Signature as Header - Mozilla

This is a discussion on Signature as Header - Mozilla ; Is it possible to have the SM signature either as a header or directly beneath your response, assuming the response is on top of the previous mail or quotes. Currently the signature is placed at the very bottom of the ...

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 21

Thread: Signature as Header

  1. Signature as Header

    Is it possible to have the SM signature either as a header or directly
    beneath your response, assuming the response is on top of the previous
    mail or quotes. Currently the signature is placed at the very bottom of
    the quotes. I hope thats clear enough. Thanks in advance.

  2. Re: Signature as Header

    On 9/6/2007 2:49 AM, Richard wrote:
    > Is it possible to have the SM signature either as a header or directly
    > beneath your response, assuming the response is on top of the previous
    > mail or quotes. Currently the signature is placed at the very bottom of
    > the quotes. I hope thats clear enough. Thanks in advance.


    A valid signature begins with a line that has "-- " (dash dash space) by
    itself. See my signature in this reply. This is per Section 4.3 of RFC
    3676.

    Many E-mail applications and newsreaders remove the signature from a
    message when quoting it in a reply or forward. Since there is no
    indicator for the end of a signature, everything from the "-- " to the
    end of the quoted message is deleted.

    Thus, if your signature appears immediately below your response and
    above the quoted message to which you are responding, further responses
    will remove what is quoted in your response. To prevent this loss of
    prior quoted messages, your signature goes at the very end.

    --

    David E. Ross
    .

    Anyone who thinks government owns a monopoly on inefficient, obstructive
    bureaucracy has obviously never worked for a large corporation. 1997

  3. Re: Signature as Header

    Richard wrote:
    > Is it possible to have the SM signature either as a header or directly
    > beneath your response, assuming the response is on top of the previous
    > mail or quotes. Currently the signature is placed at the very bottom of
    > the quotes. I hope thats clear enough. Thanks in advance.


    you can have the signature after your reply, but before the
    quote. Edit, Mail & Newsgroups Account Settings, select the
    account, and under Composition & Addressing, and make your
    changes at the top.

    Remember, when you have the sig at the bottom of the
    message, then you get the sig delimiter which is dash dash
    space [-- ]. When someone replies, the sig file is removed.
    If you place the sig file anywhere else, for example, if
    your messages is on top, then the sig is above the quote,
    the delimiter is NOT there, and sometimes the sig can be
    confusing, cause it looks like its part of the message,
    unless you make it a different color, and you can do that by
    creating your sig in html formating.

    --
    Please do not email me for help. Reply to the newsgroup
    only. And only click on the Reply button, not the Reply All
    or Reply to Author. Thanks!

    Peter Potamus & His Magic Flying Balloon:
    http://www.toonopedia.com/potamus.htm

  4. Re: Signature as Header

    Peter Potamus the Purple Hippo wrote:
    > Richard wrote:
    >> Is it possible to have the SM signature either as a header or directly
    >> beneath your response, assuming the response is on top of the previous
    >> mail or quotes. Currently the signature is placed at the very bottom
    >> of the quotes. I hope thats clear enough. Thanks in advance.

    >
    > you can have the signature after your reply, but before the quote.
    > Edit, Mail & Newsgroups Account Settings, select the account, and under
    > Composition & Addressing, and make your changes at the top.
    >
    > Remember, when you have the sig at the bottom of the message, then you
    > get the sig delimiter which is dash dash space [-- ]. When someone
    > replies, the sig file is removed. If you place the sig file anywhere
    > else, for example, if your messages is on top, then the sig is above the
    > quote, the delimiter is NOT there, and sometimes the sig can be
    > confusing, cause it looks like its part of the message, unless you make
    > it a different color, and you can do that by creating your sig in html
    > formating.
    >

    Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    at the beginning of my email or immediately after it, if the string is
    long, it gets planted at the very bottom of all that, where they just
    appear to just accumulate, and is never really seen, is there another
    way of doing this ?.

  5. Re: Signature as Header

    On 09/06/2007 12:43 PM, Richard wrote:
    > Peter Potamus the Purple Hippo wrote:


    >>
    >> Remember, when you have the sig at the bottom of the message, then you
    >> get the sig delimiter which is dash dash space [-- ]. When someone
    >> replies, the sig file is removed. If you place the sig file anywhere
    >> else, for example, if your messages is on top, then the sig is above the
    >> quote, the delimiter is NOT there, and sometimes the sig can be
    >> confusing, cause it looks like its part of the message, unless you make
    >> it a different color, and you can do that by creating your sig in html
    >> formating.
    >>

    > Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    > at the beginning of my email or immediately after it, if the string is
    > long, it gets planted at the very bottom of all that, where they just
    > appear to just accumulate, and is never really seen, is there another
    > way of doing this ?.


    Looks as if you're looking for an actual header vs a .sig. If that is
    the case then just create a template email with the header at the top.

  6. Re: Signature as Header

    David E. Ross wrote:
    > On 9/6/2007 2:49 AM, Richard wrote:
    >> Is it possible to have the SM signature either as a header or directly
    >> beneath your response, assuming the response is on top of the previous
    >> mail or quotes. Currently the signature is placed at the very bottom of
    >> the quotes. I hope thats clear enough. Thanks in advance.

