[Enigmail] Newbie

Sun Apr 26 05:03:50 PDT 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Duke Hound wrote:

> I am a relative newbie to PKI.  I set up thunderbird/gnupg/enigmail
> today and all seemed to work.  Yeah.

Congratulations!  Should You feel an urge to 'practice' using Enigmail
and/or encryption feel free to write Me directly.  :)

> 1)  With this set up there doesn't seem to be a certificate.  Is there
> one in the background? (I suppose not, b/c that would mean I issued my
> own certificate...is this why gnupg has the sign a public key?)  When I
> sign a key, am i essentially letting everyone on the public key network
> know that I trust this public key and in a way being a certificate
> authority or is this signature only for me locally?

OK, basically 'Certificate' & Key are interchangeable terms in this
context.  Yes, if/when You 'Sign' a Key with an exportable signature [as
opposed to a Local Signature] You are effectively publishing/expressing
Your faith/trust in the validity of the Key & the information it
contains.  I suggest that You only use Local Signatures in the beginning
until You have become more familiar [comfortable?] with the concepts of
Web of Trust [WoT], Trust Models, etc.  A Local Signature exists _only_
on Your Keyring and is exported or shared when You work with the Key.
[hence the term 'Local'  ;) ]

> 2) gmail (online client) does not play nicely with GNUPG signatures.
> Does gmail (online client) play nicely with verisign Class 1 Digital ID
> signatures?

- From the Web interface none of the WebMail services are particularly
kind to Encryption.  This is due to a lot of reason but basically the
main reason is that Web Mail is enamored of HTML and inline Encryption
works best with Plaintext.  If You access any of the Web Mail Services
using Thunderbird with the correct Settings You should experience no
problem.   The same is True with using x.509 [S/MIME] via Web Mail.
IIRC, there is an Extension/Add-On available for Firefox/SeaMonkey
Browsers that facilitates the use of S/MIME from within the Gmail Web
screen.

> 2a) If the answer to 2) is no.  Do any common online email clients
> gmail.com, yahoo.com, aol.com, etc play nicely with gnupg or verisign
> email signatures?  Is there any progress being made to standardize this
> process so that that my choice of signature infrastructure
> (thunderbird/gnupg/enigmail) can be made without considering the
> technical setup  and understanding of my email recipients?

Aye, here's the rub; some 'understanding' is necessary, if only to
possess their Key.  If Your recipient has a Public Key for either
PGP/GPG or x.509 [S/MIME] then the assumption must be made that They
also have the skills & ability to Decrypt messages sent to them.
Additionally, do not use PGP/MIME with any recipient until You have
verified with Them that their MUA [Mail Client] can handle this format.
 Some can but many can't.  Using Enigmail You may rest assured that Your
MUA _can_ handle PGP/MIME.

Standardization?  Well, other than Outlook 97 I have not seen any MUA
that cannot Encrypt/Decrypt using S/MIME. [PKI x.509]  In order to
utilize OpenPGP most MUA's will require the installation of any OpenPGP
[PGP, GPG] Application, a GUI for the PGP/GPG App or familiarity with
Command Line operations] & a basic understanding of "how things work."

HTH

JOHN ;)
Timestamp: Sunday 26 Apr 2009, 08:03  --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10-svn4987: (MingW32)
Comment: Public Key at:  http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage:  http://tinyurl.com/yzhbhx

iQEcBAEBCgAGBQJJ9E2kAAoJEBCGy9eAtCsPqgwIAIT3glNA5bldywvfPo/VS1jJ
jUkm4zjtVy1I0NUzEJlw5d9gXj60MoDTeIsU6KuyCUU8bq46lrXdj3s7bQ22XIL/
BUXa+Z+RXm4xnkB/hnRg48PoiIaOCmBWTdPuISsFGdho/043W7PI6GZ4p1RZQX+P
w/oQAbkxCTOV8O5LKm8xnQNZhcQpKHiMOSE97e03Z+0WwtSYHfOxlb+3KsFknOP2
EnFd/GFPKrSAA1qmFHCaEh4S8IHcop4xxXLsCUFyxCCLcWhy0o5Ldob8bQ3aHMmv
93OYvPpREelmb65E/nJrTV+P/mmBqgzgHlsFWw/Y69phpCmNKyV7EDrYW2G+eT0=
=zE0m
-----END PGP SIGNATURE-----