What is the benefit of signing an encrypted email

Hauke Laging mailinglisten at hauke-laging.de
Wed Jan 12 17:08:53 CET 2011

Am Mittwoch 12 Januar 2011 16:57:27 schrieb Robert J. Hansen:

> Good signatures from validated keys belonging to untrustworthy people make
>  no guarantees.  There are a couple of people in the world who, even though
>  I know their key fingerprints and have verified them face-to-face, I
>  wouldn't trust signatures from.  My immediate reaction would be, "I have
>  no confidence they're not pulling some kind of trick on me."

More often "I have no confidence they keep their secret keys strictly under 
their control" might be the relevant objection.

> Speaking for Enigmail, it's because 99% of the time signatures are
>  worthless.  They contribute to the illusion of data integrity while
>  actually providing no guarantees.

You mix up the (current – key validation can be done after the communication, 
too) absence of a guarantee with being worthless.

PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110112/3bf8ffc8/attachment.pgp>

More information about the Gnupg-users mailing list