Question regarding clearsigning emails automatically

Nils Ellmenreich Nils@infosun.fmi.uni-passau.de
Fri, 15 Dec 2000 08:40:15 +0100 (CET)


Hi Ralph,


>>>"RA" == Ralph Angenendt <ra@letras.de> writes:
RA> Nils Ellmenreich wrote: >> act of signing means something like "I have read/written the above. I >> agree with this. To certify this fact, I hereby sign it." That means: RA> OTOH signing all mails means: "If you ever come across a mail which RA> is supposed to be written by me, but is not signed, then please call RA> me to verify that I really sent this mail. It could as well be a RA> fake". I think, the act of signing (whether email or anything else) is roughly what I wrote above. The fact that you'd like people to get in touch with you if they receive some unsigned stuff supposed to come from you - that's just your personal addition (which may be sensible, but is unrelated to the signing itself). RA> IMHO ideally all mails should be signed and all mails should be RA> encrypted. The latter normally fails, as most people are not able to RA> receive encrypted mails. That's for sure. Encrypting only the important stuff is not a good idea. But my point was not to say you shouldn't sign/encrypt all mails. Whether or not doing that is a personal preference. What I am opposing is *automatically* signing (i.e. without entering a passphrase) all mails, as some people seem to do. That is about the same as having a pile of blank stationary paper only with a signature, and using this paper to write each letter. The signature becomes almost meaningless. IIRC, the legal implication of "signing" is that someone had to take his time and, while being fully aware of the consequences, "signed" a document to tell others it's genuine. If this deliberate act is missing (because it's being done automatically) - what does a signed mail tell you? That someone used the account of John Doe's computer to write a mail with his mail client who automatically signs all mails as John Doe. And that almost meaningless ... ;-) Cheers, Nils -- Nils Ellmenreich, Lst. f. Programmierung, Universitaet Passau, Germany -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org