oc2pFUL9MA5+k1I+uE8a3Pj95jlJn8zkn6ZsnNX11YzHEKXzW8foDMzN8JWw8qww
lFtAIgz7l2QzjXKEDWRWGqHpZ5Zm62C8RTAu9xFj7KdbvxMZqBwvs5EiTDbshJlN
h1UX/XT3w9ycnsB6FcBqUaYSWWj7kDSAjvTjFYCmgpMigxEGnph/b4xGgx9458k=
=jJu9
-----END PGP SIGNATURE-----

From rasmith1959 at yahoo.com  Wed Aug 27 10:59:34 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Wed, 27 Aug 2008 12:59:34 -0500
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B4E10F.5010202@mil.ee>
References: <48B4E10F.5010202@mil.ee>
Message-ID: <48B59605.7000106@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Aleksei Sinjuk wrote:
> Thank you for Engmail application you made. I am a new one in this
> PGP world and could you help me a litle bit. Let me know how can i
> delete my public key from keyserver "pool.sks-keyservers.net"?

Unfortunately once you've uploaded your public key to a keyserver
there is no way you can delete it.

- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQIcBAEBAgAGBQJItZYFAAoJEG7cp55ZD5UOGbwP/RV/XVpYboyk7qy4WuolJXQG
VzKkC/P1iXSGnu66QcDWK6qb16nnsJy2eWr1aXH5LfLckPCGJ5zXNqkDaNystg3L
ft06GVo9vY6ymIWQ1y6AFSh3nxANU/GbVbiFpu0VYdUoUFsSEljiw2iyp9KVtiy8
zsiOWQQ/ygpob+xYFWnB6xjv3TYrEcRbREFeq2LyUeOqEbESH4csztRjT28wzvOl
jBATczMex0HECp+mhWRod08+8UfbBPL9CifY0X4CTOPAonsIrC5/W1KY6vUtVnTs
iy5Y7l6dQAUUlInEBwnxervdCIG44yB0AIpLWhNT8wj8ShTMACKzQfcOEhn0bHwQ
QrA5370sy0b9zoseFXHgINOeFfK74pSntEz1mYQxFEHoRbDoFlzSIrOtQ/8ydx62
z38hBG3+TkZFDqXxvaok4vuTaD/EHQcfjNtwWjELgKHfvdCIyxMdd9mCxxcvAob9
oHyWVDX0doEWCssrI4iDoJe68KDWCQvUhzQyb2gb8xnRLGx9T4O07WKSbOl48npc
MXZCVFFXBVW4zGAxOuDqS5w/0edtpx6+hqaKBAvd10MMiWvv8PaBaqHXzLQ5dxVW
zxKh9/tKAjxbJd7o2HkgjlNs3B7uD8w8f6p0EOWyflnR7Sgkjfaxx4jTz02XTYTg
fOq2L/0v0mo6EYElpKuV
=buCM
-----END PGP SIGNATURE-----


From dfnsonfsduifb at gmx.de  Wed Aug 27 11:09:26 2008
From: dfnsonfsduifb at gmx.de (Johannes Bauer)
Date: Wed, 27 Aug 2008 20:09:26 +0200
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B59605.7000106@yahoo.com>
References: <48B4E10F.5010202@mil.ee> <48B59605.7000106@yahoo.com>
Message-ID: <48B59856.7020809@gmx.de>

Roy Smith schrieb:

> Unfortunately once you've uploaded your public key to a keyserver
> there is no way you can delete it.

Why do even expires keys hang around the keyservers? Some of mine 
expired three years ago and are still there.

Regards,
Johannes

From rjh at sixdemonbag.org  Wed Aug 27 11:16:28 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 27 Aug 2008 13:16:28 -0500
Subject: [Enigmail]
	First	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B58C97.8040403@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>
	<48B58C97.8040403@gmail.com>
Message-ID: <48B599FC.2070509@sixdemonbag.org>

Faramir wrote:
>   Well, yes, if you know when did you catch the virus, you know restore
> points older than that date are "clean".

How do you know?  The restore points are stored on disk; they're a high
value target for malware.

Expect malware -- especially competently written malware -- to go after
the restore points.

> My AV also scan the restore
> points, so I can know if one of them is infected.

Unless, of course, the malware hijacks your AV.

> if I succeed in removing the malware

How do you know if you've succeeded?



Malware, and especially malware recovery, is a _huge_ open problem in
computer security.  I have no knowledge of any reliable recovery method
other than using a known-clean backup.

From John at Mozilla-Enigmail.org  Wed Aug 27 11:15:52 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Wed, 27 Aug 2008 13:15:52 -0500
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B4E10F.5010202@mil.ee>
References: <48B4E10F.5010202@mil.ee>
Message-ID: <48B599D8.3020703@Mozilla-Enigmail.org>

Aleksei Sinjuk wrote:
> Thank you for Engmail application you made. I am a new one in this
> PGP world and could you help me a litle bit. Let me know how can i
> delete my public key from keyserver "pool.sks-keyservers.net"?

Simple answer: Not Possible.

pool.sks-keyservers.net is a random collection of 20 server addresses taken from
a pool of 30-33 well-synchronized servers. For purposes of discussion, it is
easiest to think of the name as addressing all SKS servers.

Even if I attempted to delete a key from my keyserver, it would be replaced the
next time I did a reconciliation with whichever of my SKS peers I connect to at
random. Average time for this to occur: < 1 minute. The same holds true for any
other SKS server.

Your best bet is to generate and import a revocation certificate and send the
revoked key to the keyserver network.

NB: It _IS_ possible to delete keys in a few small use cases, but those servers
do not synchronize with any others so they are of limited value.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080827/2c82a318/attachment.bin>

From rjh at sixdemonbag.org  Wed Aug 27 11:19:13 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 27 Aug 2008 13:19:13 -0500
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B59856.7020809@gmx.de>
References: <48B4E10F.5010202@mil.ee> <48B59605.7000106@yahoo.com>
	<48B59856.7020809@gmx.de>
Message-ID: <48B59AA1.9010506@sixdemonbag.org>

Johannes Bauer wrote:
> Why do even expires keys hang around the keyservers? Some of mine
> expired three years ago and are still there.

Because then you could get rid of any key with an expiration date just
by attacking its NTP server and advancing the clock.

The keyserver network is designed to never, ever, lose a key.  Ever.
This design decision is part of the keyserver network's security policy.


From mlisten at hammernoch.net  Wed Aug 27 11:22:04 2008
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Wed, 27 Aug 2008 20:22:04 +0200
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B59856.7020809@gmx.de>
References: <48B4E10F.5010202@mil.ee> <48B59605.7000106@yahoo.com>
	<48B59856.7020809@gmx.de>
Message-ID: <48B59B4C.9000702@hammernoch.net>

Hi,

Johannes Bauer wrote on 27.08.2008 20:09 Uhr:

> Why do even expires keys hang around the keyservers? Some of mine
> expired three years ago and are still there.

They may be used to check old signatures of you.

Ludwig

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080827/ce87712f/attachment.bin>

From John at Mozilla-Enigmail.org  Wed Aug 27 11:24:42 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Wed, 27 Aug 2008 13:24:42 -0500
Subject: [Enigmail] Hello Engmail
In-Reply-To: <48B59856.7020809@gmx.de>
References: <48B4E10F.5010202@mil.ee> <48B59605.7000106@yahoo.com>
	<48B59856.7020809@gmx.de>
Message-ID: <48B59BEA.3050802@Mozilla-Enigmail.org>

Johannes Bauer wrote:
> Roy Smith schrieb:
> 
>> Unfortunately once you've uploaded your public key to a keyserver
>> there is no way you can delete it.
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      ^^^ Commit to memory ^^^

> Why do even expired keys hang around the keyservers? Some of mine 
> expired three years ago and are still there.

Please reread the Roy's response.  Expired keys are still on the keyservers for
the same reason any other key is still on the keyservers: because they are not
deleted. Keys are _never_ deleted. Ever.

This is by design.

You do not wish a key to be used any longer - revoke it.
Lost the passphrase or private key and didn't generate a revocation certificate
beforehand? Then I guess the world just has one more orphan key to add to the
collection.


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080827/8df909a3/attachment.bin>

From faramir.cl at gmail.com  Wed Aug 27 12:26:57 2008
From: faramir.cl at gmail.com (Faramir)
Date: Wed, 27 Aug 2008 15:26:57 -0400
Subject: [Enigmail]
	First	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B599FC.2070509@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>
	<48B599FC.2070509@sixdemonbag.org>
Message-ID: <48B5AA81.3040304@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Robert J. Hansen escribi?:
> Faramir wrote:
>>   Well, yes, if you know when did you catch the virus, you know restore
>> points older than that date are "clean".
> 
> How do you know?  The restore points are stored on disk; they're a high
> value target for malware.

  Yes, that is true. But I think the main problem with virus, is they
make you lose information and time. Information, since they can corrupt
files (or delete them), and time, because you need to fix the computer,
by using a virus removal tool, or by formating - reinstalling
everything. If you chose to don't try to remove the virus, and just
format... then you already lost a lot of info and time, so maybe it is
worth trying to remove the virus... Is it 100% reliable? No, but maybe
to format would make you lose even more info than the virus would
destroy... so I would try my less destructive chances before applying an
EMP to my computer...

> Expect malware -- especially competently written malware -- to go after
> the restore points.

  Yes, but maybe the malware was not so competently written... Last time
I got infected, it was an msn worm... it tried to infect all my
contacts, but to my surprise, the few contacts that received the virus
message, reported there was not any link in the message (the malware
spreads by sending a link, if the user clicks it, they get infected).
Something was smart enough to remove the link... I don't know if it was
my AV, or my firewall, or msn server... I just know it tried to send the
message to a lot of people, and just a few of these people got the
message, and none of these people actually received the dangerous link.
Anyway, I ran all the detection tools I could have access, I checked the
 active process running on the computer, and I searched info about the
link, to know what was the malware capable to do...

>> My AV also scan the restore
>> points, so I can know if one of them is infected.
> 
> Unless, of course, the malware hijacks your AV.

  That is possible, I think I put some lines about that subject, if not
in the message you replied from, in another message about the same
topic. I have read a paper from Jesper M. Johansson, Ph.D., CISSP, MCSE,
MCP+I, at microsoft technet, it is named "Help: I Got Hacked. Now What
Do I Do?"
  That paper talks about the fact we can't know trust anything running
on a compromised system, because it can be hijacked by the malware.
However, I figure if we could boot from a CD containing the AV software,
we could clean the system with tools we know are safe to use... but
since I stopped using Norton AV, I have never had those "rescue disks"
again.

>> if I succeed in removing the malware
> 
> How do you know if you've succeeded?

  Well, in my case, because I didn't have any strange behaviour... also,
if you know the malware's identity, you can know what it does, and you
can know if it is capable of hijacking the AV tools, or if it is easy to
remove. But that probably requires to know how did the virus entered in
the system, so you can look for info about the virus from a clean machine.

  And what about these virus that can compromise the BIOS? That is so
scary I don't even want to think about it... we could format, reinstall,
and still have an unwanted guest in the system...

> Malware, and especially malware recovery, is a _huge_ open problem in
> computer security.  I have no knowledge of any reliable recovery method
> other than using a known-clean backup.

  As I said, probably booting from a removable media, like a CD, and
using tools from that CD, would be safe enough to be able to trust the
AV reports.

