[messaging] On Signed-Only Mails

Bjarni Runar Einarsson bre at pagekite.net
Wed Dec 7 15:55:02 PST 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Robert,

Robert Obryk <robryk at gmail.com> wrote:
> On Wed, Dec 7, 2016 at 8:36 PM, Bjarni Runar Einarsson
> <bre at pagekite.net> wrote:
> > Signatures don't just prove that the content is authentic, in
> > practice they also work in the other direction - associating
> > content and online identity with the signing key.
> 
> Why attaching your public key to every e-mail you send doesn't
> serve this purpose in the same degree? Note that if someone was
> in a position to tamper with the attached public key, they
> could have also tampered with the signature by replacing it
> with a signature signed by a key they control.

If the software automatically attaches your public key to every
single outgoing message, you will soon stop using the software
because the recipients of your mail will be confused and angry.
It's as simple as that.

There are other reasons, but that one is sufficient. Usability
matters!

 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYSKFNAAoJEI4ANxYAz5SRfxsH/R6qcHi6QV2YkKEbHDzg0exi
WfgVFejk0Vs2KVkKeZ4A8bq9ioL/vLYRhOENbOE6xULKe/d9Urb/cBV4Q3BacFDq
NVoqd3dZWqUx4Qu6k1oZUagj2MTRjgtGQIrwx551CYFvmETW0J3Rrzk4iUFCsaoC
rgfARNtawap8bXQRwjobxxDcaKBKHLxjRDOP6yyXODGGidsuxGptwwXAq1b/3G/g
R197aiK7SJAOZG3ceFRzxLvKxSuifYPbLXLZO0Yl1o/wYRT45qIVHCjpOg+XQpYj
EBEzIih7UPxiSzj96e3/ZN/KnBbebRDY/MjTsaLShwDPLG0mhfHCRBzVEvUhClk=
=qz5l
-----END PGP SIGNATURE-----


More information about the Messaging mailing list