[messaging] On Signed-Only Mails

Trevor Perrin trevp at trevp.net
Sat Dec 3 09:35:23 PST 2016


On Sat, Dec 3, 2016 at 8:52 AM, Daniel McCarney <daniel at binaryparadox.net>
wrote:

>
> On 29/11, Vincent Breitmoser wrote:
>
>> In short, my conclusion so far is that signed-only mails are very rarely
>> useful, they are holding OpenPGP back as a solution for encrypted e-mail,
>> and in the interest of usability we should not roll them out in email
>> crypto solutions on equal terms with encryption.
>>
>
> [...]
> It does seem like other parts of the community haven't reached the same
> conclusion. In particular I noticed today that the "Much easier Email
> Crypto, by fetching pubkey via HTTPS" proposal[0] from the GnuPG folks will
> by-default will sign all outgoing mail as a signalling mechanism:
>


[0] https://wiki.gnupg.org/WKD

AFAICT the purpose of signed-only emails in [0] is only to signal OpenPGP
support to recipients, who would look up the sender's public key through
some other mechanism.  So the signature doesn't seem important, there?


Trevor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20161203/8fcb630f/attachment.html>


More information about the Messaging mailing list