-----BEGIN PGP SIGNED MESSAGE----- Message-Signature-Date: Thu Sep 28 14:13:09 1995
To: cypherpunks@toad.com From: tcmay@got.net (Timothy C. May)
At 6:33 PM 9/27/95, Travis Corcoran wrote:
What I call a robo-warning was this:
" P.S. This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests, and prompts me whether it should automatically send this msg on my behalf. If there is a bug w this sftwr (for example, you never PGP sign your msgs, so this entire msg makes no sense), or if you're interested in the software itself (mail-secure.el: a package in lisp for emacs; this is just one of the many crypto/privacy related things it does) please mail the author of this package ( tjic@openmarket.com) for details.
Well, I still don't understand why you call a message that says 1) "I tried too verify a signature" 2) "please mail me your key" 3) "if there's a bug, please mail the author" a "warning". I guess we're just using the word "warning" differently...
As to whether I needed to respond to your robo-warning about how your automatic scan of incoming mail produced some kind of Signature Failure Condition Red at your end, I just ignored your message.
I never stated or implied that anyone "needed to" respond to query-mail. To the contrary, I said in all seriousness that ignoring query-mail was "a fine anarchistic solution to the problem".
As others will attest, when people ask me for my key in a non-automated way, I usually send it to them.
Well, I still don't understand your objection to labor-saving software any more than I understand the lifestyles of the Amish, but that's my problem, not anyone else's.
My _overall_ point was not to attack Travis C., who I don't think I even mentioned by name, but to point out that great care must be taken in running automated mail-response programs
I did not take your comments on mail-secure.el as an attack on myself, but I did want to defend both the use of labor-saving software and parts of my particular implementation. Specifically, I defended the package against incorrect accusations on your part: 1) the query-mail was not a warning 2) the query-mail was not in response to the content of a post 3) the query-mail was not the first method used, but a last-ditch attempt 4) a human is in the loop 5) the keyserver used is not based on some trivial "preference" However, I do agree whole-heartedly with your above assertion that "great care must be taken in running automated mail-response programs". For this reason I have responded to your and other posts by adding features to the package to make it even less likely to bother people who don't want to be bothered.
Finally, since Travis is making a fairly big deal over my citing of his post (though anonymously, as I recall), I'd like to see the post he claims I signed.
To the very best of my knowledge *I* did not send you a piece of mail requesting your key...I've had your key in my keyring for over a year. Further, I am not asserting that I saw a signed message from you any time recently.
If anyone has a constructive suggestion as to how this mail could be changed to convey more information or to be less "threatening", please mail me.
Simple, don't bother to ask in the first place. Or ask informally, in ordinary English. Skip the "This mail was composed by my mailreading sftwr, which automatically scans incoming mail, looking for failed keyserver requests..." nonsense.
Nonsense? It seems to me that the information is useful, for two reasons: (1) it alerts the recipient to the semi-automated nature of the mail, which allows the recipient to prioritize his response (if any) to it. (2) it alerts the recipient that incorrect receipt of a key-request could be caused by a software bug (as opposed to some attempt to forge email). (3) it notes the existance of the package, which the recipient might be interested in (in the same way many cryptography-aware programs add a comment line to a PGP-signature). By the way, I have had several people ask for a copy of mail-secure.el after receiving a key-request from the package, which translates into several more people encrypting their email and verifying the messages they receive.
I don't need some fraction of them running their own "key etiquette agents" inspecting my posts for conformance to their preferences.
Once again you're [ willfully ? ] missing the point: etiquette and preferences have nothing to do with it, and your repeated assertions to the contrary trivialize the desire of some people to authenticate messages they receive (which I and others consider to be a reasonable goal). - - -- TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/ Member EFF, GOAL, NRA. opinions (TJIC) != opinions (employer (TJIC)) "Buy a rifle, encrypt your data, and wait for the Revolution!" PGP encrypted mail preferred. Ask me about gnuslive.el for emacs. -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: Auto-signed by mail-secure.el 1.002 using mailcrypt Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMGrlu4JYfGX+MQb5AQGiSwP+MMgoog/vmsxKU5Zo17L5ZE3KVlYWsbQ7 9kcVb8d2CLPyAyaU4iNmF5dLwdYyy0reft9jhzQAaZ/1Nm0+9KXGAhT7DdO2nDFT hGc9KiQ/IYEkkhkRJIRRNkVNGeWclbf9J/ffQUUNBBTBbJkjjwoLFns+GA6D2Qx/ xs8QFel7kvQ= =6Gyn -----END PGP SIGNATURE-----