    >
    > A valid signature begins with a line that has "-- " (dash dash space) by
    > itself. See my signature in this reply. This is per Section 4.3 of RFC
    > 3676.
    >
    > Many E-mail applications and newsreaders remove the signature from a
    > message when quoting it in a reply or forward. Since there is no
    > indicator for the end of a signature, everything from the "-- " to the
    > end of the quoted message is deleted.
    >
    > Thus, if your signature appears immediately below your response and
    > above the quoted message to which you are responding, further responses
    > will remove what is quoted in your response. To prevent this loss of
    > prior quoted messages, your signature goes at the very end.
    >

    Appreciate your help, did not know this.

  7. Re: Signature as Header

    NoOp wrote:
    > On 09/06/2007 12:43 PM, Richard wrote:
    >> Peter Potamus the Purple Hippo wrote:

    >
    >>> Remember, when you have the sig at the bottom of the message, then you
    >>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>> replies, the sig file is removed. If you place the sig file anywhere
    >>> else, for example, if your messages is on top, then the sig is above the
    >>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>> confusing, cause it looks like its part of the message, unless you make
    >>> it a different color, and you can do that by creating your sig in html
    >>> formating.
    >>>

    >> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >> at the beginning of my email or immediately after it, if the string is
    >> long, it gets planted at the very bottom of all that, where they just
    >> appear to just accumulate, and is never really seen, is there another
    >> way of doing this ?.

    >
    > Looks as if you're looking for an actual header vs a .sig. If that is
    > the case then just create a template email with the header at the top.

    Explain please

  8. Re: Signature as Header

    On 09/06/2007 12:58 PM, Richard wrote:
    > NoOp wrote:
    >> On 09/06/2007 12:43 PM, Richard wrote:
    >>> Peter Potamus the Purple Hippo wrote:

    >>
    >>>> Remember, when you have the sig at the bottom of the message, then you
    >>>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>>> replies, the sig file is removed. If you place the sig file anywhere
    >>>> else, for example, if your messages is on top, then the sig is above the
    >>>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>>> confusing, cause it looks like its part of the message, unless you make
    >>>> it a different color, and you can do that by creating your sig in html
    >>>> formating.
    >>>>
    >>> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >>> at the beginning of my email or immediately after it, if the string is
    >>> long, it gets planted at the very bottom of all that, where they just
    >>> appear to just accumulate, and is never really seen, is there another
    >>> way of doing this ?.

    >>
    >> Looks as if you're looking for an actual header vs a .sig. If that is
    >> the case then just create a template email with the header at the top.

    > Explain please


    Help (F1)|Search Templates

    Basically, what you do is create an email to how you want it to appear,
    then save it as a template. The next time to get ready to send an email,
    go to your Templates folder, double click on the template, and that
    template will come up. You can then add your msg etc., and send just the
    same as an standard 'compose' email.


  9. Re: Signature as Header

    NoOp wrote:
    > On 09/06/2007 12:58 PM, Richard wrote:
    >> NoOp wrote:
    >>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>> Peter Potamus the Purple Hippo wrote:
    >>>>> Remember, when you have the sig at the bottom of the message, then you
    >>>>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>>>> replies, the sig file is removed. If you place the sig file anywhere
    >>>>> else, for example, if your messages is on top, then the sig is above the
    >>>>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>>>> confusing, cause it looks like its part of the message, unless you make
    >>>>> it a different color, and you can do that by creating your sig in html
    >>>>> formating.
    >>>>>
    >>>> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >>>> at the beginning of my email or immediately after it, if the string is
    >>>> long, it gets planted at the very bottom of all that, where they just
    >>>> appear to just accumulate, and is never really seen, is there another
    >>>> way of doing this ?.
    >>> Looks as if you're looking for an actual header vs a .sig. If that is
    >>> the case then just create a template email with the header at the top.

    >> Explain please

    >
    > Help (F1)|Search Templates
    >
    > Basically, what you do is create an email to how you want it to appear,
    > then save it as a template. The next time to get ready to send an email,
    > go to your Templates folder, double click on the template, and that
    > template will come up. You can then add your msg etc., and send just the
    > same as an standard 'compose' email.
    >

    Thanks NoOp, for your help, Ive tried that, but its not really dynamic
    enough,and you loose the use of the "signature" altogether, unless you
    change the "from mail" address and then go back to the original, then
    the signature pops back.

    Is it not possible for a header to be introduced automatically, mail I
    receive from some of my principals seem to be able to do this, our
    Industry really does require in your face disclaimers.

  10. Re: Signature as Header

    On 9/6/2007 11:14 PM, Richard wrote:
    > NoOp wrote:
    >> On 09/06/2007 12:58 PM, Richard wrote:
    >>> NoOp wrote:
    >>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>> Peter Potamus the Purple Hippo wrote:
    >>>>>> Remember, when you have the sig at the bottom of the message, then you
    >>>>>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>>>>> replies, the sig file is removed. If you place the sig file anywhere
    >>>>>> else, for example, if your messages is on top, then the sig is above the
    >>>>>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>>>>> confusing, cause it looks like its part of the message, unless you make
    >>>>>> it a different color, and you can do that by creating your sig in html
    >>>>>> formating.
    >>>>>>
    >>>>> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >>>>> at the beginning of my email or immediately after it, if the string is
    >>>>> long, it gets planted at the very bottom of all that, where they just
    >>>>> appear to just accumulate, and is never really seen, is there another
    >>>>> way of doing this ?.
    >>>> Looks as if you're looking for an actual header vs a .sig. If that is
    >>>> the case then just create a template email with the header at the top.
    >>> Explain please

    >> Help (F1)|Search Templates
    >>
    >> Basically, what you do is create an email to how you want it to appear,
    >> then save it as a template. The next time to get ready to send an email,
    >> go to your Templates folder, double click on the template, and that
    >> template will come up. You can then add your msg etc., and send just the
    >> same as an standard 'compose' email.
    >>

    > Thanks NoOp, for your help, Ive tried that, but its not really dynamic
    > enough,and you loose the use of the "signature" altogether, unless you
    > change the "from mail" address and then go back to the original, then
    > the signature pops back.
    >
    > Is it not possible for a header to be introduced automatically, mail I
    > receive from some of my principals seem to be able to do this, our
    > Industry really does require in your face disclaimers.


