Subject: Re: [NYCGA Internet] Re: [Ows_solutions] using gpg
From: Dan Phiffer
Date: Wed, 26 Oct 2011 14:48:50 -0400
CC: OWS Solutions <>

Yes, I am all for GPG! This is an important message to get out there.

However if, like me, you use Mac OS X 10.7 (Lion) and I don't believe there is a way to use GPG (until GPGMail or Symantec get updates). I'm going be to downgrading to 10.6 for this and other reasons.

Also, it's worth mentioning that many within the Internet Working Group consider the mailing list dead. Or at least not worthy of checking.


On Oct 26, 2011, at 2:37 PM, Sam Boyer wrote:

yep, that'll help too. i've been asked to compile a general security
best-practices document and put it on the wiki, which i'll do as i can.

or i might try to delegate to one of my sec folks :)

On 10/26/11 2:27 PM, Ted Schulman wrote:
Hi all,

I agree, we shouldn't be sending passwords, credentials, etc. over open
email. A best practice is to use voice communications for this purpose
whenever possible.


On Wed, Oct 26, 2011 at 2:19 PM, Sam Boyer <
<>> wrote:

   hi folks,

   during the internet working group meeting last night, it was requested
   that i email around about the use of gpg. much of the communication we
   are doing is in public spaces, and that's great. but there are some
   communications we will have which ought to be kept private - not because
   we're creating cabals, but because we are, for example, sharing
   passwords for access to servers. however, following the principle of
   promiscuous encryption (encrypting everything, rather than just the
   "important stuff," so that anyone trying to intercept doesn't know which
   messages contain something worthwhile.

   so basically, anytime i send individual emails to folks working on OWS,
   i'd LIKE to encrypt them. i understand that gpg is a bit difficult for
   many people, so i'm not saying this is a general requirement (though i
   absolutely will not send sensitive things, like passwords, unencrypted),
   but the more folks who could start making use of gpg, the better.

   here are some primers. hopefully one is at your skill level, wherever
   that may be, enough that you can get it up and running.

   for osx + thunderbird (what i use on my laptop) -
   a bit on gpg for windows -
   intro ubuntu-oriented thread -
   more generic manual -
   another manual -

   to reiterate - i am NOT saying we should/must abandon all lists, or that
   all individual emails ought to be encrypted. i'm simply saying that this
   is a good practice, required for certain communications, and the earlier
   that more people get in the habit, the better.

   in solidarity

   Ows_solutions mailing list