  But, another scary thing: how can you know your system has not been
compromised? If a malware can avoid detection, and it doesn't cause
unexpected behaviour (lost of performance), we would never know we have
a problem... even the known-clean backup can be not so clean... But at
some point we must say "enough, I don't want to live with a tin foil hat"...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJItaqAAAoJEMV4f6PvczxAP4sIAJnW0SUjNC3KAR8Y9iJgPuFe
qbls5KOIzRaJliqON9gIME9UFJu56alU/DETFAtRRd0eJ4HwFcGPe2OFMHfCp65I
Lw3dL8iqMEcycxXQ1TY5zkY/j77HX2/IDmQXVZTR4/r3eZNaS0KyhbQOfuYsbhpT
6zAvnb8TBVlSHe5l9oHmWHzFd80xYB0LrO5+Z95caoRAmqeFYdYzM6ktyp4THcRi
PZhPblyg0ou8mqIjb+vDDjaOlI/T3VKj5Ks3Y0lsE7QjAR2ekdaWZrHV3hEmpHPc
cEeCfuT5JCNwPXVn9gLGvxmVRJUMPMCOOe6MhlSPEAPyimjtlDJ5BKZp5LAws2g=
=lTfg
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Wed Aug 27 12:38:43 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Wed, 27 Aug 2008 14:38:43 -0500
Subject: [Enigmail] Malware redux (was: tinyurl)
In-Reply-To: <48B5AA81.3040304@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>
	<48B5AA81.3040304@gmail.com>
Message-ID: <48B5AD43.20506@sixdemonbag.org>

Faramir wrote:
> If you chose to don't try to remove the virus, and just format...
> then you already lost a lot of info and time, so maybe it is worth
> trying to remove the virus... Is it 100% reliable? No...

If you don't have control over your system, you have _no_ security worth
talking about.  None, period, nada, end of sentence.

If you're concerned about your online security, the beginning and ending
is the same: _ensure you have control over your system_.

If you want to use half measures for yourself, measures which by your
own admission are not reliable at putting the system back under your
sole control, feel free.  But for an awful lot of people, their security
policies are best implemented with a "nuke, pave and restore after
malware" plan.

> Yes, but maybe the malware was not so competently written...

You seem to be placing an awful lot of trust in a conjecture.

> Well, in my case, because I didn't have any strange behaviour...

Doesn't prove anything.  Competent malware is, almost by definition,
malware you don't notice.

In fact, we've already seen strains of malware that work by removing
other pieces of malware from your system.  That's right -- they clean up
your system for you.  That way, there's more CPU resources they can use
for themselves.

Don't go about thinking these strains of malware are "nice" because they
do something that seems useful.  You should be thinking these strains of
malware are _incredibly freaking dangerous_.  Incompetently written
malware is incompetent... but once malware starts to show forethought,
planning, software engineering, _elegance_ in how it attacks you, that's
a sign you're in way over your head.

> if you know the malware's identity

How do you plan on finding out?  Trusting the AV vendor?  Have you
noticed that independent testing of AV software is kind of a black art?
 You're stuck relying on what your vendor tells you.  This is not the
same as being able to prove to yourself that what your vendor tells you
is correct.

> But, another scary thing: how can you know your system has not been 
> compromised? If a malware can avoid detection, and it doesn't cause 
> unexpected behaviour (lost of performance), we would never know we
> have a problem...

Yep.  Welcome to the fields of ongoing research.


From gillespie.jp at gmail.com  Wed Aug 27 21:42:52 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Wed, 27 Aug 2008 21:42:52 -0700
Subject: [Enigmail] Malware redux
In-Reply-To: <48B5AD43.20506@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>
	<48B5AD43.20506@sixdemonbag.org>
Message-ID: <48B62CCC.30308@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:
> Faramir wrote:

>> But, another scary thing: how can you know your system has not been 
>> compromised? If a malware can avoid detection, and it doesn't cause 
>> unexpected behaviour (lost of performance), we would never know we
>> have a problem...
> 
> Yep.  Welcome to the fields of ongoing research.
> 
> 
Are we talking here about Faramir's worry about the possibility of a
virus infecting the bios?

Is this an admission that formatting and installing a clean backup is
neither a reliable nor a guaranteed solution to malware but only a half
measure after all -- one that affords us no certainty that our system is
ever under our control?

If so, it seems to me that Faramir's approach of weighing risks makes
practical sense. You judge as best you can the condition of your system,
the risks you are taking, the material and psychic costs of attempting
to reduce the risks. You decide which tasks you are willing to trust to
your computer at various levels of risk, and you decide what measures,
if any, seem worth taking to increase the utility of your computer. You
might decide to walk to the bank instead of logging in.

The risk, apparently, is always there. Tolerance to risk is a subjective
thing, and the price we are willing to pay to mitigate it is a
subjective decision that we all make. The better we know our systems,
the more satisfactory to us will be our decisions.

jp
_______________________________________________
- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki2LMcACgkQEbLUj7pltrBwDACeMJxPQpXAnJCo4hSs5rx1/Zp7
bpMAoJGJCUyrZh8/yDsXvPqiimZpV+zC
=S30p
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Wed Aug 27 21:44:14 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Wed, 27 Aug 2008 21:44:14 -0700
Subject: [Enigmail]
	First	signed	message	--	Is	tinyurl.com	safe	and	reliable?
In-Reply-To: <48B590BD.7000705@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B21299.2070907@gmail.com>	<48B281D8.6080402@gmail.com>	<48B4D59B.9070704@gmail.com>
	<48B590BD.7000705@gmail.com>
Message-ID: <48B62D1E.4060609@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Faramir wrote:
> James Gillespie escribi?:

>> Is there anything you can do when booted to Ubuntu within Windows that
>> could destroy Windows? Is that something to worry about?
> 
>   I suppose it should be safe, but I have not tried it myself, so maybe
> you should look at ubuntu's website, they have support forums, FAQs...
> 
Robert J. Hansen also seems to think it should be safe, and it seems
like an excellent thing for me to do. I'll check the sources you mention.

Thanks,

jg

- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki2LRgACgkQEbLUj7pltrAh1wCgpCyRFmCBA+P6NnT3fyVsoQXh
uUUAoKNa+Rhqx4CDozJNzrUqHTJDfccH
=NdR8
-----END PGP SIGNATURE-----

From gillespie.jp at gmail.com  Wed Aug 27 21:46:19 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Wed, 27 Aug 2008 21:46:19 -0700
Subject: [Enigmail] Ubuntu and Windows (was re: tinyurl)
In-Reply-To: <48B4D9AA.3060004@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B17FF0.3030800@sixdemonbag.org>	<48B1A23B.2000200@galen.org.uk>	<48B21299.2070907@gmail.com>	<48B281D8.6080402@gmail.com>	<48B4D59B.9070704@gmail.com>
	<48B4D9AA.3060004@sixdemonbag.org>
Message-ID: <48B62D9B.1050609@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:
> James Gillespie wrote:
>> Is there anything you can do when booted to Ubuntu within Windows that
>> could destroy Windows? Is that something to worry about?
> 
> Swing a fire axe at your hard drive.

That might be another "reliable/guaranteed" cure for malware.

> That would probably do a realnumber on your setup.
> 
> Barring that, the answer is pretty much "no".
> 

Good! Thank you.

jg


- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki2LZkACgkQEbLUj7pltrBeFQCgmBFghojP+hl2X5tzR6D+PVIv
2RUAnAkJ9UmdhXuGj612NtRmnidImoOp
=doDD
-----END PGP SIGNATURE-----

From tspivey at pcdesk.net  Wed Aug 27 22:09:22 2008
From: tspivey at pcdesk.net (Tyler Spivey)
Date: Wed, 27 Aug 2008 22:09:22 -0700
Subject: [Enigmail] Quickly downloading keys from message body?
Message-ID: <20080828050922.GA27627@linux1.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello. From what I understand, when Enigmail says that I need to click
on the pen icon that's supposed to be there, it will automatically
search for (and possibly download) the key of the person in the From:
field. My screen reader can't find the icon, and I've looked in the
menus without finding the option that the icon sounds like (from google
searches) that it should perform. The closest that I've gotten is to
copy the From: address, open the key manager, and search for it there.
Is there an easier way to do this that I'm missing?

Thanks,
Tyler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki2MwIACgkQTsjaYASMWKSBywCfQ/4hz7DpF/kG4q7jSgSR90Hn
NiEAn3STqmROyVM+I+y1sYHiYQuUZdNi
=RUtp
-----END PGP SIGNATURE-----

From John at Mozilla-Enigmail.org  Wed Aug 27 23:10:21 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 28 Aug 2008 01:10:21 -0500
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <20080828050922.GA27627@linux1.lan>
References: <20080828050922.GA27627@linux1.lan>
Message-ID: <48B6414D.80105@Mozilla-Enigmail.org>

Tyler Spivey wrote:
> Hello. From what I understand, when Enigmail says that I need to click
> on the pen icon that's supposed to be there, it will automatically
> search for (and possibly download) the key of the person in the From:
> field. My screen reader can't find the icon, and I've looked in the
> menus without finding the option that the icon sounds like (from google
> searches) that it should perform. The closest that I've gotten is to
> copy the From: address, open the key manager, and search for it there.
> Is there an easier way to do this that I'm missing?

Include lines like these in gpg.conf

keyserver hkp://pool.sks-keyservers.net
keyserver-options auto-key-retrieve include-subkeys include-revoked

The two include-* keyserver options aren't required, just helpful.
With these two lines, GnuPG will attempt to automatically retrieve any key it
needs to verify a signature. Enigmail will only bother you if the auto-retrieve
fails to locate the required key.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/18bb9e50/attachment.bin>

From John at Mozilla-Enigmail.org  Wed Aug 27 23:18:07 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 28 Aug 2008 01:18:07 -0500
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B6414D.80105@Mozilla-Enigmail.org>
References: <20080828050922.GA27627@linux1.lan>
	<48B6414D.80105@Mozilla-Enigmail.org>
Message-ID: <48B6431F.5030201@Mozilla-Enigmail.org>

John Clizbe wrote:
> Tyler Spivey wrote:
>> Hello. From what I understand, when Enigmail says that I need to click
>> on the pen icon that's supposed to be there, it will automatically
>> search for (and possibly download) the key of the person in the From:
>> field. My screen reader can't find the icon, and I've looked in the
>> menus without finding the option that the icon sounds like (from google
>> searches) that it should perform. The closest that I've gotten is to
>> copy the From: address, open the key manager, and search for it there.
>> Is there an easier way to do this that I'm missing?
> 
> Include lines like these in gpg.conf
> 
> keyserver hkp://pool.sks-keyservers.net
> keyserver-options auto-key-retrieve include-subkeys include-revoked
> 
> The two include-* keyserver options aren't required, just helpful.
> With these two lines, GnuPG will attempt to automatically retrieve any key it
> needs to verify a signature. Enigmail will only bother you if the auto-retrieve
> fails to locate the required key.

You may also specify this (without the two include-* keyserver options) by
specifying the preferred keyserver in the lower text box on the Keyserver tab in
Enigmail's Advanced preferences.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/07e49b22/attachment-0001.bin>

From jmoore3rd at bellsouth.net  Thu Aug 28 05:07:59 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Thu, 28 Aug 2008 08:07:59 -0400
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B6414D.80105@Mozilla-Enigmail.org>
References: <20080828050922.GA27627@linux1.lan>
	<48B6414D.80105@Mozilla-Enigmail.org>
Message-ID: <48B6951F.3000600@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

John Clizbe wrote:

> Include lines like these in gpg.conf
> 
> keyserver hkp://pool.sks-keyservers.net
> keyserver-options auto-key-retrieve include-subkeys include-revoked
> 
> The two include-* keyserver options aren't required, just helpful.
> With these two lines, GnuPG will attempt to automatically retrieve any key it
> needs to verify a signature. Enigmail will only bother you if the auto-retrieve
> fails to locate the required key.