    Is your disclaimer something like what I quote below?

    > CONFIDENTIALLY NOTICE: This e-mail communication
    > and any attachments may contain confidential and
    > privileged information for the use of the designated
    > recipients named above. Any unauthorized review,
    > use, disclosure or distribution is prohibited. If
    > you are not the intended recipient, please contact
    > the sender by reply e-mail and destroy all copies
    > of the original message.


    This is worthless and cannot be enforced. If you accidentally send me a
    message intended for someone else, that's your fault and your problem,
    not mine. Messages that are confidential should be encrypted to the
    recipient's public key for decryption by the recipient's private key.

    --

    David E. Ross
    .

    Anyone who thinks government owns a monopoly on inefficient, obstructive
    bureaucracy has obviously never worked for a large corporation. 1997

  11. Re: Signature as Header

    David E. Ross wrote:
    > On 9/6/2007 11:14 PM, Richard wrote:
    >> NoOp wrote:
    >>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>> NoOp wrote:
    >>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>> Peter Potamus the Purple Hippo wrote:
    >>>>>>> Remember, when you have the sig at the bottom of the message, then you
    >>>>>>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>>>>>> replies, the sig file is removed. If you place the sig file anywhere
    >>>>>>> else, for example, if your messages is on top, then the sig is above the
    >>>>>>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>>>>>> confusing, cause it looks like its part of the message, unless you make
    >>>>>>> it a different color, and you can do that by creating your sig in html
    >>>>>>> formating.
    >>>>>>>
    >>>>>> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >>>>>> at the beginning of my email or immediately after it, if the string is
    >>>>>> long, it gets planted at the very bottom of all that, where they just
    >>>>>> appear to just accumulate, and is never really seen, is there another
    >>>>>> way of doing this ?.
    >>>>> Looks as if you're looking for an actual header vs a .sig. If that is
    >>>>> the case then just create a template email with the header at the top.
    >>>> Explain please
    >>> Help (F1)|Search Templates
    >>>
    >>> Basically, what you do is create an email to how you want it to appear,
    >>> then save it as a template. The next time to get ready to send an email,
    >>> go to your Templates folder, double click on the template, and that
    >>> template will come up. You can then add your msg etc., and send just the
    >>> same as an standard 'compose' email.
    >>>

    >> Thanks NoOp, for your help, Ive tried that, but its not really dynamic
    >> enough,and you loose the use of the "signature" altogether, unless you
    >> change the "from mail" address and then go back to the original, then
    >> the signature pops back.
    >>
    >> Is it not possible for a header to be introduced automatically, mail I
    >> receive from some of my principals seem to be able to do this, our
    >> Industry really does require in your face disclaimers.

    >
    > Is your disclaimer something like what I quote below?
    >
    >> CONFIDENTIALLY NOTICE: This e-mail communication
    >> and any attachments may contain confidential and
    >> privileged information for the use of the designated
    >> recipients named above. Any unauthorized review,
    >> use, disclosure or distribution is prohibited. If
    >> you are not the intended recipient, please contact
    >> the sender by reply e-mail and destroy all copies
    >> of the original message.

    >
    > This is worthless and cannot be enforced. If you accidentally send me a
    > message intended for someone else, that's your fault and your problem,
    > not mine. Messages that are confidential should be encrypted to the
    > recipient's public key for decryption by the recipient's private key.
    >

    You are assuming I come from the same Country as you ? In what country
    is this worthless ? in my Country, it certainly is not worthless.

    Further, it is not primarily designed for the wrong recipient, but
    rather the unauthorised forwarding of a mail intended for a particular
    person or company.

    So tell me, what do you suggest ?, how do these people get these headers.

  12. Re: Signature as Header

    On 09/07/2007 08:50 AM, Richard wrote:
    > David E. Ross wrote:

    [snip]
    >>
    >> Is your disclaimer something like what I quote below?
    >>
    >>> CONFIDENTIALLY NOTICE: This e-mail communication
    >>> and any attachments may contain confidential and
    >>> privileged information for the use of the designated
    >>> recipients named above. Any unauthorized review,
    >>> use, disclosure or distribution is prohibited. If
    >>> you are not the intended recipient, please contact
    >>> the sender by reply e-mail and destroy all copies
    >>> of the original message.

    >>
    >> This is worthless and cannot be enforced. If you accidentally send me a
    >> message intended for someone else, that's your fault and your problem,
    >> not mine. Messages that are confidential should be encrypted to the
    >> recipient's public key for decryption by the recipient's private key.
    >>

    > You are assuming I come from the same Country as you ? In what country
    > is this worthless ? in my Country, it certainly is not worthless.
    >
    > Further, it is not primarily designed for the wrong recipient, but
    > rather the unauthorised forwarding of a mail intended for a particular
    > person or company.
    >
    > So tell me, what do you suggest ?, how do these people get these headers.


