On 01/03/2014 12:35 AM, Hauke Laging wrote: > From the RfC perspective (PGP/MIME) this should not be a problem; you just > need another level of nesting. Maybe the mail clients are not even prepared > for reading such messages. That would not surprise me but would not be an > argument against one client implementing this as the first one. I am > interested in general arguments for and against this.
it sounds to me like you might be interested in what the S/MIME community calls "triple-wrapping", which is used to provide cryptographic proof-of-origin and attribute-handling for intermediate transport agents: http://www.isode.com/whitepapers/smime-military-messaging.html https://bugzilla.mozilla.org/show_bug.cgi?id=380624 That said, triple-wrapping (or similar approaches) have tradeoffs that we might not want to encourage. For example, they leak metadata about who signed the message to anyone who observes it in transit; this is not the case for the traditional sign-then-encrypt layering. metadata gathering is a fruitful surveillance technique. but at its core, i think the problem you're raising is related to a fundamental (but probably common) misunderstanding: people assume that if something is encrypted to them then that is related to some signal from the message author, even though asymmetric encryption has nothing to do with authenticity or verifiability. I don't think you're going to solve that particular problem by having some e-mails have an extra layer of signature on them. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users