You don't stand to gain much by not encrypting and only authenticating.
Encryption and authentication are very different things. They're related
since encryption without authentication leaves you open to
man-in-the-middle attacks, but there are plenty of situations where you
just need authentication and message integrity.
Don't forget that message encryption may be locally illegal or
prohibited. Some countries outlaw encryption entirely, and large
organizations may require all email traverse internal VPNs in the clear.
In both cases correspondents may still want to have confidence that the
remote system is who it claims to be.
(Aside: why would an organization insist on internal cleartext? One big
cause is sexual and racial harassment complaints. Settlements routinely
require the organization to monitor all email for offensive content.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