    The sig is nothing more than a text file. So, you can add the notice &
    your -- sig at the bottom. Create a text file something along
    the lines of:

    CONFIDENTIALLY NOTICE: This e-mail communication
    and any attachments may contain confidential and
    privileged information for the use of the designated
    recipients named above. Any unauthorized review,
    use, disclosure or distribution is prohibited. If
    you are not the intended recipient, please contact
    the sender by reply e-mail and destroy all copies
    of the original message.

    --
    This is my clever sig w/contact info

    Then tell SM to use that file for your sig. Edit|Mail & Newsgroup
    Account Settings|Account|Attach this signature:|path to text file.

    The notice will show up as standard text in the message. Anything below
    the -- (replacing with a proper space of course) will
    show as a proper .sig.

    However, I have to agree with David; those notices are pretty 1)
    annoying, and 2) worthless in most cases. I've yet to see a case in any
    country where someone was procecuted (civil or criminal) for
    'unauthorized review' etc. of an email with such a disclaimer. But
    that's for some other newsgroup... :-)






  13. Re: Signature as Header

    On 9/7/2007 8:50 AM, Richard wrote:
    > David E. Ross wrote:
    >> On 9/6/2007 11:14 PM, Richard wrote:
    >>> NoOp wrote:
    >>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>> NoOp wrote:
    >>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>> Peter Potamus the Purple Hippo wrote:
    >>>>>>>> Remember, when you have the sig at the bottom of the message, then you
    >>>>>>>> get the sig delimiter which is dash dash space [-- ]. When someone
    >>>>>>>> replies, the sig file is removed. If you place the sig file anywhere
    >>>>>>>> else, for example, if your messages is on top, then the sig is above the
    >>>>>>>> quote, the delimiter is NOT there, and sometimes the sig can be
    >>>>>>>> confusing, cause it looks like its part of the message, unless you make
    >>>>>>>> it a different color, and you can do that by creating your sig in html
    >>>>>>>> formating.
    >>>>>>>>
    >>>>>>> Hmmm... thanks for that, OK.. what I really want, is to put a disclaimer
    >>>>>>> at the beginning of my email or immediately after it, if the string is
    >>>>>>> long, it gets planted at the very bottom of all that, where they just
    >>>>>>> appear to just accumulate, and is never really seen, is there another
    >>>>>>> way of doing this ?.
    >>>>>> Looks as if you're looking for an actual header vs a .sig. If that is
    >>>>>> the case then just create a template email with the header at the top.
    >>>>> Explain please
    >>>> Help (F1)|Search Templates
    >>>>
    >>>> Basically, what you do is create an email to how you want it to appear,
    >>>> then save it as a template. The next time to get ready to send an email,
    >>>> go to your Templates folder, double click on the template, and that
    >>>> template will come up. You can then add your msg etc., and send just the
    >>>> same as an standard 'compose' email.
    >>>>
    >>> Thanks NoOp, for your help, Ive tried that, but its not really dynamic
    >>> enough,and you loose the use of the "signature" altogether, unless you
    >>> change the "from mail" address and then go back to the original, then
    >>> the signature pops back.
    >>>
    >>> Is it not possible for a header to be introduced automatically, mail I
    >>> receive from some of my principals seem to be able to do this, our
    >>> Industry really does require in your face disclaimers.

    >> Is your disclaimer something like what I quote below?
    >>
    >>> CONFIDENTIALLY NOTICE: This e-mail communication
    >>> and any attachments may contain confidential and
    >>> privileged information for the use of the designated
    >>> recipients named above. Any unauthorized review,
    >>> use, disclosure or distribution is prohibited. If
    >>> you are not the intended recipient, please contact
    >>> the sender by reply e-mail and destroy all copies
    >>> of the original message.

    >> This is worthless and cannot be enforced. If you accidentally send me a
    >> message intended for someone else, that's your fault and your problem,
    >> not mine. Messages that are confidential should be encrypted to the
    >> recipient's public key for decryption by the recipient's private key.
    >>

    > You are assuming I come from the same Country as you ? In what country
    > is this worthless ? in my Country, it certainly is not worthless.
    >
    > Further, it is not primarily designed for the wrong recipient, but
    > rather the unauthorised forwarding of a mail intended for a particular
    > person or company.
    >
    > So tell me, what do you suggest ?, how do these people get these headers.


    I'm in the U.S. (California, where the official state hobby is "sue the
    SOB").

    You may put the disclaimer in your signature. Obviously, the recipient
    should not be forwarding the message. Thus, whether the disclaimer gets
    stripped is not important.

    You might "tone down" the disclaimer. Instead, REQUEST recipients not
    to forward or otherwise disseminate the message. And REQUEST recipients
    to notify you if they receive such a message actually intended for
    someone else.

    However, I stand by my prior comments:

    (1) A confidential message should be encrypted via some form of public
    key infrastructure (PKI) where only the intended recipient (and also the
    sender, of course) can decrypt the message. I prefer OpenPGP encryption
    (e.g., PGP or GPG), but there are other PKI systems.

    (2) If you send me a confidential hardcopy letter via postal mail and
    the letter was actually intended for someone else, I now possess it.
    You have no claim to it. You might have copyrighted the content, in
    which case I cannot commercially publish it. But I can indeed show it
    to my neighbor, no matter how many times you stamped "Confidential" on
    it or what disclaimer it contains. An E-mail message sent to the wrong
    addressee is not much different. (Thus, reread #1.)

