Signed email with GnuPG and Enigmail
Today I installed GnuPG and Enigmail and started signing my email correspondence. I’ve been meaning to do this for a long time, because I firmly believe that digital signing is the only long-term solution to spam. I don’t think that PGP signing will by itself solve the problem, without an additional web-of-trust UI for easily verifying public keys, but at least now if you want to, you can verify that an email that purports to be from me is actually from me.
My public key is available here.
September 13th, 2006 at 1:02 am
A while back, I posted a thought about using OpenID for trust paths for solving spam. I didn’t flesh it out any more than that, because I wouldn’t have any idea how to go about doing so, but I hope someone will sometime (the sooner the better!).
How easy was it to set up everything? I’ve been meaning to myself, but who knows when I will…
September 13th, 2006 at 3:12 am
This is true for people geeky enough to set up GnuPG and enigmail. I used to think like you, but many people use web based email readers like Gmail, Yahoo and those can’t verify signatures at the moment. Solution for spam do exists they are domain-keys and spf – but they need to be implemented on a larger scale to be usefull.
September 13th, 2006 at 4:26 am
Why do you prefer using OpenPGP with Enigmail instead of the thunderbird build-in S/MIME capability. I found that it was a real pain to install OpenPGP and Enigmail. It was much easier to use S/MIME. It seems that you can obtain a free S/MIME certificate now: http://kb.mozillazine.org/Getting_an_SMIME_certificate
September 13th, 2006 at 5:12 am
Hi Ben:
Why don’t you use an S/MIME signature? Certs are available for free, and S/MIME is already integrated into most e-mail apps (e.g., Thunderbird). PGP is way too cumbersome for the vast majority of users to understand, let alone go through the bewildering hassle of installing/configuring.
I’ve been to signing parties where people would exchange their PGP keys sloppily written on shreds of paper. It’s not much more than an opportunity for geeks to get together (nothing wrong with that), but most people will not do this. OTOH, I’ve had somewhat regular folk make the trip to my house to get their (Thawte) S/MIME cert identity verified.
September 13th, 2006 at 10:03 am
I agree that S/MIME will probably be the future for the wider public.
The new Belgian identity cards contain an S/MIME certificate. However, you still need a card reader on your pc.
I’m probably getting mine in about a week. All Belgians will have one in 2008.
September 15th, 2006 at 12:23 pm
I agree, digital signatures make sense. I also believe those of us who can chew gum and use a personal computer should start using some kind of digital signature. Forget the general public for a minute, getting them on board probably would not work. But those of us who can set up and use some kind of digital signature should. And we should encourage any organization that offers e mail to also offer digital signatures. We could make a few jobs, make our world, the computer world a little safer. A SWAG on how much mail is signed now, less than .001 percent. Get that number up to 1 percent, do some evangelizing, get it to 5 percent and then we can start to work out the kinks. Maybe its time to think, if you don’t use something, you are part of the problem. Maybe the folks who drive Thunderbird made it a priority of be part of the solution.