John has already mentioned the 'Advanced' Tab under Enigmail/OpenPGP
Preferences.  The lower box is for the Keyserver that should /always/ be
checked whenever a Signature from an unknown Key is encountered.  There
_will_ be times when the Key is not discovered there.  If You then click
the Pen icon in the lower Right corner then You will be given the option
to check other, pre-configured, Keyservers.  These Keyservers are the
Ones entered into the upper box on the Advanced Tab.  Try add the below
Line there:

pool.sks-keyservers.net, ldap://keyserver.pgp.com, hkp://keys.gnupg.net,
http://keyserver.gingerbear.net:11371/, ldap://keyserver2.pgp.com,

[NOTE: despite display wrapping; the above is all one line]

The 2 ldap Servers are the PGP GD which doesn't Sync with the hkp/sks
System.

The 'gingerbear' Server is operated by NSA & has _every_ Key in the
Universe!!   [JUST KIDDING!]

JOHN ;)
Timestamp: Thursday 28 Aug 2008, 08:07  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJItpUcAAoJEBCGy9eAtCsPKtsH/RD5UJZinD+sQASr2r+BSXW8
Ez7j36KFnuKvuwHJ8s6uJP+JcBb/e2cIxckB652rNa+Wu3IP3sDct9vcR7o2qNfg
Zt7rj2xZeQcJVpoEAVFqJKulN8tm3F3YVnKkVpNS8ekotPEKGT43B+p2tRF1sbu1
URWF76q3owD2+fz+mm5A2MopfnxipaBIS/PJGQvgv6nA9IrKiRALKw0SfHWs5M2v
HtIc8o8sJk3DepPnLCw8SQURRiL9k9pzh/JcYj0OYqTGibKzGwfctfJG5VbygB3X
rjI/OZPDHJEgSzEqaQQ30JSWSWG1ohRPjL1CcIvTOLFLV3rYXBTYYSorZnVDxlQ=
=y4Sj
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Thu Aug 28 05:33:45 2008
From: faramir.cl at gmail.com (Faramir)
Date: Thu, 28 Aug 2008 08:33:45 -0400
Subject: [Enigmail] Malware redux
In-Reply-To: <48B62CCC.30308@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>
	<48B62CCC.30308@gmail.com>
Message-ID: <48B69B29.4010000@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

James Gillespie escribi?:

> Is this an admission that formatting and installing a clean backup is
> neither a reliable nor a guaranteed solution to malware but only a half
> measure after all -- one that affords us no certainty that our system is
> ever under our control?

  Well... I must say I have never meet somebody that actually had a
close encounter with a virus capable of infecting the computer's BIOS...
however, I have seen a lot of times people having to format the hard
drive to get rid of an infection. So my example was a bit "extreme". But
that was my point... it is really hard to be 100% sure the system is
clean. But 99,9% is fine for most people.


> If so, it seems to me that Faramir's approach of weighing risks makes
> practical sense. You judge as best you can the condition of your system,
> the risks you are taking, the material and psychic costs of attempting
> to reduce the risks. You decide which tasks you are willing to trust to
> your computer at various levels of risk, and you decide what measures,
> if any, seem worth taking to increase the utility of your computer. You
> might decide to walk to the bank instead of logging in.

  I confess if I was a bank's CIO, probably I would chose Robert J.
Hansen's advice, and format the hard drive assap... but at my home
computer, I am willing to "fight" to avoid having to do that. However, I
know it is a fight I could lose...

> The risk, apparently, is always there. Tolerance to risk is a subjective
> thing, and the price we are willing to pay to mitigate it is a
> subjective decision that we all make. The better we know our systems,
> the more satisfactory to us will be our decisions.

  Yes, I agree... I "feel" I can tell when something is wrong in my
machine... but that is subjective... and, after all, since I use
Windows, it is very likely when "something is wrong", my problem is
caused by MS-Virus XP, and not by some random malware over there...

  Well, I think Robert J. Hansen's point was the most reliable way to
get rid of a virus, is by formating and reinstalling... and that should
be the option to take if you are using the computer for something very
important. And my point was, if the computer is for personal use, and
the risks are not catastrophic, maybe you can take other options...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJItpspAAoJEMV4f6PvczxAmdgH/2pDNOgJ+WYDS9gmDC/1DrN0
yG8Ys7RCGZs7N/C7q0NOGQ/8qTpqiaNm9s1/g7KgX5APGA99Ui0tdEX9GWHt0cnm
Nn9839Law5aXCVpdAohSlqffNblVQW+UkvbDrkc5WmU9VTmia53ZOtDLY0P8dGG9
odJxmxOxZfIQuM7NxmPS39Ow6eUwAKvYpYmb23uMlrzNZpGS119ESGrETHxzHmHb
98gZYuqjfgh9cpr/lf8KPYXdH0V3v4p1Ty109YXonbfCqV6QOEWHneWzuLk0fxWw
+KvZuua1RHzNrJy/iY8J3JuWRmaTzQo2XHkDbcn4rL8nVXsouSAYD/iNoIMzQls=
=AaFZ
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Thu Aug 28 05:49:30 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 28 Aug 2008 07:49:30 -0500
Subject: [Enigmail] Malware redux
In-Reply-To: <48B62CCC.30308@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>
	<48B62CCC.30308@gmail.com>
Message-ID: <48B69EDA.5010005@sixdemonbag.org>

James Gillespie wrote (quoting myself and Faramir):
>>> But, another scary thing: how can you know your system has not been 
>>> compromised? If a malware can avoid detection, and it doesn't cause 
>>> unexpected behaviour (lost of performance), we would never know we
>>> have a problem...
>>
>> Yep.  Welcome to the fields of ongoing research.
> 
> Are we talking here about Faramir's worry about the possibility of a
> virus infecting the bios?

No.  AFAIK, those are hypothetical at this point in time.

It referred to "how can you know your system has not been compromised?"
 That's an excellent question and one which is a very active field of
study, in both the private sector and in academia.

> If so, it seems to me that Faramir's approach of weighing risks makes
> practical sense.

Risk amortization always makes practical sense.  However, risk
amortization is really allergic to uncertainty.  In computer science we
talk about this under the phrase "reasoning under conditions of
uncertainty" and it's a _big_ subject (see, e.g., the Norvig AI book).

Reasoning under conditions of uncertainty is awful.  If you suspect you
may be infected, and suspect you may have the infection cleared, and
suspect you may be able to safely use your PC again, then should you use
your PC to handle sensitive traffic?

Well, if you were 99% certain of each, then you could say "there is a
one-in-a-million chance what I'm doing is stupid."  If you were 50%
certain of each, then you could say "there is an 88% chance what I'm
doing is stupid."  You might feel the one in a million was good; you
might feel the 88% was bad.  This is basic, elementary risk amortization.

But our gut feelings, our hunches, do not lend themselves to this sort
of concrete analysis.  If anyone were to tell me "my gut tells me I'm
99% safe", that's not analysis -- that's an attempt to rationalize a
prejudice.

If you can't place precise numbers, then you are stuck in a position of
great uncertainty.  "I feel at least 50% confident of each", okay, that
one maybe you could get away with.  That means there's between a 0% and
an 88% chance that what you're doing is stupid.  It doesn't help you much.

The way out of this briar patch is to take steps to do away with the
uncertainty.  "I believe this install DVD is good, because I purchased
it directly from the manufacturer and there have been no reports of it
shipping with viruses."  Okay, that's a reasonable assumption.

"I have low-leveled the drive and flashed the BIOS.  It is now entirely
naked.  There is no possibility of any executable code living on the
drive."  Okay, that's good -- no uncertainty here.

"I am unplugging the network cable and reimaging my hard drive from the
known good copy.  Assuming I am correct in that there are no viruses on
the install DVD, there will be no viruses on my PC."  Again, good -- no
uncertainty.

"I am applying the digitally signed updates which I have downloaded from
another PC and burned to a CD.  The signatures verify.  I am confident
these updates are authentic."  Again, good -- no uncertainty.

"Am I doing something stupid?"  Well... if you look at all of our
uncertainties, our only uncertainty is whether the original install DVD
was infected with a virus.

Compare this to the spectacular uncertainties of Faramir's approach.

Risk amortization is great, but it presupposes the risks are
quantifiable and can be manipulated according to the rules of
statistics.  In the absence of that, you're back to reasoning under
conditions of uncertainty -- in which case, your principal tool is
removing as much uncertainty as possible.



From rjh at sixdemonbag.org  Thu Aug 28 05:55:19 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Thu, 28 Aug 2008 07:55:19 -0500
Subject: [Enigmail] Malware redux
In-Reply-To: <48B69B29.4010000@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>	<48B62CCC.30308@gmail.com>
	<48B69B29.4010000@gmail.com>
Message-ID: <48B6A037.6070908@sixdemonbag.org>

Faramir wrote:
>   Yes, I agree... I "feel" I can tell when something is wrong in my
> machine... but that is subjective...

And crazy.

Between a quarter and two-fifths of desktop PCs are already hijacked,
according to Vint Cerf.  Given that number, I find all claims of "I can
feel when my machine is hijacked" to be specious.  Well-designed malware
is invisible.

Your default assumption when approaching a Windows machine needs to be
that it has been hijacked.  This is a rebuttable assumption, mind you,
in that you may be able to find evidence suggesting it has not been
hijacked -- but 40% of desktop Windows PCs are infected right now, and
it would be crazy for us to assume that we are somehow immune to this
simply because we think we are some kind of technological elite.

We are not immune.  We should always consider the disturbingly strong
possibility that our Windows machines have already been hijacked.



From tspivey at pcdesk.net  Thu Aug 28 06:47:43 2008
From: tspivey at pcdesk.net (Tyler Spivey)
Date: Thu, 28 Aug 2008 06:47:43 -0700
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B6951F.3000600@bellsouth.net>
References: <20080828050922.GA27627@linux1.lan>
	<48B6414D.80105@Mozilla-Enigmail.org>
	<48B6951F.3000600@bellsouth.net>
Message-ID: <20080828134743.GA28707@linux1.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think I understand. Here's what I think happens:
1. If I tell gpg.conf to auto retrieve keys, it'll check, for every message opened without the user having the
sender's key, for the key on the keyservers specified in gpg.conf and
import if found. This is good.

2. If the key is not found, I would be able to click the pen, if i could find the pen, to search the
keyservers listed in the advanced dialog. This makes sense; but
I can't find the pen. Can an option be made in the OpenPGP menu that will
call whatever the pen calls, for those of us who
are using screen readers, which don't seem to be able to find it?

Thanks,
Tyler
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki2rH8ACgkQTsjaYASMWKSUiwCgggTahtb1PgAnUO0zAsxUSs7+
cCUAn0b6OWnLnkz6g87mEXE3oZQ9LGqD
=YJOO
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Thu Aug 28 09:06:00 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 28 Aug 2008 10:06:00 -0600
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <20080828050922.GA27627@linux1.lan>
References: <20080828050922.GA27627@linux1.lan>
Message-ID: <48B6CCE8.5030302@gmail.com>

On 8/27/2008 11:09 PM, Tyler Spivey wrote:
> Hello. From what I understand, when Enigmail says that I need to click
> on the pen icon that's supposed to be there, it will automatically
> search for (and possibly download) the key of the person in the From:
> field. My screen reader can't find the icon, and I've looked in the
> menus without finding the option that the icon sounds like (from google
> searches) that it should perform. The closest that I've gotten is to
> copy the From: address, open the key manager, and search for it there.
> Is there an easier way to do this that I'm missing?

One way to do this would be to set up a keyboard shortcut using
the keyconfig extension available here:

http://mozilla.dorando.at/

After installation you can add a new key shortcut by selecting Keyconfig
in the tools menu.

