What is the benefit of signing an encrypted email
jimbobpalmer at gmail.com
Wed Jan 12 16:15:37 CET 2011
2011/1/11 Martin Gollowitzer <gollo at fsfe.org>:
> * jimbob palmer <jimbobpalmer at gmail.com> [110111 12:05]:
>> In Firefox I can sign or encrypt or encrypt+sign an e-mail.
>> In what case would I want my encrypted emails also signed? Does it
>> provide any additional benefit over a pure encrypted email?
> A digital signature is useful so the sender can check if that message
> was really sent by you. If it's only encrypted, there is no proof for
> that since everyone who knows the recipient's public key can encrypt
> messages for this particular person.
So encrypting an e-mail only provides a guarantee that the recipient
can read the message. It provides no guarantees about the sender.
Signing the message guarantees the sender.
Okay, I understand this. The question is, why on earth is the default
for encrypted email not to sign too (I'm talking about anything that
talks to gpg, like thunderbird). I suppose this might take me off
and would dkim be enough instead of signing the encrypted e-mails?
> All the best,
> The early worm is for the birds.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
More information about the Gnupg-users