who are you again?

Tony Godshall togo@of.net
Thu, 2 Aug 2001 12:00:11 -0700

> We've spent some time with keysignings, especially recently, to establish
> our webs of trust. I think that within this group, at least, finding paths
> to people should be _very_ easy, and in fact many are direct signatures.

> I notice that people don't sign their messages though, in sort of a 
> 'normal' use of PGP among friends.

I'm one of them.  And a semi-newbie.

> ...Just curious, is this because:
> 1) You're using mail client that doesn't easily integrate?
> 2) People complain about the extra funny characters?
> 3) Something else?

A: 3.  I find that little delay every time I open a
GPG/PGP signed message a little annoying, and time 
consuming when multiplied by n messages every day, and I 
guess I don't really want to impose that by default on 
others.  A fractional second per message it too much for 
someone who gets a lot of mail (from lists) and needs to 
skim and dispose of messages (and whole threads) quickly.  

I could default it to sign just for certain addresses or 
to not sign for lists or whatever, but that is a continuing
maintenance cost.  If I came across a way to have gpg sign my
messages only if I already have the signature of the
addressee (i.e. use my gpg database as an indicator of who
my friends are), I'd go for that in a minute, tho!

Maybe it's just a mutt thing, but if I could get started 
reading the message while gpg goes and checks the signature
in the background, it would make all the difference.  Or if
the signatures could be checked at download-time (through 
fetchmail/procmail) instead of at read-time(through mutt), 
that would do it too.  ((download-time checking would also
be helpful for those who read their email offline))

What it would take for this semi-newbie to set up for 
signing by default: the time-cost of sig-checking needs 
to be made minimal (i.e. don't make me wait to read the 
message just because you're checking a sig), and not just 
for me: it has to be easy enough that I'd recommend it for 
those I send to also. 

Thanks for bringing this up.