Use this as the code for the new shortcut:

enigViewSecurityInfo();

Feel free to email me direct if you need help.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/ada9322a/attachment.bin>

From John at Mozilla-Enigmail.org  Thu Aug 28 09:43:40 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 28 Aug 2008 11:43:40 -0500
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B6951F.3000600@bellsouth.net>
References: <20080828050922.GA27627@linux1.lan>	<48B6414D.80105@Mozilla-Enigmail.org>
	<48B6951F.3000600@bellsouth.net>
Message-ID: <48B6D5BC.60405@Mozilla-Enigmail.org>

John W. Moore III wrote:
> Try add the below Line there:
> 
> pool.sks-keyservers.net, ldap://keyserver.pgp.com, hkp://keys.gnupg.net,
> http://keyserver.gingerbear.net:11371/, ldap://keyserver2.pgp.com,

keys.gnupg.net is just pgpkeys.pca.dfn.de (try http://keys.gnupg.net:11371)

It and keyserver.gingerbear.net are both usually members of the SKS pool (They
may or may not be included in the DNS A record. But checking them right after
checking another SKS server in the pool is likely to produce results.

Many, if not most, recon runs on my server return zero differences, ie, both
servers have _EXACTLY_ the same key database.

Listing just the generic pool.sks-keyservers.net is sufficient. Checking
additional SKS servers in the well-connected group is unlikely to produce
improved results.

The two LDAP PGP.com servers aren't duplicates though. LDAP servers usually
don't synchronize with other servers. I believe these two are the PGP Global
Directory as well as the legacy LDAP server in operation before that.

pgp.mit.edu is a good one to include here. I don't send my keys to it. but
*many* folks still do. Even with loading periodic keydumps from there to the SKS
servers, one may still find keys there that aren't on other servers.

> The 'gingerbear' Server is operated by NSA & has _every_ Key in the
> Universe!!   [JUST KIDDING!]

Oh yeah. I wish. I could probably get a Cray in the garage then, huh?

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/554cfd6a/attachment.bin>

From rbrtryn at gmail.com  Thu Aug 28 09:56:50 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 28 Aug 2008 10:56:50 -0600
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B6CCE8.5030302@gmail.com>
References: <20080828050922.GA27627@linux1.lan> <48B6CCE8.5030302@gmail.com>
Message-ID: <48B6D8D2.4000702@gmail.com>

Oops I didn't notice you were using mutt, I had assumed Thunderbird :-[
sorry.

For mutt I can't really help, but there might be similar keyboard
shortcut technique available.

Sorry for the confusion.
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/b7beb0e0/attachment.bin>

From John at Mozilla-Enigmail.org  Thu Aug 28 10:05:11 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Thu, 28 Aug 2008 12:05:11 -0500
Subject: [Enigmail] Malware redux
In-Reply-To: <48B69EDA.5010005@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>	<48B62CCC.30308@gmail.com>
	<48B69EDA.5010005@sixdemonbag.org>
Message-ID: <48B6DAC7.5060303@Mozilla-Enigmail.org>

Robert J. Hansen wrote:
> 
> "I am applying the digitally signed updates which I have downloaded from
> another PC and burned to a CD.  The signatures verify.  I am confident
> these updates are authentic."  Again, good -- no uncertainty.

Since much of this applies to, and many of the folk here are running, Windows,
here's a useful tool.

See http://www.heise.de/ct/projekte/offlineupdate/ (It's in German)

Older English story:
http://www.heise-online.co.uk/security/Do-it-yourself-Service-Pack--/features/80682)
Story refers to version 3.0 of the tool. Current release is 4.8.

The English version of the download area is here:
http://www.heise.de/ct/projekte/offlineupdate/download_uk.shtml

The tool is a script that will download for each OS version (2000, XP, 2003,
Vista/2008) and/or Office (2000, XP, 2003, 2007) release/language combination
ALL applicable updates from Microsoft and burn those updates to an ISO image
which may be transferred to a CD or DVD.  This disc may then be used to update a
fresh Windows install without having to connect to the 'Net. The finished update
packet can also be copied onto a USB stick, for example, or prepared for sharing
over a local network. (~700MB for XP)

Installation involves inserting/mounting the image and a double-click on
UpdateStarterGUI.exe to launch the installation of the updates on the target PC,
or simply insert a CD or DVD with one of the ISO images recorded on it (it will
start from the autoplay function). The installation of the missing components
and updates may require several reboots. The "Automatic reboot and recall"
option allows the script to shut down the PC on its own where necessary and then
resume work following the reboot - this is as easy as it gets.


-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/57f4cfec/attachment-0001.bin>

From tspivey at pcdesk.net  Thu Aug 28 10:21:51 2008
From: tspivey at pcdesk.net (Tyler Spivey)
Date: Thu, 28 Aug 2008 10:21:51 -0700
Subject: [Enigmail] Solved:  Quickly downloading keys from message body?
In-Reply-To: <48B6D8D2.4000702@gmail.com>
References: <20080828050922.GA27627@linux1.lan> <48B6CCE8.5030302@gmail.com>
	<48B6D8D2.4000702@gmail.com>
Message-ID: <20080828172151.GA29496@linux1.lan>

In mutt, all of this works great. I managed to find a solution to this -
it was there all along. The pen activates the view security info option
in the view menu, for anyone else who searches the archives and has the
same problem.

Thanks for the support,
- Tyler

From rbrtryn at gmail.com  Thu Aug 28 10:30:25 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Thu, 28 Aug 2008 11:30:25 -0600
Subject: [Enigmail] Solved: Quickly downloading keys from message body?
In-Reply-To: <20080828172151.GA29496@linux1.lan>
References: <20080828050922.GA27627@linux1.lan>
	<48B6CCE8.5030302@gmail.com>	<48B6D8D2.4000702@gmail.com>
	<20080828172151.GA29496@linux1.lan>
Message-ID: <48B6E0B1.1070303@gmail.com>

On 8/28/2008 11:21 AM, Tyler Spivey wrote:
> it was there all along. The pen activates the view security info option
> in the view menu

Well I learned something new. The same option is available in
Thunderbird, I just never noticed it before :-D
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080828/debda02e/attachment.bin>

From patrick at mozilla-enigmail.org  Fri Aug 29 04:45:34 2008
From: patrick at mozilla-enigmail.org (Patrick Brunschwig)
Date: Fri, 29 Aug 2008 13:45:34 +0200
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <20080828050922.GA27627@linux1.lan>
References: <20080828050922.GA27627@linux1.lan>
Message-ID: <48B7E15E.9060809@mozilla-enigmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tyler Spivey wrote:
> Hello. From what I understand, when Enigmail says that I need to click
> on the pen icon that's supposed to be there, it will automatically
> search for (and possibly download) the key of the person in the From:
> field. My screen reader can't find the icon, and I've looked in the
> menus without finding the option that the icon sounds like (from google
> searches) that it should perform. The closest that I've gotten is to
> copy the From: address, open the key manager, and search for it there.
> Is there an easier way to do this that I'm missing?

The "pen" icon was magically transformed into an envelope icon in
Thunderbird 2.0.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSLfhXXcOpHodsOiwAQIF+wf9GJ3mDjeXXquhZjI+4eP3SV93BDYf57Yh
15RAtfciKGJN6Y6tKaGCHx8vvk9HN7/usH+9VzkvtzeAIWcvDnwiFEmPZAj2p5mk
Gsu+4M1bnLCJz+NC7JzAOSBUfwgzihf/Dk+6pxJPL+yRlCe8x2zWaKMCwqRAMN5s
/FB1UFuQ+L2l0UeOHPqBLdk6870bDH0W7D5hHWQ7paIMTjkwH8rPB45+hvcKp8cp
BFbNmcLm8x7C3//NpHEmmzfQTlU0A3g9Y3hthqdDScCHGfxT6nT7Wzpw1YjqZwFC
t8Mp8mS6lIMpbOk/3lgA3HRo4nhZnwanu2fvuvCsL2Fj8P41mjuPaA==
=qMVx
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Fri Aug 29 04:50:25 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 29 Aug 2008 07:50:25 -0400
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B7E15E.9060809@mozilla-enigmail.org>
References: <20080828050922.GA27627@linux1.lan>
	<48B7E15E.9060809@mozilla-enigmail.org>
Message-ID: <48B7E281.3020607@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Patrick Brunschwig wrote:

> The "pen" icon was magically transformed into an envelope icon in
> Thunderbird 2.0.

In the Headers, Yes.  However, in the Lower Right Corner of the Window
the icons still appear as a 'Pen' & a 'Key'. :-

JOHN ;)
Timestamp: Friday 29 Aug 2008, 07:50  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIt+KAAAoJEBCGy9eAtCsPWxwH/2R3SfjKbtnF4FB1sb2qiUOW
x8jPjvA41RgC97w4oUD0pY8GTtnwmN6+Gm0xUHBzJSJWgKniSia2RdF2xLwNhpwo
IdvQo2MLrY7KqySR8hz0ktTX/rR1ux76UfZzTaTtk1mGesGfiU+dbI0GgRHxmGQu
nCWasF+6Du1Sge+jsCDVzTvObrzjX47BoPsll8OF1OpPJH+V3idjB2nBzoKrAnQt
2/AD0JJa88jBK+aJNh5z6liaREnSNtkr3kzUfcgxcegNwt3Zk25NjUeu1pcJSHoG
OI3vSNJaHg/rsCe85M61RvHzotLX4qT5zwY1btlk8jwxQdcFwgl/sjhegVirG8M=
=Dcfy
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Fri Aug 29 06:44:15 2008
From: faramir.cl at gmail.com (Faramir)
Date: Fri, 29 Aug 2008 09:44:15 -0400
Subject: [Enigmail] Quickly downloading keys from message body?
In-Reply-To: <48B7E15E.9060809@mozilla-enigmail.org>
References: <20080828050922.GA27627@linux1.lan>
	<48B7E15E.9060809@mozilla-enigmail.org>
Message-ID: <48B7FD2F.5090507@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Patrick Brunschwig escribi?:

> The "pen" icon was magically transformed into an envelope icon in
> Thunderbird 2.0.

  Just a note: I still see a pen in the lower right of the screen... a
small pen, and it seems to do the same function than the envelope...

 Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIt/0uAAoJEMV4f6PvczxAltQIAKmGSig5VdPXFs/DGZwhdYyB
EkwC/vxn4To/XbQn0+tYZHNQhm+mquUQxbmC3AYkJYk9Q7KrJ5iVKw6FE4xl810B
DeNSZLX9FiV7uPoo/kLy6L1ypt9VA8eLLWmbLLBV4G6IsYEsoGTqVUsAywB5Ly2o
L2YrF/DGGWplajKhafpCV7k57x2PGEPHBZ1G2IT0xWGKW+59oK84U/thkJAJcSUX
R/M3T7UjsfU0bG2ZteIw9Orxc6CjlSfoKjY0pfWUs8uocK1Ghp/71EVNuXBuMzKd
mMaDtQi/DKKcIpezNcpggP4wL9yau5sAFgFTp4j41EP/embtL0kRQHoti48/rz0=
=dLUK
-----END PGP SIGNATURE-----

From darylstyrk at gmail.com  Fri Aug 29 09:49:46 2008
From: darylstyrk at gmail.com (Daryl Styrk)
Date: Fri, 29 Aug 2008 12:49:46 -0400
Subject: [Enigmail] Hello World
Message-ID: <48B828AA.807@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all.  I have just finished setting up enigmail correctly I believe
and thought I would send out a test message.

If someone could please confirm if I have correctly set everything up I
would appreciate it.

Thanks,
Daryl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuCiqejxzjThnMmIRAsU7AKDSc9LRCqQ0iYv2MLPy0+3OEFAUcgCgpnC5
3xGJovMRG/NyVUGGxyASEBM=
=mxhD
-----END PGP SIGNATURE-----

From tspivey at pcdesk.net  Fri Aug 29 09:53:14 2008
From: tspivey at pcdesk.net (Tyler Spivey)
Date: Fri, 29 Aug 2008 09:53:14 -0700
Subject: [Enigmail] Hello World
In-Reply-To: <48B828AA.807@gmail.com>
References: <48B828AA.807@gmail.com>
Message-ID: <20080829165259.GA6108@linux1.lan>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Your message got received fine over here, and the signature successfully
verified.
- - - Tyler
On Fri, Aug 29, 2008 at 12:49:46PM -0400, Daryl Styrk wrote:
> Hi all.  I have just finished setting up enigmail correctly I believe
> and thought I would send out a test message.
> 
> If someone could please confirm if I have correctly set everything up I
> would appreciate it.
> 
> Thanks,
> Daryl
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki4KWsACgkQTsjaYASMWKQJ8ACgoXSq9dphaAopp+/5Y8cfFTEz
a1sAnjExYopxJII8Kf7QLvjMXjs/A60r
=VtZ4
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAki4KXoACgkQTsjaYASMWKRHnwCfUNbtj4VpG+SDRfLu7yBcjDKt
tbkAoK9uHOpiibPeVYDt5DcU4QApga/A
=qsFK
-----END PGP SIGNATURE-----

From rbrtryn at gmail.com  Fri Aug 29 09:56:29 2008
From: rbrtryn at gmail.com (Robert Ryan)
Date: Fri, 29 Aug 2008 10:56:29 -0600
Subject: [Enigmail] Hello World
In-Reply-To: <48B828AA.807@gmail.com>
References: <48B828AA.807@gmail.com>
Message-ID: <48B82A3D.2050506@gmail.com>

On 8/29/2008 10:49 AM, Daryl Styrk wrote:
> If someone could please confirm if I have correctly set everything up I
> would appreciate it.

UNTRUSTED Good signature from Daryl Styrk <darylstyrk at gmail.com>
Key ID: 0x38673262 / Signed on: 8/29/2008 10:49 AM
Key fingerprint: 1BAE 356F 64D6 EEB0 8C7B CC5D 7A3C 738D 3867 3262
-- 
Robert Ryan

I prefer encrypted, signed email :)
My PGP keys: http://tinyurl.com/5snkgq

===================================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 550 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/e484d188/attachment.bin>

From darylstyrk at gmail.com  Fri Aug 29 10:13:04 2008
From: darylstyrk at gmail.com (Daryl Styrk)
Date: Fri, 29 Aug 2008 13:13:04 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B82A3D.2050506@gmail.com>
References: <48B828AA.807@gmail.com> <48B82A3D.2050506@gmail.com>
Message-ID: <48B82E20.4040009@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thank you.

Aside from the general setup instructions (Quick Start Guide) any
suggestions for additional configurations or recomendations?

Daryl

Robert Ryan wrote:
> On 8/29/2008 10:49 AM, Daryl Styrk wrote:
>> If someone could please confirm if I have correctly set everything up I
>> would appreciate it.
> 
> UNTRUSTED Good signature from Daryl Styrk <darylstyrk at gmail.com>
> Key ID: 0x38673262 / Signed on: 8/29/2008 10:49 AM
> Key fingerprint: 1BAE 356F 64D6 EEB0 8C7B CC5D 7A3C 738D 3867 3262
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuC4gejxzjThnMmIRAtSPAKC3tW3AHwfxMhGKJDleSL8ElGCiWQCdGVcr
1zS2o1FdFmAoYshBqxyoqQs=
=VE0s
-----END PGP SIGNATURE-----

From post at lespocky.de  Fri Aug 29 10:23:47 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 29 Aug 2008 19:23:47 +0200
Subject: [Enigmail] Hello World
In-Reply-To: <48B82E20.4040009@gmail.com>
References: <48B828AA.807@gmail.com> <48B82A3D.2050506@gmail.com>
	<48B82E20.4040009@gmail.com>
Message-ID: <0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>

Hi Daryl,

> Aside from the general setup instructions (Quick Start Guide) any
> suggestions for additional configurations or recomendations?

You could check whether you want to use PGP/MIME instead of inline
signatures. Inline signatures are often problematic and deprecated
AFAIK. The only problem with PGP/MIME are Outlook Express users. OE
shows PGP/MIME signed messages empty with the message attached as one
and the signature as another attachment.

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/f87da565/attachment.bin>

From darylstyrk at gmail.com  Fri Aug 29 10:33:40 2008
From: darylstyrk at gmail.com (Daryl Styrk)
Date: Fri, 29 Aug 2008 13:33:40 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
References: <48B828AA.807@gmail.com>
	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>
	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
Message-ID: <48B832F4.4000802@gmail.com>

Hi Alex,

Using PGP/MIME will remove the below from the body of the message and
attach the signature as a file correct?

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> test
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFIt23pejxzjThnMmIRAmLAAJ4vTCt3jcNFhr0DaMeu7m2INAkHywCeMOKi
> ehvF+zBBUPHmH9lnzJA1ZQk=
> =PIAN
> -----END PGP SIGNATURE-----



Daryl




Alexander Dahl wrote:
> Hi Daryl,
> 
>> Aside from the general setup instructions (Quick Start Guide) any
>> suggestions for additional configurations or recomendations?
> 
> You could check whether you want to use PGP/MIME instead of inline
> signatures. Inline signatures are often problematic and deprecated
> AFAIK. The only problem with PGP/MIME are Outlook Express users. OE
> shows PGP/MIME signed messages empty with the message attached as one
> and the signature as another attachment.
> 
> Greets
> Alex
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/2b17d6bb/attachment.bin>

From jmoore3rd at bellsouth.net  Fri Aug 29 10:36:54 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Fri, 29 Aug 2008 13:36:54 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B828AA.807@gmail.com>
References: <48B828AA.807@gmail.com>
Message-ID: <48B833B6.8070100@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Daryl Styrk wrote:

> If someone could please confirm if I have correctly set everything up I
> would appreciate it.

UNTRUSTED Good signature from Daryl Styrk <darylstyrk at gmail.com>
Key ID: 0x38673262 / Signed on: 8/29/2008 12:49 PM
Key fingerprint: 1BAE 356F 64D6 EEB0 8C7B CC5D 7A3C 738D 3867 3262

Looks Good here.  When You get ready to 'test' Encryption feel free to
contact Me direct.

JOHN ;)
Timestamp: Friday 29 Aug 2008, 13:36  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIuDO0AAoJEBCGy9eAtCsPhJAIAISphCQYND4ODQum59pPKtLt
aZ/zEclB1U+G0KBfLNFwKHOuOr9XmaJwuylacxV7KVC2edPfKXcnlj9h1Wtf1P0p
CfSTWWUikrnA+FpvBSU0IyaHuec3HeutIYeX02YurUAlavlKoKzVaaPd9YzCG3MN
cQUwipq+yH5z1cDOMy20RQqM7adXr2tn5+GuV79QGqHPFrTaPd93ctH51QVrEhbx
y6ROGKBiTqHMnF6dPT+aa+N1tVvzCZtTmVlR8dKUZq00ojU11Pi5p1Y61Zt7mmSN
HfYcEY6FGfeEg8jBit8qrdYekOyY5dZzZWDLvOOMYFgZ5mGfeALIqY0Wjm/q/y8=
=kQCh
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 29 12:27:04 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 29 Aug 2008 14:27:04 -0500
Subject: [Enigmail] Hello World
In-Reply-To: <0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
References: <48B828AA.807@gmail.com>
	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>
	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
Message-ID: <48B84D88.5080209@sixdemonbag.org>

Alexander Dahl wrote:
> You could check whether you want to use PGP/MIME instead of inline
> signatures. Inline signatures are often problematic and deprecated
> AFAIK.

Inline signatures are deprecated only by people who swear by RFC3156.
Everybody else considers inline signatures to be _de rigeur_, and for
good reason.  MTAs are allowed to mangle attachments, to strip them, to
repackage them, whatever.  E.g., some mailing lists strip all
attachments, since spammers have been known to abuse attachments to
target mailing lists.

PGP/MIME signatures are a great idea from a theoretical POV.  From a
practical POV, they're failures.



From post at lespocky.de  Fri Aug 29 12:28:21 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 29 Aug 2008 21:28:21 +0200
Subject: [Enigmail] Hello World
In-Reply-To: <48B832F4.4000802@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
	<48B832F4.4000802@gmail.com>
Message-ID: <0ML25U-1KZ9dy0W39-0006KP@mrelayeu.kundenserver.de>

Hi Daryl,

> Using PGP/MIME will remove the below from the body of the message and
> attach the signature as a file correct?

Correct.

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/90069eae/attachment.bin>

From darylstyrk at gmail.com  Fri Aug 29 12:32:37 2008
From: darylstyrk at gmail.com (Daryl Styrk)
Date: Fri, 29 Aug 2008 15:32:37 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B84D88.5080209@sixdemonbag.org>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
	<48B84D88.5080209@sixdemonbag.org>
Message-ID: <48B84ED5.3040701@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well I hope this comment stirs up a friendly debate.  I have no idea
which option I would like to start using.

To MIME or not to MIME???

Daryl

Robert J. Hansen wrote:
> Alexander Dahl wrote:
>> You could check whether you want to use PGP/MIME instead of inline
>> signatures. Inline signatures are often problematic and deprecated
>> AFAIK.
> 
> Inline signatures are deprecated only by people who swear by RFC3156.
> Everybody else considers inline signatures to be _de rigeur_, and for
> good reason.  MTAs are allowed to mangle attachments, to strip them, to
> repackage them, whatever.  E.g., some mailing lists strip all
> attachments, since spammers have been known to abuse attachments to
> target mailing lists.
> 
> PGP/MIME signatures are a great idea from a theoretical POV.  From a
> practical POV, they're failures.
> 
> 
> _______________________________________________
> Enigmail mailing list
> Enigmail at mozdev.org
> https://www.mozdev.org/mailman/listinfo/enigmail
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuE7VejxzjThnMmIRAmmbAKC+H384DgbQkMynYOfjCZAZ4UXbNwCgj6VF
FCqYr9tt/oBQH3AfSAIJ8cM=
=UmrC
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 29 12:36:08 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 29 Aug 2008 14:36:08 -0500
Subject: [Enigmail] Hello World
In-Reply-To: <48B84ED5.3040701@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>
	<48B84ED5.3040701@gmail.com>
Message-ID: <48B84FA8.1070108@sixdemonbag.org>

Daryl Styrk wrote:
> To MIME or not to MIME???

There is a reason why Enigmail defaults to "do not use PGP/MIME for
signatures".

My generic advice on all things crypto: unless you know what you're
doing and why, stick with the defaults.  If you mess with the defaults
and things break, you get to keep both pieces.


From John at Mozilla-Enigmail.org  Fri Aug 29 13:30:33 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 29 Aug 2008 15:30:33 -0500
Subject: [Enigmail] Hello World
In-Reply-To: <48B84ED5.3040701@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>
	<48B84ED5.3040701@gmail.com>
Message-ID: <48B85C69.5040701@Mozilla-Enigmail.org>

Daryl Styrk wrote:
> Well I hope this comment stirs up a friendly debate.  I have no idea
> which option I would like to start using.
> 
> To MIME or not to MIME???
> 
> Daryl
> 
> Robert J. Hansen wrote:
>> Alexander Dahl wrote:

Or another question: To top-post or not?

Please don't.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/bb6864a9/attachment.bin>

From post at lespocky.de  Fri Aug 29 14:08:01 2008
From: post at lespocky.de (Alexander Dahl)
Date: Fri, 29 Aug 2008 23:08:01 +0200
Subject: [Enigmail] Hello World
In-Reply-To: <48B84D88.5080209@sixdemonbag.org>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>
	<48B84D88.5080209@sixdemonbag.org>
Message-ID: <0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>

Hi Robert,

> Everybody else considers inline signatures to be _de rigeur_, and for
> good reason.  MTAs are allowed to mangle attachments, to strip them, to
> repackage them, whatever.  E.g., some mailing lists strip all
> attachments, since spammers have been known to abuse attachments to
> target mailing lists.

Sounds like you want to be really sure, that your signature arrives on
the recipient side.

> PGP/MIME signatures are a great idea from a theoretical POV.  From a
> practical POV, they're failures.