    --

    David E. Ross
    .

    Anyone who thinks government owns a monopoly on inefficient, obstructive
    bureaucracy has obviously never worked for a large corporation. 1997

  14. Re: Signature as Header

    David E. Ross wrote:
    > On 9/7/2007 8:50 AM, Richard wrote:
    >> David E. Ross wrote:
    >>> On 9/6/2007 11:14 PM, Richard wrote:
    >>>> NoOp wrote:
    >>>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>>> NoOp wrote:
    >>>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>>> Peter Potamus the Purple Hippo wrote:




    > However, I stand by my prior comments:
    >
    > (1) A confidential message should be encrypted via some form of public
    > key infrastructure (PKI) where only the intended recipient (and also the
    > sender, of course) can decrypt the message. I prefer OpenPGP encryption
    > (e.g., PGP or GPG), but there are other PKI systems.
    >




    David, the idea of encrypting messages intrigues me.

    For it to work, you and I must have the same key/s so we can decrypt
    messages we send each other, but this means we use the same key forever
    and a day (giving the baddies plenty of time to break the code), or we
    regularly change the key, giving the baddies the possibility to collect
    the code and, therefore, be able to decrypt our secret messages.

    When I was in the Army, they used to use three levels of encryption, a
    daily code, a monthly code and an annual code. Messages were encrypted
    using the daily code. Then, every day, the monthly code would be used to
    distribute the new daily code. And, each month, the annual code would be
    used to distribute the new monthly code. Because the Annual and Monthly
    codes were used so infrequently, and were mixed up in amongst normal
    traffic, the chances of them being detected and broken were fairly slim.
    The Annual Code would be changed when the remote sites were visited for
    maintenance/repair purposes.

    Don't see this type of arrangement being possible in a public environment.

    Just my opinion.

    Daniel

  15. Re: Signature as Header

    On 09/07/2007 08:15 PM, Daniel wrote:

    >
    > David, the idea of encrypting messages intrigues me.
    >
    > For it to work, you and I must have the same key/s so we can decrypt
    > messages we send each other, but this means we use the same key forever
    > and a day (giving the baddies plenty of time to break the code), or we
    > regularly change the key, giving the baddies the possibility to collect
    > the code and, therefore, be able to decrypt our secret messages.
    >
    > When I was in the Army, they used to use three levels of encryption, a
    > daily code, a monthly code and an annual code. Messages were encrypted
    > using the daily code. Then, every day, the monthly code would be used to
    > distribute the new daily code. And, each month, the annual code would be
    > used to distribute the new monthly code. Because the Annual and Monthly
    > codes were used so infrequently, and were mixed up in amongst normal
    > traffic, the chances of them being detected and broken were fairly slim.
    > The Annual Code would be changed when the remote sites were visited for
    > maintenance/repair purposes.
    >
    > Don't see this type of arrangement being possible in a public environment.
    >
    > Just my opinion.
    >
    > Daniel


    Encryption has come a long way... google on pgp, gpg, public keys, etc.

    This should get you started:
    http://en.wikipedia.org/wiki/Public-key_cryptography

    Gary
    --
    who's specialty *was* voice (ciphony) & data encryption for the US Army
    & many other government agencies quite a long time ago...

  16. Re: Signature as Header

    On 9/7/2007 8:15 PM, Daniel wrote:
    > David E. Ross wrote:
    >> On 9/7/2007 8:50 AM, Richard wrote:
    >>> David E. Ross wrote:
    >>>> On 9/6/2007 11:14 PM, Richard wrote:
    >>>>> NoOp wrote:
    >>>>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>>>> NoOp wrote:
    >>>>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>>>> Peter Potamus the Purple Hippo wrote:

    >
    >
    >
    >> However, I stand by my prior comments:
    >>
    >> (1) A confidential message should be encrypted via some form of public
    >> key infrastructure (PKI) where only the intended recipient (and also the
    >> sender, of course) can decrypt the message. I prefer OpenPGP encryption
    >> (e.g., PGP or GPG), but there are other PKI systems.
    >>

    >
    >
    >
    > David, the idea of encrypting messages intrigues me.
    >
    > For it to work, you and I must have the same key/s so we can decrypt
    > messages we send each other, but this means we use the same key forever
    > and a day (giving the baddies plenty of time to break the code), or we
    > regularly change the key, giving the baddies the possibility to collect
    > the code and, therefore, be able to decrypt our secret messages.
    >
    > When I was in the Army, they used to use three levels of encryption, a
    > daily code, a monthly code and an annual code. Messages were encrypted
    > using the daily code. Then, every day, the monthly code would be used to
    > distribute the new daily code. And, each month, the annual code would be
    > used to distribute the new monthly code. Because the Annual and Monthly
    > codes were used so infrequently, and were mixed up in amongst normal
    > traffic, the chances of them being detected and broken were fairly slim.
    > The Annual Code would be changed when the remote sites were visited for
    > maintenance/repair purposes.
    >
    > Don't see this type of arrangement being possible in a public environment.
    >
    > Just my opinion.
    >
    > Daniel


    Public key encryption means that you have two keys: one public and one
    private. You publish the public key -- put it on your Web page, attach
    it to an E-mail message, upload it to a public key server. You don't
    care if the bad guys have it. It can be used only to encrypt something
    to send to you; it can't be used to decrypt what it has encrypted. You
    use your private key -- kept truly private and secure -- to do the
    decryption.

