MSGID: 2:221/360.0 5e0f69ce   
   REPLY: 2:280/464 5e0f577c   
   PID: JamNNTPd/OS2 1.3 20191208   
   TID: GE/2 1.2   
   CHRS: UTF-8 2   
   TZUTC: 0200   
   On 03/01/2020 10:02 a.m., Wilfred van Velzen : August Abolins wrote:   
      
   Hello Wilfred!   
      
    WvV> I can now verify your message had a correct signature made with   
    WvV> this key:   
      
    WvV> wilfred@wilnux5: ~/tmp> gpg -- import aug.key gpg: key   
    WvV> 5789589B: public key "August Abolins   
    WvV> " imported gpg: Total number   
    WvV> processed: 1 gpg: imported: 1 (RSA: 1) wilfred@wilnux5   
      
   Cool!  I still have to learn how to do that here.   
      
   I have used the pgp signing process in the long ago past, but now and I am   
   rusty and have only begun figuring out "the process" to use in this new   
   environment.   
      
   I like the Enigmail/OpenPGP integration in Thunderbird.   
      
   When pgp first came out found, I found it fascinating. I immediately wondered   
   why *wouldn't* anyone want to use it on a regular basic for email exchanges.    
   But at that time, using it required complex extra manual steps - especially   
   for decrypting.  Looks like this TB/OpenPGP/Enigmail integration can decrypt   
   automatically.   
      
   But email became a horrible monster filled with html codes, graphics, and many   
   fancy things that people have been mesmerized with. It would be too   
   inconvenient to decrypt that each and every time, I guess.   
      
   I think my old public key is still out there. (I have not really looked for it   
   though. I don't remember the servers I used.) The private key is probably   
   still on a 3½ diskette, somewhere.   
      
      
    WvV> The trust thing is sort of an issue. I can't just sign your key   
    WvV> (technically I could of course), because I can't verify it's   
    WvV> really you. Anyone could login to Tommy's nntp server   
    WvV> as 'August Abolins'. and "fake" email addresses are also easy   
    WvV> to create/get. And since you are not a node we can't even   
    WvV> exchange some crash netmails...   
      
   Well.. there *is* the email clue above.  ;)  A few email exchanges, and the   
   analysis of the headers could be one way to get confidence whether the email I   
   claim to use above is really me or suspicious.   
      
   There is still a trust issue in this whole process for sure. At least one   
   other person who could actually vouch that I am who I am would be needed.   
      
   W.r.t nntp, another "August Abolins" could come from many different outside   
   systems.  True.  But since registering on Tommi's system requires human   
   intervention, I don't think he would permit another me to register on his   
   system with exactly the same FN LN. So, technically you could be confident   
   that once you grab my public key from here, future correspondences are from   
   "the August Abolins originally seen on Tommi's system." ?  :)   
      
   As a minimum, if Tommi were to sign my key, (since my messages are originating   
   on *his* system, and we can be sure that he's the *real deal* operating his   
   *own* system, and I had to be registered manually to have access) then that   
   would be a nice vote of confidence.   
      
   There is another verification process I can suggest.  I'll cover that later.    
   And maybe I'll encrypt that message!     
      
   Cheers!   
    ../|ug   
      
   --- Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101    
   hunderbird/60.9.1   
    * Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)   
   SEEN-BY: 1/123 19/10 90/1 221/0 1 6 360 227/114 229/426 1014 240/5832   
   SEEN-BY: 249/206 317 400 280/464 5003 292/854 8125 317/3 322/757 335/364   
   SEEN-BY: 342/200 423/81   
   PATH: 221/360 1 292/854 229/426