My personal experience is the other way round. People are annoyed and
disturbed by inline signatures. An attached signature is noticed but
doesn't distract you from the content of the mail. If the MTA strips the
signature and the recipient wants to be sure the mail is from me: he
should ask. 90% don't care anyway and I don't disturb them with an
inline signature.

The other point has to do with verification. I have seen much more
signatures I could not verify which were inline than attached.

What are the reasons for defaulting to inline signatures despite of MTAs
stripping attachements?

Greets
Alex

-- 
***** http://www.lespocky.de *******************************************
Those who would give up essential Liberty, to purchase
a little temporary Safety, deserve neither Liberty nor Safety.
                                (Benjamin Franklin)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/3315a016/attachment.bin>

From rjh at sixdemonbag.org  Fri Aug 29 14:21:13 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 29 Aug 2008 16:21:13 -0500
Subject: [Enigmail] Hello World
In-Reply-To: <0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>
	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>
Message-ID: <48B86849.70304@sixdemonbag.org>

Alexander Dahl wrote:
> Sounds like you want to be really sure, that your signature arrives 
> on the recipient side.

If the message is important enough to warrant a signature, isn't it
important enough to ensure the signature arrives?

> My personal experience is the other way round. People are annoyed and
> disturbed by inline signatures.

This raises the obvious question of why you're bothering to sign
messages to them.

A signature has meaning if and only if it is:

(a) a correct signature
(b) from a validated key
(c) belonging to someone the checker trusts

If your correspondent is annoyed and/or disturbed by an inline
signature, the odds are very good your correspondent is neither
bothering to check the signature nor validate your key.  That makes the
signature worthless.  So why are you sending it?

> the recipient wants to be sure the mail is from me: he should ask.

And how will your correspondent be able to trust your response?  Calling
you up voice to get confirmation of the contents of each email seems
awful inconvenient: why wouldn't you just call the person directly anyway?

> 90% don't care anyway and I don't disturb them with an inline 
> signature.

This is not an argument for PGP/MIME.  This is an argument for using
per-recipient signature rules.

> What are the reasons for defaulting to inline signatures despite of 
> MTAs stripping attachements?

It's simpler.  It's supported by more MUAs.  There are more
implementations available.  Simplicity equals reliability and diversity.



From gillespie.jp at gmail.com  Fri Aug 29 17:53:01 2008
From: gillespie.jp at gmail.com (James Gillespie)
Date: Fri, 29 Aug 2008 17:53:01 -0700
Subject: [Enigmail] Malware redux
In-Reply-To: <48B69EDA.5010005@sixdemonbag.org>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>	<48B62CCC.30308@gmail.com>
	<48B69EDA.5010005@sixdemonbag.org>
Message-ID: <48B899ED.8050307@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robert J. Hansen wrote:
> James Gillespie wrote (quoting myself and Faramir):

>> Are we talking here about Faramir's worry about the possibility of a
>> virus infecting the bios?
> 
> No.  AFAIK, those are hypothetical at this point in time.
Well, it's good to know that bios infection has probably not yet been
detected.
> 

> "I am unplugging the network cable and reimaging my hard drive from the
> known good copy.

I don't think I have yet seen your reasons for your certainty that you
have a good copy of your hard drive. Does imaging software filter out
well-designed ("invisible") malware? Can we detect it in our AV and
spyware scans?

jpg
- --
James P. Gillespie

I prefer encrypted, signed e-mail.
My PGP keys: http://tinyurl.com/5z2hhj

===================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki4mekACgkQEbLUj7pltrBxgwCeOmKrzO/TThJdyWBrRkwf6sfL
e24AnjgwXrm3WJwOseTmXQtAv0M3kCME
=os7O
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Fri Aug 29 19:16:22 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Fri, 29 Aug 2008 21:16:22 -0500
Subject: [Enigmail] Malware redux
In-Reply-To: <48B899ED.8050307@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>	<48B62CCC.30308@gmail.com>	<48B69EDA.5010005@sixdemonbag.org>
	<48B899ED.8050307@gmail.com>
Message-ID: <48B8AD76.70508@sixdemonbag.org>

James Gillespie wrote:
> I don't think I have yet seen your reasons for your certainty that you
> have a good copy of your hard drive.

This is where heuristics -- or, as anyone outside of AR (automated
reasoning) calls it, wild guesses -- come into play.  Once you know
you've been hit, you look back at the first date the symptoms appeared.
 You look back through your logs to try to discover what the likely
infection vector was.  If you're able to find it, then you take the
image prior to the infection vector.  If you're not, then you say "we go
back two weeks" or "we go back four weeks" or "we go back six months" or
whatever the local policy is.

You have to balance the inconvenience of going back X days with the
possibility that X days is not enough to be safe.  Generally speaking,
you want to go back as far as your business can tolerate; and generally
speaking, management wants to go back as little as possible.  How far
you go back, therefore, depends almost entirely on how much political
clout you have with the organization.



From John at Mozilla-Enigmail.org  Fri Aug 29 19:48:04 2008
From: John at Mozilla-Enigmail.org (John Clizbe)
Date: Fri, 29 Aug 2008 21:48:04 -0500
Subject: [Enigmail] Malware redux
In-Reply-To: <48B899ED.8050307@gmail.com>
References: <48ACB90E.4080205@gmail.com>	<48AD84C6.2050506@bellsouth.net>	<48AE3D2C.7090304@gmail.com>	<48AE4142.6060801@bellsouth.net>	<48B0791B.3040700@gmail.com>	<48B092B8.4060206@bellsouth.net>	<48B0DC04.7020006@gmail.com>	<48B0E3B0.10606@bellsouth.net>	<48B17D8B.2000905@gmail.com>	<48B18553.8010607@bellsouth.net>	<48B209D2.8070205@gmail.com>	<48B28077.7000306@gmail.com>	<48B4D2D6.8050700@gmail.com>	<48B58C97.8040403@gmail.com>	<48B599FC.2070509@sixdemonbag.org>	<48B5AA81.3040304@gmail.com>	<48B5AD43.20506@sixdemonbag.org>	<48B62CCC.30308@gmail.com>	<48B69EDA.5010005@sixdemonbag.org>
	<48B899ED.8050307@gmail.com>
Message-ID: <48B8B4E4.2060201@Mozilla-Enigmail.org>

James Gillespie wrote:

> 
> I don't think I have yet seen your reasons for your certainty that you
> have a good copy of your hard drive. Does imaging software filter out
> well-designed ("invisible") malware? Can we detect it in our AV and
> spyware scans?

Imaging software makes no judgment about what it reads and writes.
It just copies.

Where one moves toward a degree of certainty is by following several of the
disciplined practices of IT administration: change control, "Golden" images,
_all_ user data separate from programs, granting the least privilege necessary,
etc...

It's a good deal of work, but it's possible and doable.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080829/abccf10e/attachment-0001.bin>

From bettina.funk at web.de  Sat Aug 30 03:30:58 2008
From: bettina.funk at web.de (Bettina Funk)
Date: Sat, 30 Aug 2008 12:30:58 +0200
Subject: [Enigmail] This is my first try with a signed email
Message-ID: <48B92162.6030501@web.de>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

my name is Bettina and I have to use PGP-encrypted mails for my
masterthesis, because the company I cooperate with uses it.

This is my very first try :)

I would really appreciate some help. So if there is anyone willing to
help me test Enigmail's encryption features, please don't hesitate to
answer to that mail.

Thanks and greetings from Germany,

Bettina
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuSFimHkADdP8sNcRAusCAJ4zPaOSCpjqrim0frznqO32qI38OwCg0smg
VI5DDhYFMXP87cGT026mhB8=
=ktK+
-----END PGP SIGNATURE-----

From bjtasker at btasker.me.uk  Sat Aug 30 04:18:06 2008
From: bjtasker at btasker.me.uk (Bernard Tasker)
Date: Sat, 30 Aug 2008 12:18:06 +0100
Subject: [Enigmail] This is my first try with a signed email
In-Reply-To: <48B92162.6030501@web.de>
References: <48B92162.6030501@web.de>
Message-ID: <48B92C6E.8040502@btasker.me.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1





Bettina Funk wrote:
> Hello,
> 
> my name is Bettina and I have to use PGP-encrypted mails for my
> masterthesis, because the company I cooperate with uses it.
> 
> This is my very first try :)
> 
> I would really appreciate some help. So if there is anyone willing to
> help me test Enigmail's encryption features, please don't hesitate to
> answer to that mail.
> 
> Thanks and greetings from Germany,
> 
> Bettina

Received here fine as per:

OpenPGP Security Info

UNTRUSTED Good signature from Bettina Funk <bettina.funk at web.de>
Key ID: 0xD3FCB0D7 / Signed on: 30/08/2008 11:30
Key fingerprint: E8A0 F866 6865 A29F 521C 3422 9879 000D D3FC B0D7

Feel free to send me an encrypted message if you wish

Bernard

Timestamp: Saturday 30 August 2008, 12:17 pm  GMT Daylight Time (+0100)
_______________________________________________
Enigmail mailing list
Enigmail at mozdev.org
https://www.mozdev.org/mailman/listinfo/enigmail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki5LG4ACgkQqPQ3uX5O/PflFACcDqcB+m7actXvQGGB9NEXO0bE
NeMAnieh/tAJX03ppCOtbp69EmjRqnoq
=XSmQ
-----END PGP SIGNATURE-----


From mlisten at hammernoch.net  Sat Aug 30 04:24:59 2008
From: mlisten at hammernoch.net (=?ISO-8859-1?Q?Ludwig_H=FCgelsch=E4fer?=)
Date: Sat, 30 Aug 2008 13:24:59 +0200
Subject: [Enigmail] This is my first try with a signed email
In-Reply-To: <48B92162.6030501@web.de>
References: <48B92162.6030501@web.de>
Message-ID: <48B92E0B.3030800@hammernoch.net>

Hi,

Bettina Funk wrote on 30.08.2008 12:30 Uhr:
> Hello,
> 
> my name is Bettina and I have to use PGP-encrypted mails for my
> masterthesis, because the company I cooperate with uses it.
> 
> This is my very first try :)

Seems you have set up all correctly, I was able to download your key
from one of the keyservers and check your signature:

UNTRUSTED Good signature from Bettina Funk <bettina.funk at web.de>
Key ID: 0xD3FCB0D7 / Signed on: 30.08.2008 12:30 Uhr

> I would really appreciate some help. So if there is anyone willing to
> help me test Enigmail's encryption features, please don't hesitate to
> answer to that mail.

As you're not subscribed: You might want to subscribe to the mailing
list (at http://www.mozdev.org/mailman/listinfo/enigmail), so that you
can receive other answers as well. Otherwise you have to read them in
the archives (http://mozdev.org/pipermail/enigmail/index.html)

HTH

Ludwig

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 542 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080830/9c8d274f/attachment.bin>

From jmoore3rd at bellsouth.net  Sat Aug 30 04:34:37 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sat, 30 Aug 2008 07:34:37 -0400
Subject: [Enigmail] This is my first try with a signed email
In-Reply-To: <48B92162.6030501@web.de>
References: <48B92162.6030501@web.de>
Message-ID: <48B9304D.7010602@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Bettina Funk wrote:


> This is my very

Congratulations!

UNTRUSTED Good signature from Bettina Funk <bettina.funk at web.de>
Key ID: 0xD3FCB0D7 / Signed on: 8/30/2008 6:30 AM
Key fingerprint: E8A0 F866 6865 A29F 521C 3422 9879 000D D3FC B0D7

> I would really appreciate some help. So if there is anyone willing to
> help me test Enigmail's encryption features, please don't hesitate to
> answer to that mail.

Sending Encrypted Message direct to You now.

