Re: [LUG] Gpg signing of emails

[John Daragon <john@xxxxxxxxxx>]

Martin White wrote:
> So, having gone through the whole thing of creating the key pair and 
> registering them with the server, and then onto the DCLUG etc, etc, i have 
> just one question...
>
> Is KMail going to insist on asking me for my passphrase EVERY time i send an 
> email? Trust me, i send way too many emails every day to want to put up with 
> that all day long :)
>
> Any way to turn it off? Did i miss a setting somewhere?
>
> And, yes, i know that everyone is probably going to say that's a bad idea and 
> defeating the object and all that, BUT, the only person that has access to 
> this PC is me.


Yes, it *is* a bad idea...

> If anyone breaks into my house and nick's off with the PC, 
> whether or not they can send some signed emails really will be the least of 
> my worries!!

If that's so, I wonder if it's worth signing mail in the first place ? 
It's already pretty simple to form a judgement about where mail came 
from (in the main...), but the whole point about PGP signatures is that 
   the sender cannot repudiate the document once signed. So a signature 
absolutely, positively guarantees that an email came from you. Not your 
box, you. If you don't need to prove that, then a cryptographic 
signature is sort of pretty, but of limited value.

We use email signatures on quotes, contracts and other errm... financial 
stuff.  This email isn't signed because, well, frankly, who cares ?

When it's not in use, the keyring is in a safe.

jd

--

John Daragon                                          john@xxxxxxxxxx
argv[0] limited
Lambs Lawn Cottage,  Staple Fitzpaine,  Taunton,  TA3 5SL,  UK
v +44 (0) 1460 234068   f +44 (0) 1460 234069   m +44 (0) 7836 576127



--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe. FAQ: www.dcglug.org.uk/linux_adm/list-faq.html