[messaging] On Signed-Only Mails

Daniel McCarney daniel at binaryparadox.net
Sat Dec 3 08:52:15 PST 2016


Hi Vincent,

On 29/11, Vincent Breitmoser wrote:
>In short, my conclusion so far is that signed-only mails are very 
>rarely useful, they are holding OpenPGP back as a solution for 
>encrypted e-mail, and in the interest of usability we should not roll 
>them out in email crypto solutions on equal terms with encryption.

Your post & discussions with other OpenPGP users has persuaded me to 
reevaluate signing outgoing mail as a default practice. I think you're 
on the right track with K-9.

It does seem like other parts of the community haven't reached the same 
conclusion. In particular I noticed today that the "Much easier Email 
Crypto, by fetching pubkey via HTTPS" proposal[0] from the GnuPG folks 
will by-default will sign all outgoing mail as a signalling mechanism:

> Technically your email client will automatically
>
>   * prepare for this by creating a crypto key for you and uploading it 
>   to your provider (or second best to public keyservers).
>   * sign all emails so others see that you are ready for crypto 
>   (unless you opt out)
>   * ask the mail provider of your recipients for their pubkeys.

I wonder where the disconnect in perspectives on signed-only mails is 
rooted.

 - cpu


More information about the Messaging mailing list