What is the benefit of signing an encrypted email

Robert J. Hansen rjh at sixdemonbag.org
Wed Jan 12 16:57:27 CET 2011


> Signing the message guarantees the sender.

Only if certain conditions are met.  The signature must (a) be correct (b) issued from a validated key (c) belonging to a trusted party.

A bad signature makes no guarantees, not even a guarantee the message has been tampered with.  (After all, the error could be in the signature itself, leaving the message intact.)

A good signature from a non-validated key makes no guarantees.  (After all, who does the key really belong to?  How can you have any confidence in the signature?)

Good signatures from validated keys belonging to untrustworthy people make no guarantees.  There are a couple of people in the world who, even though I know their key fingerprints and have verified them face-to-face, I wouldn't trust signatures from.  My immediate reaction would be, "I have no confidence they're not pulling some kind of trick on me."  Their signatures are worthless and make no guarantees.

> Okay, I understand this. The question is, why on earth is the default
> for encrypted email not to sign too (I'm talking about anything that
> talks to gpg, like thunderbird).

Speaking for Enigmail, it's because 99% of the time signatures are worthless.  They contribute to the illusion of data integrity while actually providing no guarantees.  It's best if you only sign messages you deliberately intend to sign, messages where you believe all three conditions are met and the signature contributes to the overall integrity of the communication.  We believe this is the responsible thing to do, rather than encouraging our users to buy into a false sense of security.

If this bothers you, you can go into your account settings window, click on your account, click on "OpenPGP Security," and tell it to sign messages by default.




More information about the Gnupg-users mailing list