Subject: [NYCGA Internet] Re: [Ows_solutions] using gpg
From: Sam Boyer
Date: Wed, 26 Oct 2011 14:37:25 -0400
CC: OWS Solutions <>, Internet Working Group <>

yep, that'll help too. i've been asked to compile a general security
best-practices document and put it on the wiki, which i'll do as i can.

or i might try to delegate to one of my sec folks :)

On 10/26/11 2:27 PM, Ted Schulman wrote:
Hi all,

I agree, we shouldn't be sending passwords, credentials, etc. over open
email. A best practice is to use voice communications for this purpose
whenever possible.


On Wed, Oct 26, 2011 at 2:19 PM, Sam Boyer <
<>> wrote:

    hi folks,

    during the internet working group meeting last night, it was requested
    that i email around about the use of gpg. much of the communication we
    are doing is in public spaces, and that's great. but there are some
    communications we will have which ought to be kept private - not because
    we're creating cabals, but because we are, for example, sharing
    passwords for access to servers. however, following the principle of
    promiscuous encryption (encrypting everything, rather than just the
    "important stuff," so that anyone trying to intercept doesn't know which
    messages contain something worthwhile.

    so basically, anytime i send individual emails to folks working on OWS,
    i'd LIKE to encrypt them. i understand that gpg is a bit difficult for
    many people, so i'm not saying this is a general requirement (though i
    absolutely will not send sensitive things, like passwords, unencrypted),
    but the more folks who could start making use of gpg, the better.

    here are some primers. hopefully one is at your skill level, wherever
    that may be, enough that you can get it up and running.

    for osx + thunderbird (what i use on my laptop) -
    a bit on gpg for windows -
    intro ubuntu-oriented thread -
    more generic manual -
    another manual -

    to reiterate - i am NOT saying we should/must abandon all lists, or that
    all individual emails ought to be encrypted. i'm simply saying that this
    is a good practice, required for certain communications, and the earlier
    that more people get in the habit, the better.

    in solidarity

    Ows_solutions mailing list