    You get the public key of the person to whom you are sending a
    confidential message. This too is obtained from his Web page, an
    attachment to an E-mail message he sends you, a public key server, etc.
    Again, neither of you care if the bad guys also get it. You use it to
    encrypt a message to that other person. Having done so, you cannot
    decrypt that message unless, at the same time, you also encrypted it to
    your own public key. Each of you then uses your own private key to
    decrypt the message.

    See my for a layman's detailed description.

    --

    David E. Ross
    .

    Anyone who thinks government owns a monopoly on inefficient, obstructive
    bureaucracy has obviously never worked for a large corporation. 1997

  17. Re: Signature as Header

    David E. Ross wrote:
    > On 9/7/2007 8:15 PM, Daniel wrote:
    >> David E. Ross wrote:
    >>> On 9/7/2007 8:50 AM, Richard wrote:
    >>>> David E. Ross wrote:
    >>>>> On 9/6/2007 11:14 PM, Richard wrote:
    >>>>>> NoOp wrote:
    >>>>>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>>>>> NoOp wrote:
    >>>>>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>>>>> Peter Potamus the Purple Hippo wrote:

    >>
    >>
    >>> However, I stand by my prior comments:
    >>>
    >>> (1) A confidential message should be encrypted via some form of public
    >>> key infrastructure (PKI) where only the intended recipient (and also the
    >>> sender, of course) can decrypt the message. I prefer OpenPGP encryption
    >>> (e.g., PGP or GPG), but there are other PKI systems.
    >>>

    >>
    >>
    >> David, the idea of encrypting messages intrigues me.
    >>
    >> For it to work, you and I must have the same key/s so we can decrypt
    >> messages we send each other, but this means we use the same key forever
    >> and a day (giving the baddies plenty of time to break the code), or we
    >> regularly change the key, giving the baddies the possibility to collect
    >> the code and, therefore, be able to decrypt our secret messages.
    >>
    >> When I was in the Army, they used to use three levels of encryption, a
    >> daily code, a monthly code and an annual code. Messages were encrypted
    >> using the daily code. Then, every day, the monthly code would be used to
    >> distribute the new daily code. And, each month, the annual code would be
    >> used to distribute the new monthly code. Because the Annual and Monthly
    >> codes were used so infrequently, and were mixed up in amongst normal
    >> traffic, the chances of them being detected and broken were fairly slim.
    >> The Annual Code would be changed when the remote sites were visited for
    >> maintenance/repair purposes.
    >>
    >> Don't see this type of arrangement being possible in a public environment.
    >>
    >> Just my opinion.
    >>
    >> Daniel

    >
    > Public key encryption means that you have two keys: one public and one
    > private. You publish the public key -- put it on your Web page, attach
    > it to an E-mail message, upload it to a public key server. You don't
    > care if the bad guys have it. It can be used only to encrypt something
    > to send to you; it can't be used to decrypt what it has encrypted. You
    > use your private key -- kept truly private and secure -- to do the
    > decryption.
    >
    > You get the public key of the person to whom you are sending a
    > confidential message. This too is obtained from his Web page, an
    > attachment to an E-mail message he sends you, a public key server, etc.
    > Again, neither of you care if the bad guys also get it. You use it to
    > encrypt a message to that other person. Having done so, you cannot
    > decrypt that message unless, at the same time, you also encrypted it to
    > your own public key. Each of you then uses your own private key to
    > decrypt the message.
    >
    > See my for a layman's detailed description.
    >


    Ross, I've just had a very quick look at your PGP page, and, so,
    probably not done it justice. Short on for time!

    Just seems to me, if I were to encrypt this message using a forty bit
    code, a one hundred and twenty eight bit code, whatever, (my personal
    key) for you to be able to read it, you must have the appropriate
    decrypt cypher. I could publish this decrypt (public) key, then you, the
    baddies, whomever can get the code, decrypt my message to you, so whats
    the use.

    Perhaps with more reading of your page, my opinion may change but I'm
    not holding my breath.

