On 01/11/11 13:35, Aaron Toponce wrote: > The "glitch" is that for security AND trust, messages must be both > encrypted and signed.
In that case, I find it to be phrased very awkwardly. Encryption provides encryption: people can't see what is in it. Period. Signing provides a form of integrity: people can see that the signer attests that the data is correct in some way. So how is it a security glitch that encryption does not provide trust? It is a glitch in someone's thinking to think that it does. PEBKAC. The advice to also sign is sound, the absolute "you should always" is overdoing it, IMHO. Personally, I was more thinking along the lines of the reasons to introduce the MDC. Can't remember off the top of my head how that all pieced together. In that case it might be useful to revise the text to say a few words on MDC's. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users