On 5/7/07, Jon M. Hanson <jon@the-hansons-az.net> wrote:
Joshua Zeidner wrote:


On 5/6/07, Alan Dayley <alandd@consultpros.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ray Cantwell wrote:
>
>> I am not responding to your original request for help.  Sorry.  I
>> do note, however, that you have signed your email.  As you can see,
>> I sign most of my emails too.
>
>> I was not able to download your public key from the usual key
>> servers and confirm your signature.  Do you have your public key
>> posted somewhere?
>
>> Alan
>
> I am still learning to us PGP, just uploaded the key, hopefully it
> should work now.

Got it.  Good work.

Signing is good for the email world.  Thanks for taking it up.

Alan


  Signing is definately good for the email world.  However, the majority of email clients are not configured to accept it.  This creates an effect that if a 'non-technical' person sees the PGP tags, they are likely to ignore the message ( scary PGP tags! :) ).  For instance in Gmail I see your PGP keys, and there is no good way to make them invisible.  I can certainly create a technical workaround, but %98 of people on the interweb can't even come close to figuring out how to do that.  I am the defacto 'PGP configgerer' amongst the people I work with, and I can tell you it's no easy job (I recommend TBird+Enigmail).  PGP is not likely to be supported widely as encrypted email via PGP is the bane of marketing departments worldwide.  Google responded with quiet aversion when people first started using PGP on Gmail.

  -jmz





I think Google doesn't like people encrypting their e-mail on GMail because that whole business model relies on them being able to give you advertising off of keywords in your e-mail. Obviously if it's encrypted they can't do that and you're breaking their business model. Is encryption banned in their Terms of Service for GMail? I signed up for an account there a long time ago but never really used it as I run my own e-mail server.


  They do more with it than place ads.  In a decade or two, Google will have amassed the worlds largest and most detailed marketing and demographics database in history.  And you don't have to have an account to be indexed, AMOF you have just been indexed by sending email indirectly to my address( jjzeidner@gmail.com ).  Isn't being indexed by Google fun!?  But things move very fast and I am sure competition will arise, Yahoo has been doing some very interesting things lately.   Also there is a healthy market of 3rd party services propping up.

  As for Gmail + encryption, there are, to my knowledge, no explicit terms in their agreement that deal with cryptography.  If there were, they are asking for trouble, because it is not difficult to employ encryption techniques that are close to impossible to detect( it is possible to generate an encrypted data block that looks like natural language ).  Cryptography in general is an edgy area of law, and much of the precedence that has been set was the result of 'national security' fiat.  In some cases Cryptography is viewed as a 'weapon' in a U.S. court of law.  The lines become blurred when dealing with commercial entities.


I sign all of my e-mails as well and my non-technical friends and family never have any problems with it. They probably just mostly ignore the extra attachment. That's probably the difference: My method of signing produces an attachment instead of it being in-line. That might be a little less "scary" for the non GPG-aware.


   Perhaps that is a better technique!  Try sending inline PGP tags to your boss or your client :) .


Does this group ever do any key signing parties?


   I'm pretty sure PLUG stages those periodically- jmz



--
.0000. communication.
.0001. development.
.0010. strategy.            
.0100. appeal.

JOSHUA M. ZEIDNER
IT Consultant

( 602 ) 490 8006
jjzeidner@gmail.com