[messaging] On Signed-Only Mails
Daniel McCarney
daniel at binaryparadox.net
Sat Dec 3 08:52:15 PST 2016
Hi Vincent,
On 29/11, Vincent Breitmoser wrote:
>In short, my conclusion so far is that signed-only mails are very
>rarely useful, they are holding OpenPGP back as a solution for
>encrypted e-mail, and in the interest of usability we should not roll
>them out in email crypto solutions on equal terms with encryption.
Your post & discussions with other OpenPGP users has persuaded me to
reevaluate signing outgoing mail as a default practice. I think you're
on the right track with K-9.
It does seem like other parts of the community haven't reached the same
conclusion. In particular I noticed today that the "Much easier Email
Crypto, by fetching pubkey via HTTPS" proposal[0] from the GnuPG folks
will by-default will sign all outgoing mail as a signalling mechanism:
> Technically your email client will automatically
>
> * prepare for this by creating a crypto key for you and uploading it
> to your provider (or second best to public keyservers).
> * sign all emails so others see that you are ready for crypto
> (unless you opt out)
> * ask the mail provider of your recipients for their pubkeys.
I wonder where the disconnect in perspectives on signed-only mails is
rooted.
- cpu
More information about the Messaging
mailing list