On 10/26/11 2:48 PM, Dan Phiffer wrote:
Yes, I am all for GPG! This is an important message to get out there.
However if, like me, you use Mac OS X 10.7 (Lion) and Mail.app I don't believe there is a way to use GPG (until GPGMail or Symantec get updates). I'm going be to downgrading to 10.6 for this and other reasons.
thunderbird not an option? i imagine enigmail will still work. if not,
that's one more reason i'm not upgrading to lion anytime soon.
Also, it's worth mentioning that many within the Internet Working Group consider the mailing list dead. Or at least not worthy of checking.
for its original purpose, it probably is dead. but i think it could be
resurrected if we were to reclassify its purpose as being a place that
folks worldwide could throw tech-related #ows ideas, and some core,
connected group of people periodically go in and try to cull the useful
stuff out and organize them towards some real projects.
On Oct 26, 2011, at 2:37 PM, Sam Boyer wrote:
yep, that'll help too. i've been asked to compile a general security
best-practices document and put it on the wiki, which i'll do as i can.
or i might try to delegate to one of my sec folks :)
On 10/26/11 2:27 PM, Ted Schulman wrote:
I agree, we shouldn't be sending passwords, credentials, etc. over open
email. A best practice is to use voice communications for this purpose
On Wed, Oct 26, 2011 at 2:19 PM, Sam Boyer <firstname.lastname@example.org
during the internet working group meeting last night, it was requested
that i email around about the use of gpg. much of the communication we
are doing is in public spaces, and that's great. but there are some
communications we will have which ought to be kept private - not because
we're creating cabals, but because we are, for example, sharing
passwords for access to servers. however, following the principle of
promiscuous encryption (encrypting everything, rather than just the
"important stuff," so that anyone trying to intercept doesn't know which
messages contain something worthwhile.
so basically, anytime i send individual emails to folks working on OWS,
i'd LIKE to encrypt them. i understand that gpg is a bit difficult for
many people, so i'm not saying this is a general requirement (though i
absolutely will not send sensitive things, like passwords, unencrypted),
but the more folks who could start making use of gpg, the better.
here are some primers. hopefully one is at your skill level, wherever
that may be, enough that you can get it up and running.
for osx + thunderbird (what i use on my laptop) -
a bit on gpg for windows - http://wolfram.org/writing/howto/gpg.html
intro ubuntu-oriented thread -
more generic manual -
another manual - http://www.gnupg.org/gph/en/manual.html
to reiterate - i am NOT saying we should/must abandon all lists, or that
all individual emails ought to be encrypted. i'm simply saying that this
is a good practice, required for certain communications, and the earlier
that more people get in the habit, the better.
Ows_solutions mailing list