[messaging] On Signed-Only Mails
Bjarni Runar Einarsson
bre at pagekite.net
Wed Dec 7 15:55:02 PST 2016
-----BEGIN PGP SIGNED MESSAGE-----
Robert Obryk <robryk at gmail.com> wrote:
> On Wed, Dec 7, 2016 at 8:36 PM, Bjarni Runar Einarsson
> <bre at pagekite.net> wrote:
> > Signatures don't just prove that the content is authentic, in
> > practice they also work in the other direction - associating
> > content and online identity with the signing key.
> Why attaching your public key to every e-mail you send doesn't
> serve this purpose in the same degree? Note that if someone was
> in a position to tamper with the attached public key, they
> could have also tampered with the signature by replacing it
> with a signature signed by a key they control.
If the software automatically attaches your public key to every
single outgoing message, you will soon stop using the software
because the recipients of your mail will be confused and angry.
It's as simple as that.
There are other reasons, but that one is sufficient. Usability
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
More information about the Messaging