PGP/MIME considered harmful for mobile
Robert J. Hansen
rjh at sixdemonbag.org
Sun Feb 27 20:48:33 CET 2011
On 2/27/11 2:37 PM, Martin Gollowitzer wrote:
> I sign *all* my e-mail except for messages sent from my mobile (in that
> case, my signature tells the receiver why the message is not signed and
> offers the receiver to request a signed proof of authenticity later) or
> messages to people who can't receive signed messages (I had a case where
> e-mails arrived empty because of the MS Exchange/Antivirus/whatever
> combination at the receivers working place).
You may want to reconsider this practice.
Signatures have value if they are correct, originating from a validated
key, belonging to a trusted individual. If any of those are absent the
signature is more or less just line noise. You cannot make any logical
inferences from a signature that is bad, that comes from a non-validated
key, or an untrusted individual.
The overwhelming majority of signatures I've seen have been somewhere
between irrelevant and useless. People tend to fetishize them something
>> 2. And seeing strange MIME attachments doesn't confuse people?
> Less than strange text fragments at the head and the bottom of a message
> (Some people even think they are being spammed when they see inline PGP
> data), because an attachment without useful data will rather be ignored.
Show me the HCI study, please. This may be a true claim, but I'm not
willing to accept it as such on the basis of one person's anecdotal
More information about the Gnupg-users