[X-Unix] PGP funkiness...

Eric Crist ecrist at secure-computing.net
Fri Oct 8 20:45:48 PDT 2004


On Oct 8, 2004, at 10:35 PM, Pedro fp wrote:

> On 09/10/2004, at 11:49 AM, Eric Crist wrote:
>
>> Unless I'm misunderstanding things, this _is_ a list for people to 
>> discuss the Unix side of Mac OS X, correct?
>
> Sure. But then if you want to hinge an argument on that MacGPG is 
> Unix, PGP is not.
>
>>  That leaves two options for those that have a problem with this:
>> 1) filter out my mail
>> 2) live with it.
>
> Or you could ...
> a/ Switch to MacGPG [the Unix option after all] which does not sign 
> using attachments.
> b/ Choose not to sign messages to lists like this.
>
> Expanding on b there ...
> I don't know any compelling reason for routinely signing messages to 
> lists like this. I signed my earlier message to make the point stated 
> in a & won't sign this one. After all, most listers don't know who I 
> am to begin with & there's nothing at stake in confirming that it's me 
> sending the message. AFAIK any combination of PGP/GPG & Mac email 
> client allows you to choose whether to sign mails on a per mail basis 
> [certainly every combination that I've ever encountered does] even 
> though you will have a default set one way or the other. In the case 
> of my combination of Mail.app & MacGPG there's a toolbar icon showing 
> the state for the current message. When I want the other state I click 
> that icon & it switches, easy as that.
>
> On 09/10/2004, at 7:27 AM, Justin Herald wrote:
>
>> Really, i just wish Apple would come out with their own version to 
>> get rid of all this trouble and have it fully integrated with OS X.
>
> We're closer now than with X.0 & X.1. Back then no support was built 
> in, today Mail.app has support for PGP/GPG built in [& as one lister 
> pointed out Apple endorses MacGPG] even though you have to add the 
> software yourself. Personally I'd like Apple to leave MacGPG with the 
> open source Unix geeks who're doing a fine job with it but bundle 
> their work on OS X install CDs.
>
> Cheers, Pedro :-)

I sign my messages because there are many people out there who DO know 
me, and have my signature to verify against.  You don't end up in this 
community for many years without having people know you.  You're right, 
it's easy to not sign my messages.  My point is that I'm signing my 
messages by choice, not only that, but I _am_ currently using MacGPG, 
which _does_ have the ability to use MIME:application/pgp-signature 
attachments.  If you read up on the MacGPG site, they mention that 
there are many mailers out there that do not understand MIME 
attachments correctly, which I've already mentioned.

As far as the Apple support of MacGPG, I wish they would create a 
handler for mail encryption or other parsing type activity, similar to 
many unix mail clients such as Mutt, Pine, and Kmail.  If there was a 
specific API for that functionality, it would make life much easier in 
the development area for such plug-ins.

My $.02
-----
Eric F Crist
Secure Computing Networks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
Url : http://listserver.themacintoshguy.com/pipermail/x-unix/attachments/20041008/eaf63cd6/PGP.bin


More information about the X-Unix mailing list