Subject: Re: [NYCGA Internet] Re: [Ows_solutions] using gpg
From: Dan Phiffer
Date: Wed, 26 Oct 2011 15:08:03 -0400

On Oct 26, 2011, at 2:58 PM, Sam Boyer wrote:

On 10/26/11 2:48 PM, Dan Phiffer wrote:
Yes, I am all for GPG! This is an important message to get out there.

However if, like me, you use Mac OS X 10.7 (Lion) and I don't believe there is a way to use GPG (until GPGMail or Symantec get updates). I'm going be to downgrading to 10.6 for this and other reasons.

thunderbird not an option? i imagine enigmail will still work. if not,
that's one more reason i'm not upgrading to lion anytime soon.

I've tried Thunderbird a couple times and it's never taken. It'd be like getting me to switch text editors, at this point it is just not going to happen. I've had some other issues with 10.7, I was just looking for an excuse to downgrade.

Also, it's worth mentioning that many within the Internet Working Group consider the mailing list dead. Or at least not worthy of checking.

for its original purpose, it probably is dead. but i think it could be
resurrected if we were to reclassify its purpose as being a place that
folks worldwide could throw tech-related #ows ideas, and some core,
connected group of people periodically go in and try to cull the useful
stuff out and organize them towards some real projects.

Agreed, just meant it'd be good to cover other bases, communications-wise.


On Oct 26, 2011, at 2:37 PM, Sam Boyer wrote:

yep, that'll help too. i've been asked to compile a general security
best-practices document and put it on the wiki, which i'll do as i can.

or i might try to delegate to one of my sec folks :)

On 10/26/11 2:27 PM, Ted Schulman wrote:
Hi all,

I agree, we shouldn't be sending passwords, credentials, etc. over open
email. A best practice is to use voice communications for this purpose
whenever possible.


On Wed, Oct 26, 2011 at 2:19 PM, Sam Boyer <
<>> wrote:

  hi folks,

  during the internet working group meeting last night, it was requested
  that i email around about the use of gpg. much of the communication we
  are doing is in public spaces, and that's great. but there are some
  communications we will have which ought to be kept private - not because
  we're creating cabals, but because we are, for example, sharing
  passwords for access to servers. however, following the principle of
  promiscuous encryption (encrypting everything, rather than just the
  "important stuff," so that anyone trying to intercept doesn't know which
  messages contain something worthwhile.

  so basically, anytime i send individual emails to folks working on OWS,
  i'd LIKE to encrypt them. i understand that gpg is a bit difficult for
  many people, so i'm not saying this is a general requirement (though i
  absolutely will not send sensitive things, like passwords, unencrypted),
  but the more folks who could start making use of gpg, the better.

  here are some primers. hopefully one is at your skill level, wherever
  that may be, enough that you can get it up and running.

  for osx + thunderbird (what i use on my laptop) -
  a bit on gpg for windows -
  intro ubuntu-oriented thread -
  more generic manual -
  another manual -

  to reiterate - i am NOT saying we should/must abandon all lists, or that
  all individual emails ought to be encrypted. i'm simply saying that this
  is a good practice, required for certain communications, and the earlier
  that more people get in the habit, the better.

  in solidarity

  Ows_solutions mailing list