Editing Talk:1181: PGP
![]() |
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | Everybody below seems to have misread the comic. It says nothing about 'verifying that the email is secure' or secret, or encrypted. It says verifying that the email is | + | Everybody below seems to have misread the comic. It says nothing about 'verifying that the email is secure' or secret, or encrypted. It says verifying that the email is AUTHENTIC. This is a significant difference in meaning.[[Special:Contributions/24.70.188.179|24.70.188.179]] 15:55, 4 March 2013 (UTC) |
: I understood the same. I am probably the only nerd that use PGP. So if you receive a mail with that "heading" it's probably from me.[[Special:Contributions/83.42.5.246|83.42.5.246]] 09:20, 5 March 2013 (UTC) | : I understood the same. I am probably the only nerd that use PGP. So if you receive a mail with that "heading" it's probably from me.[[Special:Contributions/83.42.5.246|83.42.5.246]] 09:20, 5 March 2013 (UTC) | ||
− | |||
− | |||
I don't really understand what's funny about this comic. [[Special:Contributions/76.106.251.87|76.106.251.87]] 05:53, 4 March 2013 (UTC) | I don't really understand what's funny about this comic. [[Special:Contributions/76.106.251.87|76.106.251.87]] 05:53, 4 March 2013 (UTC) | ||
Line 10: | Line 8: | ||
I think merely the fact that PGP is in the email itself suggests the sender of the email is probably just a big nerd and therefore can be trusted. {{unsigned|153.90.91.1}} | I think merely the fact that PGP is in the email itself suggests the sender of the email is probably just a big nerd and therefore can be trusted. {{unsigned|153.90.91.1}} | ||
− | |||
Isn't it that those markers could very simply just have been typed in, rather than being part of the decryption system? [[User:DonGoat|DonGoat]] ([[User talk:DonGoat|talk]]) 07:41, 4 March 2013 (UTC) | Isn't it that those markers could very simply just have been typed in, rather than being part of the decryption system? [[User:DonGoat|DonGoat]] ([[User talk:DonGoat|talk]]) 07:41, 4 March 2013 (UTC) | ||
Line 27: | Line 24: | ||
:You may be confusing "ASCII armored" (which in OpenPGP speak is "a BASE64-encoded version of the signature or encrypted text") with the encoding of the actual data (which may also be BASE64, or it may be Quoted-Nonprintable, or it may be actual plain-text ASCII). This separation line signals that signature will be at the end, and that the mail will not be encoded in PGP-MIME, which pretty much requires that the signature is ASCII armored.[[Special:Contributions/195.144.91.202|195.144.91.202]] 12:03, 4 March 2013 (UTC) | :You may be confusing "ASCII armored" (which in OpenPGP speak is "a BASE64-encoded version of the signature or encrypted text") with the encoding of the actual data (which may also be BASE64, or it may be Quoted-Nonprintable, or it may be actual plain-text ASCII). This separation line signals that signature will be at the end, and that the mail will not be encoded in PGP-MIME, which pretty much requires that the signature is ASCII armored.[[Special:Contributions/195.144.91.202|195.144.91.202]] 12:03, 4 March 2013 (UTC) | ||
− | ::At the time of my comment, the explanation said: ''»[...] Randall suggests that if you just look for "Begin PGP Signed Message" in the message, the assumption that the message is encrypted is "Pretty Good." This holds true as one of the RFC4880-devised plaintext headers '''for messages with ASCII armor''' is exactly this text«'' (emphasis by me), whereas RFC 4880 defines in section "Cleartext Signature Framework" that this header is used for ''cleartext'' messages, i.e. explicitly ''without'' ASCII armor. The explanation was changed shortly afterwards, so my comment was outdated and apparently confusing. [[Special:Contributions/128.7.3.55|128.7.3.55]] 11: | + | ::At the time of my comment, the explanation said: ''»[...] Randall suggests that if you just look for "Begin PGP Signed Message" in the message, the assumption that the message is encrypted is "Pretty Good." This holds true as one of the RFC4880-devised plaintext headers '''for messages with ASCII armor''' is exactly this text«'' (emphasis by me), whereas RFC 4880 defines in section "Cleartext Signature Framework" that this header is used for ''cleartext'' messages, i.e. explicitly ''without'' ASCII armor. The explanation was changed shortly afterwards, so my comment was outdated and apparently confusing. [[Special:Contributions/128.7.3.55|128.7.3.55]] 11:47, 7 March 2013 (UTC) |
:I also agree that the explanation doesn't really explain the point. PGP does not only provide encryption (which is in some sense privacy), but also authentication. If I publish my public key, anyone can use it to verify an email I signed with my private key. The joke is about what really happens. The text says: "If you find a header, this indicates a signed message. You are pretty safe if you assume the mail is authentic." This is funny, because email signatures are still so uncommon that there actually is no need to fake it. If you fake an email, why faking a signature? Just don't sign it. The image text goes one step further saying that you're safer when you look at the bottom of the mail and look for some weird random characters. This is what the actual signature looks like, but of course, the only way to really authenticate the mail is to use the sender's public key to verify that the random characters are a real signature. --[[User:BKA|BKA]] ([[User talk:BKA|talk]]) 12:19, 4 March 2013 (UTC) | :I also agree that the explanation doesn't really explain the point. PGP does not only provide encryption (which is in some sense privacy), but also authentication. If I publish my public key, anyone can use it to verify an email I signed with my private key. The joke is about what really happens. The text says: "If you find a header, this indicates a signed message. You are pretty safe if you assume the mail is authentic." This is funny, because email signatures are still so uncommon that there actually is no need to fake it. If you fake an email, why faking a signature? Just don't sign it. The image text goes one step further saying that you're safer when you look at the bottom of the mail and look for some weird random characters. This is what the actual signature looks like, but of course, the only way to really authenticate the mail is to use the sender's public key to verify that the random characters are a real signature. --[[User:BKA|BKA]] ([[User talk:BKA|talk]]) 12:19, 4 March 2013 (UTC) | ||
Line 38: | Line 35: | ||
Also, Randall's comment that the presence of a signature does not necessarily authenticate the message is reminiscent of [[1121: Identity]]. --[[Special:Contributions/213.151.48.139|213.151.48.139]] 12:13, 6 March 2013 (UTC) | Also, Randall's comment that the presence of a signature does not necessarily authenticate the message is reminiscent of [[1121: Identity]]. --[[Special:Contributions/213.151.48.139|213.151.48.139]] 12:13, 6 March 2013 (UTC) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |