MSGID: 2:221/360.0 5e0f69ce
REPLY: 2:280/464 5e0f577c
PID: JamNNTPd/OS2 1.3 20191208
TID: GE/2 1.2
CHRS: UTF-8 2
TZUTC: 0200
On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:

Hello Wilfred!

 WvV> I can now verify your message had a correct signature made with
 WvV> this key:

 WvV> wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key
 WvV> 5789589B: public key "August Abolins
 WvV> " imported gpg: Total number
 WvV> processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5

Cool!  I still have to learn how to do that here.

I have used the pgp signing process in the long ago past, but now and I am
rusty and have only begun figuring out "the process" to use in this new
environment.

I like the Enigmail/OpenPGP integration in Thunderbird.

When pgp first came out found, I found it fascinating. I immediately wondered
why *wouldn't* anyone want to use it on a regular basic for email exchanges. 
But at that time, using it required complex extra manual steps - especially
for decrypting.  Looks like this TB/OpenPGP/Enigmail integration can decrypt
automatically.

But email became a horrible monster filled with html codes, graphics, and many
fancy things that people have been mesmerized with. It would be too
inconvenient to decrypt that each and every time, I guess.

I think my old public key is still out there. (I have not really looked for it
though. I don't remember the servers I used.) The private key is probably
still on a 3½ diskette, somewhere.


 WvV> The trust thing is sort of an issue. I can't just sign your key
 WvV> (technically I could of course), because I can't verify it's
 WvV> really you. Anyone could login to Tommy's nntp server
 WvV> as 'August Abolins'. and "fake" email addresses are also easy
 WvV> to create/get. And since you are not a node we can't even
 WvV> exchange some crash netmails...

Well.. there *is* the email clue above.  ;)  A few email exchanges, and the
analysis of the headers could be one way to get confidence whether the email I
claim to use above is really me or suspicious.

There is still a trust issue in this whole process for sure. At least one
other person who could actually vouch that I am who I am would be needed.

W.r.t nntp, another "August Abolins" could come from many different outside
systems.  True.  But since registering on Tommi's system requires human
intervention, I don't think he would permit another me to register on his
system with exactly the same FN LN. So, technically you could be confident
that once you grab my public key from here, future correspondences are from
"the August Abolins originally seen on Tommi's system." ?  :)

As a minimum, if Tommi were to sign my key, (since my messages are originating
on *his* system, and we can be sure that he's the *real deal* operating his
*own* system, and I had to be registered manually to have access) then that
would be a nice vote of confidence.

There is another verification process I can suggest.  I'll cover that later. 
And maybe I'll encrypt that message!  

Cheers!
 ../|ug

--- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 
hunderbird/60.9.1
 * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
SEEN-BY: 1/123 19/10 90/1 221/0 1 6 360 227/114 229/426 1014 240/5832
SEEN-BY: 249/206 317 400 280/464 5003 292/854 8125 317/3 322/757 335/364
SEEN-BY: 342/200 423/81
PATH: 221/360 1 292/854 229/426