Hi Vincent,
On 29/11, Vincent Breitmoser wrote:
In short, my conclusion so far is that signed-only mails are very
rarely useful, they are holding OpenPGP back as a solution for
encrypted e-mail, and in the interest of usability we should not roll
them out in email crypto solutions on equal terms with encryption.
Your post & discussions with other OpenPGP users has persuaded me to
reevaluate signing outgoing mail as a default practice. I think you're
on the right track with K-9.
It does seem like other parts of the community haven't reached the same
conclusion. In particular I noticed today that the "Much easier Email
Crypto, by fetching pubkey via HTTPS" proposal[0] from the GnuPG folks
will by-default will sign all outgoing mail as a signalling mechanism:
Technically your email client will automatically
* prepare for this by creating a crypto key for you and uploading it
to your provider (or second best to public keyservers).
* sign all emails so others see that you are ready for crypto
(unless you opt out)
* ask the mail provider of your recipients for their pubkeys.
I wonder where the disconnect in perspectives on signed-only mails is
rooted.
- cpu
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
