Re: Safe e-mail?
From: Jean-David Beyer (j_at_d.b)
Date: 10/22/03
- Next message: Evan Cooch: "Re: RedHat query | version availability"
- Previous message: Jean-David Beyer: "Re: Newby Question: Apache on Linux 7.1"
- In reply to: Newbie: "Re: Safe e-mail?"
- Next in thread: Newbie: "Re: Safe e-mail?"
- Reply: Newbie: "Re: Safe e-mail?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 22 Oct 2003 14:41:41 -0400
Newbie wrote:
> Nedavno Jean-David Beyer piše:
>
> | > I asked if i can use GnuPG for encryption, and got a confirming
> | > e-mail. Now I am wondering how do I knew that person I an
> | > communicating with is not someone that intercepted my first e-mail.
> | > I read some how-to's, and manuals, and it seems to me that maybe it
> | > has something to do with a"web of trust". How does that work in
> | > reality? How do I knew that someone on the other part of the world,
> | > that I am communicating for a first time is the person he claims to
> | > be? In my case he does have email address kjgrohmann at
> | > scw-media.de, and their web site is www.scw-webshop24.de, so it
> | > looks OK...
> |
> | I wish you had not set the type face so small: I can hardly read this.
>
> I do not understand how I did this. I Googled for "type face", but since
> English is not my native language, I did not understand what exactly did
> I set to be small. As I understand it you are referring to font size. I
> did not set anything like that.
Yes, the font size seems to be about 6 point. ISO-8859-2 is declared in
your message. Most people do not specify a character set and their stuff
comes through just fine.
>
> | I find the Web Of Trust does not work at all for me, because no one I
> | know is interested in e-mail security at all. I did verify someone's
> | signature for him, and he for me, but we have no one in common, so the
> | only person I can be sure is signing e-mail and is who was on his
> | passport, is someone with whom I have nothing in common, and never
> | see.
> | So the whole thing is useless because of the apathy of various
> | paranoid people I run into who bemoan the lack of privacy, but refuse
> | to use GPG, VeriSign, or anything else.
> |
> | Sigh!
>
> So what you are saying is that there is no way I can be sure that person
> replying to my e-mails is who he claims to be?
Not "NO WAY" but just very difficult. One way that is sure to work is to
meet the person in question, verify he is who he says he is by comparing
photo-identification in a government-issued identity document such as a
passport, and exchange GPG key fingerprints.
You then test that he is the lawful owner of that by sending encrypted
e-mail to the person whose key it is (download the public key from a
keyserver) and see the e-mail address associated with that key. If the
person does not reply, or does not know what you are talking about, you
probably do not have the id of the person you think.
You can delegate some of this testing if there is someone you have
already verified that you trust to be sufficiently vigorous in identity
checking. Then you might consider saying that if he verified the key,
you will accept it too. This is what the web-of-trust is about, though
my suggestions as to verification may have loopholes in them. I hope not.
> Anyone else with
> suggestion?
>
>
>
-- .~. Jean-David Beyer Registered Linux User 85642. /V\ Registered Machine 73926. /( )\ Shrewsbury, New Jersey http://counter.li.org ^^-^^ 2:30pm up 14 days, 43 min, 2 users, load average: 2.56, 2.48, 2.41
- Next message: Evan Cooch: "Re: RedHat query | version availability"
- Previous message: Jean-David Beyer: "Re: Newby Question: Apache on Linux 7.1"
- In reply to: Newbie: "Re: Safe e-mail?"
- Next in thread: Newbie: "Re: Safe e-mail?"
- Reply: Newbie: "Re: Safe e-mail?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
