Hi everyone, I keep noticing several encrypted emails flying back and forth on the WLUG listserv. It occurred to me that we haven't done a PGP keysigning party in a couple of years - maybe we're due for another? It could also be a way to introduce some new student members to the group. Ian (from mobile device)
Ian, That would be a fantastic idea. I think part and parcel with doing the Keysigning should be a presentation on how to *actually* use the PGP key you've now created... How do you integrate your key into gmail / etc. Tim. On Fri, Jan 24, 2020 at 8:29 AM Gelman, Ian S. via WLUG <wlug@lists.wlug.org> wrote:
Hi everyone,
I keep noticing several encrypted emails flying back and forth on the WLUG listserv. It occurred to me that we haven't done a PGP keysigning party in a couple of years - maybe we're due for another? It could also be a way to introduce some new student members to the group.
Ian (from mobile device) _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org
-- I am leery of the allegiances of any politician who refers to their constituents as "consumers".
Right, you have to create your key and submit it to the organizers BEFORE the actual keysigning meeting, so that at the keysigning other people will have a copy of your public key fingerprint to compare with the copy of your key that they later download or get emailed to them. So we should have a PGP meeting first, then a keysigning party the next month or whatever. Here's my ancient slides on the topic, but if someone else wants to update this, feel free: http://www.wlug.org/files/pgp-slides/ Using "caff" is a good idea: https://wiki.debian.org/caff https://wiki.debian.org/Keysigning https://wiki.ubuntu.com/KeySigningParty On Fri, Jan 24, 2020 at 11:08:03AM -0500, Tim Keller via WLUG wrote:
Ian,
That would be a fantastic idea. I think part and parcel with doing the Keysigning should be a presentation on how to *actually* use the PGP key you've now created... How do you integrate your key into gmail / etc.
Tim.
On Fri, Jan 24, 2020 at 8:29 AM Gelman, Ian S. via WLUG <wlug@lists.wlug.org> wrote:
Hi everyone,
I keep noticing several encrypted emails flying back and forth on the WLUG listserv. It occurred to me that we haven't done a PGP keysigning party in a couple of years - maybe we're due for another? It could also be a way to introduce some new student members to the group.
"Tim" == Tim Keller via WLUG <wlug@lists.wlug.org> writes:
Tim> That would be a fantastic idea. I think part and parcel with Tim> doing the Keysigning should be a presentation on how to Tim> actually use the PGP key you've now created... How do you Tim> integrate your key into gmail / etc. All I've ever heard about PGP signing emails is "Don't", even from the PGP creator, supposedly. But maybe I'm wrong and someone giving a good presentation (any CS classes on security who would be interested in joining for this talk?) would be nice. I've never found a personal need for this myself.
The argument for pgp signing your emails is that it makes it harder for others to spoof your email address. If I send you an email signed with my private key and the public version of my key is a place where your email client can access it, your email client can validate that the email originated from me. John> I've never found a personal need for this myself. Lucky you that you've never had your email address harvested from a public list and then used to spam lots of people... Tim. On Mon, Jan 27, 2020 at 2:30 PM John Stoffel <john@stoffel.org> wrote:
"Tim" == Tim Keller via WLUG <wlug@lists.wlug.org> writes:
Tim> That would be a fantastic idea. I think part and parcel with Tim> doing the Keysigning should be a presentation on how to Tim> actually use the PGP key you've now created... How do you Tim> integrate your key into gmail / etc.
All I've ever heard about PGP signing emails is "Don't", even from the PGP creator, supposedly. But maybe I'm wrong and someone giving a good presentation (any CS classes on security who would be interested in joining for this talk?) would be nice.
I've never found a personal need for this myself.
-- I am leery of the allegiances of any politician who refers to their constituents as "consumers".
It's also used heavily in FOSS development to verify authenticity of developer communications. On Mon, Jan 27, 2020 at 02:38:47PM -0500, Tim Keller via WLUG wrote:
The argument for pgp signing your emails is that it makes it harder for others to spoof your email address.
If I send you an email signed with my private key and the public version of my key is a place where your email client can access it, your email client can validate that the email originated from me.
John> I've never found a personal need for this myself.
Lucky you that you've never had your email address harvested from a public list and then used to spam lots of people...
Tim.
On Mon, Jan 27, 2020 at 2:30 PM John Stoffel <john@stoffel.org> wrote:
> "Tim" == Tim Keller via WLUG <wlug@lists.wlug.org> writes:
Tim> That would be a fantastic idea. I think part and parcel with Tim> doing the Keysigning should be a presentation on how to Tim> actually use the PGP key you've now created... How do you Tim> integrate your key into gmail / etc.
All I've ever heard about PGP signing emails is "Don't", even from the PGP creator, supposedly. But maybe I'm wrong and someone giving a good presentation (any CS classes on security who would be interested in joining for this talk?) would be nice.
I've never found a personal need for this myself.
Tim> The argument for pgp signing your emails is that it makes it Tim> harder for others to spoof your email address. Yes. I understand that aspect. Iwas (poorly) talking more to the usability aspects of PGP signing emails. The tools make it hard and annoying from what I see. Tim> If I send you an email signed with my private key and the public version of my key is a place Tim> where your email client can access it, your email client can validate that the email originated Tim> from me. John> I've never found a personal need for this myself. Tim> Lucky you that you've never had your email address harvested from Tim> a public list and then used to spam lots of people... Well, my personal email is from a server I control with SPF setup properly, so it's harder to fake stuff from em without it automatically getting binned as spam. Which is a good thing. It's not perfect of course...
participants (4)
-
Anderson, Charles R -
Gelman, Ian S. -
John Stoffel -
Tim Keller