    Daniel

  18. Re: Signature as Header

    David E. Ross wrote:
    > On 9/9/2007 3:23 AM, Daniel wrote:
    >> David E. Ross wrote:
    >>> On 9/7/2007 8:15 PM, Daniel wrote:
    >>>> David E. Ross wrote:
    >>>>> On 9/7/2007 8:50 AM, Richard wrote:
    >>>>>> David E. Ross wrote:
    >>>>>>> On 9/6/2007 11:14 PM, Richard wrote:
    >>>>>>>> NoOp wrote:
    >>>>>>>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>>>>>>> NoOp wrote:
    >>>>>>>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>>>>>>> Peter Potamus the Purple Hippo wrote:
    >>>>
    >>>>
    >>>>> However, I stand by my prior comments:
    >>>>>
    >>>>> (1) A confidential message should be encrypted via some form of public
    >>>>> key infrastructure (PKI) where only the intended recipient (and also the
    >>>>> sender, of course) can decrypt the message. I prefer OpenPGP encryption
    >>>>> (e.g., PGP or GPG), but there are other PKI systems.
    >>>>>
    >>>>
    >>>>
    >>>> David, the idea of encrypting messages intrigues me.
    >>>>
    >>>> For it to work, you and I must have the same key/s so we can decrypt
    >>>> messages we send each other, but this means we use the same key forever
    >>>> and a day (giving the baddies plenty of time to break the code), or we
    >>>> regularly change the key, giving the baddies the possibility to collect
    >>>> the code and, therefore, be able to decrypt our secret messages.
    >>>>
    >>>> When I was in the Army, they used to use three levels of encryption, a
    >>>> daily code, a monthly code and an annual code. Messages were encrypted
    >>>> using the daily code. Then, every day, the monthly code would be used to
    >>>> distribute the new daily code. And, each month, the annual code would be
    >>>> used to distribute the new monthly code. Because the Annual and Monthly
    >>>> codes were used so infrequently, and were mixed up in amongst normal
    >>>> traffic, the chances of them being detected and broken were fairly slim.
    >>>> The Annual Code would be changed when the remote sites were visited for
    >>>> maintenance/repair purposes.
    >>>>
    >>>> Don't see this type of arrangement being possible in a public environment.
    >>>>
    >>>> Just my opinion.
    >>>>
    >>>> Daniel
    >>> Public key encryption means that you have two keys: one public and one
    >>> private. You publish the public key -- put it on your Web page, attach
    >>> it to an E-mail message, upload it to a public key server. You don't
    >>> care if the bad guys have it. It can be used only to encrypt something
    >>> to send to you; it can't be used to decrypt what it has encrypted. You
    >>> use your private key -- kept truly private and secure -- to do the
    >>> decryption.
    >>>
    >>> You get the public key of the person to whom you are sending a
    >>> confidential message. This too is obtained from his Web page, an
    >>> attachment to an E-mail message he sends you, a public key server, etc.
    >>> Again, neither of you care if the bad guys also get it. You use it to
    >>> encrypt a message to that other person. Having done so, you cannot
    >>> decrypt that message unless, at the same time, you also encrypted it to
    >>> your own public key. Each of you then uses your own private key to
    >>> decrypt the message.
    >>>
    >>> See my for a layman's detailed description.
    >>>

    >> Ross, I've just had a very quick look at your PGP page, and, so,
    >> probably not done it justice. Short on for time!
    >>
    >> Just seems to me, if I were to encrypt this message using a forty bit
    >> code, a one hundred and twenty eight bit code, whatever, (my personal
    >> key) for you to be able to read it, you must have the appropriate
    >> decrypt cypher. I could publish this decrypt (public) key, then you, the
    >> baddies, whomever can get the code, decrypt my message to you, so whats
    >> the use.
    >>
    >> Perhaps with more reading of your page, my opinion may change but I'm
    >> not holding my breath.
    >>
    >> Daniel

    >
    > No, that is not how it works.
    >
    > You want to send an encrypted message to Betty. You use her public key.
    > It's PUBLIC. Neither you nor Betty care if the bad guys have that key
    > because it can be used only to encrypt, not to decrypt.
    >
    > Betty receives your message. She uses a combination of her private key
    > and her passphrase (like a password but longer, perhaps with spaces and
    > punctuation) to decrypt the message. Her PRIVATE key is indeed private;
    > no one else -- not even you -- has it. Her passphrase should exist only
    > in her head and is not communicated to anyone.
    >
    > For Betty to send you a confidential reply, she uses your PUBLIC key.
    > You must then use your own private key and your own passphrase.
    >
    > This is called public key/private key or asymmetric encryption. Note
    > that my own public keys (I use two) are on my Web site at
    > . I won't tell you where my
    > private keys are or the file name under which they exist.
    >
    > For more details, see .
    >


    Nope! Lets give up, Ross, but thanks for trying.

