Inline signing test
Uncle Jim
jim at jimani.com
Sun Sep 8 04:59:32 CDT 2002
Hi,
On Sat, Sep 07, 2002 at 02:03:09PM -0500, Jason Clinton wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ok, I found a way to enable inline signing. Is this too annoying for
> anyone? Should I go back to GPG/MIME?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6-2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAj16TW0ACgkQtSqjk42zvwnM6ACfXqI5Kphb61mcYVhR1I1HF5k5
> 0lMAn0J+9yNZtUxu03T4T5Xaw46RxIRa
> =/M+s
> -----END PGP SIGNATURE-----
Well, it doesn't look too bad but mutt totally ignores the "signature".
If I force mutt to check the signature I get:
gpg: Warning: using insecure memory!
gpg: Signature made Sat 07 Sep 2002 02:03:09 PM CDT using DSA key ID 8DB3BF09
gpg: BAD signature from "Jason Clinton (UMKC Faculty) <clintonj at umkc.edu>"
It seems to me that if this is your new scheme you may as well do nothing.
At least your old method was automatically verified by my MUA.
Let me also say that after following this thread I thought that at least
a few people agreed that RFC compliant digital signatures were a good idea.
However, looking at my log files I see that nobody has tried to collect my
public key. I don't know if this means that some people on this list have
opinions they don't practice or if they just don't care about what I have
to say.
My vote is that this method is worthless, your old method works.
--
Jim
More information about the Kclug
mailing list