What is the benefit of signing an encrypted email
mailinglisten at hauke-laging.de
Wed Jan 12 17:08:53 CET 2011
Am Mittwoch 12 Januar 2011 16:57:27 schrieb Robert J. Hansen:
> Good signatures from validated keys belonging to untrustworthy people make
> no guarantees. There are a couple of people in the world who, even though
> I know their key fingerprints and have verified them face-to-face, I
> wouldn't trust signatures from. My immediate reaction would be, "I have
> no confidence they're not pulling some kind of trick on me."
More often "I have no confidence they keep their secret keys strictly under
their control" might be the relevant objection.
> Speaking for Enigmail, it's because 99% of the time signatures are
> worthless. They contribute to the illusion of data integrity while
> actually providing no guarantees.
You mix up the (current – key validation can be done after the communication,
too) absence of a guarantee with being worthless.
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 555 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users