JOHN ;)
Timestamp: Saturday 30 Aug 2008, 07:34  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIuTBMAAoJEBCGy9eAtCsPblIH/3lCUeUcZF2t1qtrmPULrERS
n5G6sXWEs4bU3PVtK3cQLvZi3FqNjj3Rm7ly/1/U8LxzpT3aRNqhkl+kSzLQGjNu
5rJwPGeXGjP7aefP24v/AWNmx6bTNmaYgwNBMBzmP4lABkM1sBUSMyOag+IFt7/L
1juMridFOiEe6FIs3uCRDA3U6WE5cCwaDcgBUne3Ii9Oh1YLE23rRwDgl09d0yUU
/OfYt35u61nL9NZcmQzIZ+s5zgWDbOI9+UwQ6DWmmHW4kP7SVY7fNj3eAy+TgJkj
rd7Xiyf7Tm0YKDCK4wXBN/n8aUspBjZgOz15n+6yUwYr1xKjAzs5bsob1lnm2Xg=
=p+Xm
-----END PGP SIGNATURE-----

From darylstyrk at gmail.com  Sat Aug 30 09:22:51 2008
From: darylstyrk at gmail.com (Daryl Styrk)
Date: Sat, 30 Aug 2008 12:22:51 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B86849.70304@sixdemonbag.org>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>
	<48B86849.70304@sixdemonbag.org>
Message-ID: <48B973DB.6020700@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Robert J. Hansen wrote:
> 
> If the message is important enough to warrant a signature, isn't it
> important enough to ensure the signature arrives?
> 

Wouldn't it be wise to sign and attempt to encrypt all mail?  If only
1/100 emails were signed and encrypted that seems to me like it would
stick out as something important and worth looking into.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIuXPbejxzjThnMmIRAplNAJ0bhtpSq/hv4z9l2jxWJt5dimko7wCgzzGb
RF2UCTjAvTLDcKvwxF9hHy8=
=GoHW
-----END PGP SIGNATURE-----

From ayush.cena at gmail.com  Sat Aug 30 09:40:13 2008
From: ayush.cena at gmail.com (Ayush Sharma)
Date: Sat, 30 Aug 2008 22:10:13 +0530
Subject: [Enigmail] Hello World
In-Reply-To: <48B973DB.6020700@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>	<48B86849.70304@sixdemonbag.org>
	<48B973DB.6020700@gmail.com>
Message-ID: <48B977ED.5030509@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Daryl,
> Wouldn't it be wise to sign and attempt to encrypt all mail? 

I would preferably not do that. ONLY Use it when you need it, don't
overdo it.
As a part of my Cryptography courses at the University, we learned
(still theoretically, but we are a paranoid lot) that the more you use
your keys for signing/encryption, the more you increase the chances of a
"hacker" trying to crack your key (completely or partially). Before
anybody counters me, I would still say that *it is still pretty far
fetched* as finding discrete logs over the given finite fields is pretty
huge (but its still possible...and as i said..i am kinda paranoid).
Moreover, if my friend is somewhere that he doesn't have his keypair,
and/or wouldn't want to use his keypair at the untrusted machine, AND it
is not that important for him to check for the appropriate verification
or for me to hide the contents, I tend not to use the
verification/authentication feature(s).
 If only
> 1/100 emails were signed and encrypted that seems to me like it would
> stick out as something important and worth looking into.

Well again, would you like it if you get an encrypted mail from your
pal, and you hurry home to check it. When you do read the mail, it says
something to the extent of "wanna grab a bite or something"...
IMHO everybody has their opinions, and I respect everyone's. I usually
prefer NOT to overuse the encrypted and signing feature unless required,
and have made a resolution of adding new subkeys.
Anyways, looking forward to subsequent inputs from the esteemed readers
of this list.
Wish everybody a relaxing weekend (and to the American readers, happy
Labour day in advance!)
Warm Regards,
- -Ayush
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: For keyID and its URL see OpenPGP message header

iQEcBAEBCgAGBQJIuXfsAAoJEGQLrmFLsPjBMqAH/38+EUB2t/nvVpsqi7S57Fy0
n2rsIx4xEBU3o8bbgP34nBQ9x39QuTfLUkp4WVab2VtVc4BZV29tP9zs1rPx25Tk
dSiL76RJid4+dEjgTupOCV5REyGD2CFD1lo9QH1/m0vTjw3z9wv0jZX+/zfPn+rL
+z9B85t1MD/mV79VZ7Q/VWUJRMPQpiUTKeWgzkVTzYOIUllvqE3fnHCZts7NBtST
171qO2IV8um129JJ24cHh0/AK1GqUOVC9XCX8vrp7oubl/RdaYvfdmMOdea+leIP
dsskgiJXo90WiH6qMhBCbq8o6pRLjnon/E87WnGNCAwJaJUPD6RluMwQNRDE56E=
=oyg1
-----END PGP SIGNATURE-----

From alaric at metrocast.net  Sat Aug 30 09:40:24 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sat, 30 Aug 2008 12:40:24 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B973DB.6020700@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>	<48B86849.70304@sixdemonbag.org>
	<48B973DB.6020700@gmail.com>
Message-ID: <48B977F8.2020000@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daryl Styrk wrote:
> 
> 
> Robert J. Hansen wrote:
>> If the message is important enough to warrant a signature, isn't it
>> important enough to ensure the signature arrives?
> 
> 
> Wouldn't it be wise to sign and attempt to encrypt all mail?  If only
> 1/100 emails were signed and encrypted that seems to me like it would
> stick out as something important and worth looking into.

1 in 100?  So, everything but the spam, then?  :)


As an ideal, it would be good if all mail were signed, yes.  Encrypting
all mail, particularly on mailing lists, presents severe technical
obstacles.  In either case, though, if you're encrypting and signing
mail to people who won't decrypt it and won't bother to check the
signature, just to be encrypting and signing it, you're fooling yourself.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAki5d/gACgkQ0DfOju+hMknmQwCgs7JGhq9wijLn8UJx3gMbiZ4Z
TDgAn22XF4WyEwW15T/S988euRqqg3NJ
=xim7
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sat Aug 30 10:27:04 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sat, 30 Aug 2008 13:27:04 -0400
Subject: [Enigmail] Hello World
In-Reply-To: <48B973DB.6020700@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>	<48B86849.70304@sixdemonbag.org>
	<48B973DB.6020700@gmail.com>
Message-ID: <48B982E8.8020704@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daryl Styrk escribi?:

> Robert J. Hansen wrote:
>> If the message is important enough to warrant a signature, isn't it
>> important enough to ensure the signature arrives?
> 
> Wouldn't it be wise to sign and attempt to encrypt all mail?  If only
> 1/100 emails were signed and encrypted that seems to me like it would
> stick out as something important and worth looking into.

  But... who would be looking into that message? NSA? FBI? Smersh? Or a
guy trying to sniff your credit card number? If my concern is the credit
card number, I would not care too much if it is just 1 encrypted message...

  Besides, there are very few people capable of receiving encrypted
messages... so it is not easy to increase the amount of encrypted
messages...

  Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIuYLoAAoJEMV4f6PvczxAm0MH/jcjuU0pPFW1geJcKmK+6W7n
Sptl+o2yw40IcY0VQ1d3h2mqXml+1gG3tetxNYWNjv6Gll9WnTZqtpzBaSszF2/x
EMsfylkye8/EpN8nFybO+XYNmrb5QY9S1c17g9JjCP9SQVfih9lbktd6Z7RlTrDS
z5giKKhnZKEh6GYKfg2PDvyM0rhGxaMVcGuaqKSRfJ+m6DYUqpgbdO/H3Ek2jnqa
B432LctqJfSghargYDq3iC/ca0wq838YTkFChFkqVnPMiRLh7LP9dP6sjwb+TTnJ
NDpjqLYldrD9Mjw2kOK5jijtGJ50onLBb0om/cJNDOKKrq5JBOq72zntGJLhUzM=
=DQdD
-----END PGP SIGNATURE-----

From rjh at sixdemonbag.org  Sat Aug 30 11:03:37 2008
From: rjh at sixdemonbag.org (Robert J. Hansen)
Date: Sat, 30 Aug 2008 13:03:37 -0500
Subject: [Enigmail] Hello World
In-Reply-To: <48B973DB.6020700@gmail.com>
References: <48B828AA.807@gmail.com>	<48B82A3D.2050506@gmail.com>	<48B82E20.4040009@gmail.com>	<0ML2xA-1KZ7hV0DE7-0003Iv@mrelayeu.kundenserver.de>	<48B84D88.5080209@sixdemonbag.org>	<0MKwh2-1KZBCU0MJE-00075S@mrelayeu.kundenserver.de>	<48B86849.70304@sixdemonbag.org>
	<48B973DB.6020700@gmail.com>
Message-ID: <48B98B79.8010807@sixdemonbag.org>

Daryl Styrk wrote:
> Wouldn't it be wise to sign and attempt to encrypt all mail?

Encrypting, yes.  Signing, no.


From elwoodzulu at gmail.com  Sat Aug 30 14:32:44 2008
From: elwoodzulu at gmail.com (mr mark)
Date: Sat, 30 Aug 2008 17:32:44 -0400
Subject: [Enigmail] help new visa
Message-ID: <48B9BC7C.5010606@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
please help need feedback
trying sys on Vista
cheers
m
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAki5vHwACgkQX36qKq23fYmtqQCeIb7xMleLpSSTckUndpvfJ1Sb
jT8An29ZiCZmGFQjApDvgqZ/3C5AFMVw
=ceTb
-----END PGP SIGNATURE-----


From alaric at metrocast.net  Sat Aug 30 17:12:22 2008
From: alaric at metrocast.net (Phil Stracchino)
Date: Sat, 30 Aug 2008 20:12:22 -0400
Subject: [Enigmail] help new visa
In-Reply-To: <48B9BC7C.5010606@gmail.com>
References: <48B9BC7C.5010606@gmail.com>
Message-ID: <48B9E1E6.6080500@metrocast.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

mr mark wrote:
> please help need feedback
> trying sys on Vista
> cheers
> m


OpenPGP Security Info

UNTRUSTED Good signature from mr mark <elwoodzulu at gmail.com>
Key ID: 0xADB77D89 / Signed on: 08/30/08 17:32
Key fingerprint: 3092 9CFE 751B 54A5 676B 46BB 5F7E AA2A ADB7 7D89


Looks like it's working fine.  Sorry to hear about the Vista.


- --
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAki54eYACgkQ0DfOju+hMkmYSwCgyuM3Fbe/pLr62w45JTnwtwk4
zgEAoO0LgNPC1gIv92XUwdz5MjQGR6Pn
=8UpA
-----END PGP SIGNATURE-----

From dwayne.allen at gmail.com  Sat Aug 30 12:16:03 2008
From: dwayne.allen at gmail.com (Dwayne Allen)
Date: Sat, 30 Aug 2008 14:16:03 -0500
Subject: [Enigmail] Hello
Message-ID: <48B99C73.9000803@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is a sample signed message
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAki5nHMACgkQi0e9OqGnyQp1tgCfRatcNpGJfXzKVBuvH7GrPU4c
4eEAnRXlkbbOxkY/rsjRs6ZRwCRAbQ9W
=ANgs
-----END PGP SIGNATURE-----

From elwoodzulu at gmail.com  Sat Aug 30 13:30:42 2008
From: elwoodzulu at gmail.com (mr mark)
Date: Sat, 30 Aug 2008 16:30:42 -0400
Subject: [Enigmail] test please help
Message-ID: <48B9ADF2.708@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
this is a test
please help just starting up on Vista

m
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iEYEARECAAYFAki5rfIACgkQX36qKq23fYmw6wCgwIYH+aUpLjKJyynkG8M3Bpq4
UI8AnAuR+yoF7DmifGRe5IQrlUmHTkfd
=Juvg
-----END PGP SIGNATURE-----


From jmoore3rd at bellsouth.net  Sun Aug 31 04:21:25 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 31 Aug 2008 07:21:25 -0400
Subject: [Enigmail] Hello
In-Reply-To: <48B99C73.9000803@gmail.com>
References: <48B99C73.9000803@gmail.com>
Message-ID: <48BA7EB5.5030101@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dwayne Allen wrote:
> This is a sample signed message

UNTRUSTED Good signature from Dwayne Allen <dwayne.allen at gmail.com>
Key ID: 0xA1A7C90A / Signed on: 8/30/2008 3:16 PM
Key fingerprint: 8BB3 869A B08D A9F2 7DE2 1047 8B47 BD3A A1A7 C90A

Looks Good!