    Daniel

  19. Re: Signature as Header

    Daniel wrote:
    > David E. Ross wrote:
    >> On 9/9/2007 3:23 AM, Daniel wrote:
    >>> David E. Ross wrote:
    >>>> On 9/7/2007 8:15 PM, Daniel wrote:
    >>>>> David E. Ross wrote:
    >>>>>> On 9/7/2007 8:50 AM, Richard wrote:
    >>>>>>> David E. Ross wrote:
    >>>>>>>> On 9/6/2007 11:14 PM, Richard wrote:
    >>>>>>>>> NoOp wrote:
    >>>>>>>>>> On 09/06/2007 12:58 PM, Richard wrote:
    >>>>>>>>>>> NoOp wrote:
    >>>>>>>>>>>> On 09/06/2007 12:43 PM, Richard wrote:
    >>>>>>>>>>>>> Peter Potamus the Purple Hippo wrote:
    >>>>>
    >>>>>
    >>>>>> However, I stand by my prior comments:
    >>>>>>
    >>>>>> (1) A confidential message should be encrypted via some form of
    >>>>>> public
    >>>>>> key infrastructure (PKI) where only the intended recipient (and
    >>>>>> also the
    >>>>>> sender, of course) can decrypt the message. I prefer OpenPGP
    >>>>>> encryption
    >>>>>> (e.g., PGP or GPG), but there are other PKI systems.
    >>>>>>
    >>>>>
    >>>>>
    >>>>> David, the idea of encrypting messages intrigues me.
    >>>>>
    >>>>> For it to work, you and I must have the same key/s so we can
    >>>>> decrypt messages we send each other, but this means we use the same
    >>>>> key forever and a day (giving the baddies plenty of time to break
    >>>>> the code), or we regularly change the key, giving the baddies the
    >>>>> possibility to collect the code and, therefore, be able to decrypt
    >>>>> our secret messages.
    >>>>>
    >>>>> When I was in the Army, they used to use three levels of
    >>>>> encryption, a daily code, a monthly code and an annual code.
    >>>>> Messages were encrypted using the daily code. Then, every day, the
    >>>>> monthly code would be used to distribute the new daily code. And,
    >>>>> each month, the annual code would be used to distribute the new
    >>>>> monthly code. Because the Annual and Monthly codes were used so
    >>>>> infrequently, and were mixed up in amongst normal traffic, the
    >>>>> chances of them being detected and broken were fairly slim. The
    >>>>> Annual Code would be changed when the remote sites were visited for
    >>>>> maintenance/repair purposes.
    >>>>>
    >>>>> Don't see this type of arrangement being possible in a public
    >>>>> environment.
    >>>>>
    >>>>> Just my opinion.
    >>>>>
    >>>>> Daniel
    >>>> Public key encryption means that you have two keys: one public and one
    >>>> private. You publish the public key -- put it on your Web page, attach
    >>>> it to an E-mail message, upload it to a public key server. You don't
    >>>> care if the bad guys have it. It can be used only to encrypt something
    >>>> to send to you; it can't be used to decrypt what it has encrypted. You
    >>>> use your private key -- kept truly private and secure -- to do the
    >>>> decryption.
    >>>>
    >>>> You get the public key of the person to whom you are sending a
    >>>> confidential message. This too is obtained from his Web page, an
    >>>> attachment to an E-mail message he sends you, a public key server, etc.
    >>>> Again, neither of you care if the bad guys also get it. You use it to
    >>>> encrypt a message to that other person. Having done so, you cannot
    >>>> decrypt that message unless, at the same time, you also encrypted it to
    >>>> your own public key. Each of you then uses your own private key to
    >>>> decrypt the message.
    >>>>
    >>>> See my for a layman's detailed
    >>>> description.
    >>>>
    >>> Ross, I've just had a very quick look at your PGP page, and, so,
    >>> probably not done it justice. Short on for time!
    >>>
    >>> Just seems to me, if I were to encrypt this message using a forty bit
    >>> code, a one hundred and twenty eight bit code, whatever, (my personal
    >>> key) for you to be able to read it, you must have the appropriate
    >>> decrypt cypher. I could publish this decrypt (public) key, then you,
    >>> the baddies, whomever can get the code, decrypt my message to you, so
    >>> whats the use.
    >>>
    >>> Perhaps with more reading of your page, my opinion may change but I'm
    >>> not holding my breath.
    >>>
    >>> Daniel

    >>
    >> No, that is not how it works.
    >>
    >> You want to send an encrypted message to Betty. You use her public key.
    >> It's PUBLIC. Neither you nor Betty care if the bad guys have that key
    >> because it can be used only to encrypt, not to decrypt.
    >>
    >> Betty receives your message. She uses a combination of her private key
    >> and her passphrase (like a password but longer, perhaps with spaces and
    >> punctuation) to decrypt the message. Her PRIVATE key is indeed private;
    >> no one else -- not even you -- has it. Her passphrase should exist only
    >> in her head and is not communicated to anyone.
    >>
    >> For Betty to send you a confidential reply, she uses your PUBLIC key.
    >> You must then use your own private key and your own passphrase.
    >>
    >> This is called public key/private key or asymmetric encryption. Note
    >> that my own public keys (I use two) are on my Web site at
    >> . I won't tell you where my
    >> private keys are or the file name under which they exist.
    >>
    >> For more details, see .
    >>

    >
    > Nope! Lets give up, Ross, but thanks for trying.
    >
    > Daniel


    and sorry, I am talking to David (First name) not Ross (Family name).

    Daniel

  20. Re: Signature as Header

    Daniel wrote:
    > David E. Ross wrote:


    >> You want to send an encrypted message to Betty. You use her public key.
    >> It's PUBLIC. Neither you nor Betty care if the bad guys have that key
    >> because it can be used only to encrypt, not to decrypt.
    >>
    >> Betty receives your message. She uses a combination of her private key
    >> and her passphrase (like a password but longer, perhaps with spaces and
    >> punctuation) to decrypt the message. Her PRIVATE key is indeed private;
    >> no one else -- not even you -- has it. Her passphrase should exist only
    >> in her head and is not communicated to anyone.
    >>
    >> For Betty to send you a confidential reply, she uses your PUBLIC key.
    >> You must then use your own private key and your own passphrase.
    >>
    >> This is called public key/private key or asymmetric encryption. Note
    >> that my own public keys (I use two) are on my Web site at
    >> . I won't tell you where my
    >> private keys are or the file name under which they exist.
    >>
    >> For more details, see .

    >
    > Nope! Lets give up, Ross, but thanks for trying.


    Daniel, Despite your dismissive response, the system of public keys that
    David described is essentially the system used by the US government for
    transmission of all encrypted email, including classified. David described
    PGP, but a similar (equivalent) system, known as Secure MIME (S/MIME) is
    what the government uses, and it's implemented in mozilla email clients such
    as Thunderbird and SeaMonkey today (has been for about 8 years).

    Lots of US military folks use mozilla email clients for their daily work.
    The crypto in those mozilla clients is formally approved by the US government
    for those purposes. It's also found in Microsoft Outlook and Outlook Express,
    if I'm not mistaken, so it's available on virtually every desktop today.

    The system you described, with shared keys good for a day, or a week, or
    a month, while very old, is also very weak due to its shared nature.
    Modern public key systems don't share those weaknesses.
    I encourage you to find out more about them and about S/MIME.
    I think S/MIME could be part of the solution you seek.

    /Nelson


+ Reply to Thread
Page 1 of 2 1 2 LastLast