GPG Usage (Was: Best cheap laptop for linux?)

[Steve Lamb]

I know I'll regret this, but...

Karl F. Larsen wrote:
>     Too many of us, myself included were signing every email with GNUPG 
> because we were too stupid to turn it off. After a few weeks I found the 
> place in Thunderbird to turn it off, and did so. I have an occasional 
> need for encryption on business dealings. Now I receive the encrypted 
> request with usually a form to fill out and I do the proper thing and 
> encript the response. Then turn it off.

     This is not how it should be.  If you are going to sign you should sign 
every message, without exception.  The same goes for encryption.  This is 
because if you only encrypt the important bits then anyone who is monitoring 
your communication knows when to start hammering at your system...  It's when 
you encrypt that one message out of 4000.  Signing isn't quite the same but if 
you don't sign every message than someone can alter an innocent "worthless" 
message to make it appear you've said something you have not.

     A worry for most people here?  No.  But just because it is not a worry 
for most people means one should dispense bad advice as to its proper use.

-- 
          Steve C. Lamb         | But who can decide what they dream
        PGP Key: 1FC01004       |      and dream I do
-------------------------------+---------------------------------------------