JOHN ;)
Timestamp: Sunday 31 Aug 2008, 07:21  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIun6yAAoJEBCGy9eAtCsP7bgH/i0Q9Lxu6QQF53lj2bCe/5q9
am/3htA/MNqH7qgJYtmKZUyUlceifJe+RTSE09DnCPT0AhF4+JRhxT/LWAB3JF55
URtw6ydPLXdj/uhf/kjPuQOpYiDYSepod2mlAwubdYUIYtFRM8R6ca/PNs8v8izl
WTbePrkqX+MZiIStxbFf4ChCCrPSAJtwpyTzVdBqU8TGKMjO0MBIxCQ7tMSzLAIB
EsDFw6YWrBwn5z2gBw4s7/TTBwjeWhs/RgZLVHFJBwyl1ruD/5qvpB6DCNvgAmJk
7xTKjdwavr2hKTgdOVmC5atieMAk7g0I9X5jFSwO2NXOSBp8EsTwmf1O19z4i7A=
=JUzt
-----END PGP SIGNATURE-----

From jmoore3rd at bellsouth.net  Sun Aug 31 04:22:47 2008
From: jmoore3rd at bellsouth.net (John W. Moore III)
Date: Sun, 31 Aug 2008 07:22:47 -0400
Subject: [Enigmail] test please help
In-Reply-To: <48B9ADF2.708@gmail.com>
References: <48B9ADF2.708@gmail.com>
Message-ID: <48BA7F07.6000606@bellsouth.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

mr mark wrote:
> this is a test

UNTRUSTED Good signature from mr mark <elwoodzulu at gmail.com>
Key ID: 0xADB77D89 / Signed on: 8/30/2008 4:30 PM
Key fingerprint: 3092 9CFE 751B 54A5 676B 46BB 5F7E AA2A ADB7 7D89

Good Signature.

JOHN ;)
Timestamp: Sunday 31 Aug 2008, 07:22  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4818: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJIun8GAAoJEBCGy9eAtCsPN1UH+wWzXxG0mU4r5yoZ5CBD+sif
6RUKPkpm6jQKOtkEkqc+yO93/Ht8Rl1DmopRCbacYRlU3tF8Sa0LNJzu1g9EMQHu
IvFNaonLiXHGpV7RhrxYptiI9cXBFDNgmwUcUNvAWzsLfBjpTRE4hcWrPN+MUFng
/QItt3fZlBbhp79lpXLbBfoYX6wBBkxvwylPytoprF2REw3fsQadzOgREcEy57HQ
73YKfq5kru8gs64EPfyMT+4pf7sRKSNeW11BPGmYZpSOonMxQgMQx/18rQG+XFhu
8/lG3X+bt5rrJqR7/ub/JLHCUo9/rtkB0sHqNAxKiiwt4bDeraw5ZuWVGz6sokE=
=DS2P
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sun Aug 31 04:49:31 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sun, 31 Aug 2008 07:49:31 -0400
Subject: [Enigmail] test please help
In-Reply-To: <48B9ADF2.708@gmail.com>
References: <48B9ADF2.708@gmail.com>
Message-ID: <48BA854B.8030009@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

mr mark escribi?:
> this is a test
> please help just starting up on Vista
> 
> m

Informaci?n de seguridad OpenPGPSIN CONFIANZA La firma de mr mark
<elwoodzulu at gmail.com> es correcta
Id de clave: 0xADB77D89 / Firmada el: 30-08-2008 16:30
Huella de la clave: 3092 9CFE 751B 54A5 676B 46BB 5F7E AA2A ADB7 7D89

 Translating to english: Security info OpenPGP The signature of mr mark
is right. Untrusted (that is because I don't know you, so I have not set
it as trusted).

 Best Regars
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIuoVLAAoJEMV4f6PvczxArmMH/2DqI7KD/YCN8bt1OGOAm6H/
A65iH5C++OFxhiFD8g3TulTQLjkPKZQE8/51vtAEAgtWs0YGp36o5DJvd995OuyC
j4jOA34nlj503kOlfUjIfNvM/MWANG+hwh9QBDjuk0uEdjKzDxLSZSK7IfJQyusB
LFrWZbmX9noyiecO7VBoCiKnF26flQWzeMn3ClCDsEMVr4xOw8Zm69a9TZlRnQnV
zSljZwWV+ZuSTmNjFoSgPDa7ZtbYpB/hFAnRcIo26Tl4vbs9PTLl1BxAiPzXoii4
poUmdcrN+5W6eKpnsis7jK+fWYqHlWjRUslQaiUl5CN0Uc/Yr12F9QQegoh9z4s=
=lM7l
-----END PGP SIGNATURE-----

From faramir.cl at gmail.com  Sun Aug 31 06:39:53 2008
From: faramir.cl at gmail.com (Faramir)
Date: Sun, 31 Aug 2008 09:39:53 -0400
Subject: [Enigmail] Hello
In-Reply-To: <48B99C73.9000803@gmail.com>
References: <48B99C73.9000803@gmail.com>
Message-ID: <48BA9F29.5050404@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dwayne Allen escribi?:
> This is a sample signed message

  The signature is good

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIup8pAAoJEMV4f6PvczxAvfEIAJy3JV23xfsCZyrTXDeD8ZMT
PE5Tcxn+u79PbjnfK2fktq5/puAhbeGmo39rvC1bR8OcnccbecjeQIyqZRYRhfSl
62K+veOlUf0JKuPxUwKUX7IJzS2gaSN1UmdSWKen7XldUG7cf/bo7JM7l+DJxnbY
O8W3yFp9KhkWkGJwLx0NfgKasjbTpmbtDMz5pKLJQvM/hFtOEyXe9oxNt2Oa9jzh
+tQ7MXekG1aBzrarJggNLJdb+kSTknv+6RR887bYx9tyrO2M0wvbgz4C7Tiiy8Cw
MPOUiX9VKklz3158rSFqXh9xShrX4+DFRPg3QSlUIE5wv+yxbMrD2tkwtppuayQ=
=8FjW
-----END PGP SIGNATURE-----

From rasmith1959 at yahoo.com  Sun Aug 31 07:13:43 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Sun, 31 Aug 2008 09:13:43 -0500
Subject: [Enigmail] test please help
In-Reply-To: <48B9ADF2.708@gmail.com>
References: <48B9ADF2.708@gmail.com>
Message-ID: <48BAA717.4030303@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
mr mark wrote:
> this is a test
> please help just starting up on Vista
>
> m
OpenPGP Security Info

UNTRUSTED Good signature from mr mark <elwoodzulu at gmail.com>
Key ID: 0xADB77D89 / Signed on: 8/30/2008 3:30 PM
Key fingerprint: 3092 9CFE 751B 54A5 676B 46BB 5F7E AA2A ADB7 7D89

Looks like it's working to me...

- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQIcBAEBAgAGBQJIuqcXAAoJEG7cp55ZD5UOMJUP/3JhecgLgGyRl4OifzMyFlMm
+0KyGTdBnE7PY+2V9LKvOTZMLxVUFCL1x4RFgTR86sPsOrh30+ynlpMvK8xOjCTT
QEhT4qsnW0I2yub/F4nrY26fNLPgbw0fLwp/quRVpsH+j8Ab9X1GGKMYu/cCXXs7
1JHmu5oh3aJNMXpook9j/f/Q87tPY2aKsQPM8cJ3mSJ0gBXpRWERRZB2yPP7XAq1
MlHfzomjF7BuaWHK4zFr5Z+c7ixOSWy0oQKqHP4D/XHNm9G8+D1d58TfSXmuDjLd
jMizfa23CURpgKq90ly91OvBhdVdpU9TBAdGRcsILdIRhQ84WFmFccEvJ4waEYAw
wM75RWi+OfbU89GVsLsJfdOr8nBAIdXHq4VE+QNhQDBZ5fZVjsrT6oHcWXXqwaz1
xF5+z4f2nLyWmWRaNoqkaxC42tuzJfk8SJHdytNTHLuDZjQdSoG610y0XDFAnITW
tQrz4f+B0jpJUYb7M1wmPAWsEneSTSVPTw11huktsKJf+AanIRc6Z6XEiK9E2XCE
5oaSUFFF16W7jjdIltumEC6LgKIklwgTVM2OhMiLuKCSlrcc/tgtJES6O4flLMyU
9dmBjAhmNfiy/LKEKFWmWsvq4pAEZmwxMENLG7lE7axwuOaaXxk5ye8dI8rWsVM0
JwzGvIiS1XhLjQCH3H9X
=iinE
-----END PGP SIGNATURE-----


From rasmith1959 at yahoo.com  Sun Aug 31 07:14:55 2008
From: rasmith1959 at yahoo.com (Roy Smith)
Date: Sun, 31 Aug 2008 09:14:55 -0500
Subject: [Enigmail] Hello
In-Reply-To: <48B99C73.9000803@gmail.com>
References: <48B99C73.9000803@gmail.com>
Message-ID: <48BAA75F.1030506@yahoo.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Dwayne Allen wrote:
> This is a sample signed message
OpenPGP Security Info

UNTRUSTED Good signature from Dwayne Allen <dwayne.allen at gmail.com>
Key ID: 0xA1A7C90A / Signed on: 8/30/2008 2:16 PM
Key fingerprint: 8BB3 869A B08D A9F2 7DE2 1047 8B47 BD3A A1A7 C90A

It's working!

- --


Roy Smith


I use Firefox because I want to use software that complies
with Web standards.  See <http://www.mozilla.org/>.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iQIcBAEBAgAGBQJIuqdfAAoJEG7cp55ZD5UOCkEP/0HtqSLcEc26QH0Mx87NLTR+
rp5Y3HriZev31OOZ82ZfRcTdrPbdlNta/NI3bS5uKt3RnslwPfHvSSFJpL0E3xNl
K0P47c8oG/q5jqZLS1dHEXYP4R6zrl4i+9IfBKyBIgBGpSDE5otET+KSGCFB2Mg+
94PdQXBtgdWb2BV8fA82yFk046ikTjxZf0BqLHs4MhQHY6Xtjrf+ph5JRjgS5aA6
IwFugTZ3w+m1zZa8cQundROY1q24LBZ787OlQdh432cC9Aj2m9/Ao73jYUVFG36I
Fx1Jfap8PuKjLSKK+fHpUxpmhp4EVbQB6B6iuS7eOcx0z4WUFuAKYZU5h8KO7+QJ
slbpi74EqENWU67lXK3Y0WaMp9uQPiOiQHaJx2T5wuiSYeNZ8qEw6OkfrfDIuzXO
E1Rk89upVRq8TxAXEiAaUuE63S/tRkya8cwMzYSz2BM72oG+KiE9MZBtYz3xegus
P0ZzcLUlFhaGVQmsgMn4oH1rtbBYJtyybt894CoWNVsll/cuAzTZpQLqScjEYs01
gsNvumDxcpDHmnJfDQZqmUWmCGFB/ey9f/+Afa28gP2TZXHTUiqUdJqWXhm+xCl5
SC9NU7dBX86p8bqCBjKgx2bz+iuP3sc4HM4XI0Mf77L0ZH/3rLZs1nq6EvonVW3s
ihrlcNuv60/HVrexB72S
=6ZpX
-----END PGP SIGNATURE-----