What is the benefit of signing an encrypted email

Wed Jan 12 17:49:10 CET 2011

> a) usual ("not thought about") email, just as a first hard line of defense 
> against forgery

Doesn't work.

Here's the thought experiment I've been using for years.  Imagine that I'm a teaching assistant and I manage to make some of my undergrads very unhappy.  They bomb a test or something, and decide to get back at me.  So they sign up with Stormfront (a notorious hate site) using the one-off email of robert.j.hansen at somewebmailservice.com, create a user account for me there, and make all kinds of hate-filled racist screeds.  They write these things from a coffeeshop across the street, one where I am often known to sit around and do my grading while sipping on a latte.  Once they have a few weeks of this, they come to the Dean and say, "you have to fire Mr. Hansen, he's a racist!"

I get hauled into the Dean's office.  He's a reasonable man, a mathematician by training, and he'll give me a fair hearing.  I tell him, "Dean, I didn't write those messages and I don't know who did.  But I didn't write them.  You can be sure of that, because they're not signed with my PGP key, and I sign everything."

The Dean, not a fool, points out, "well, Rob, that doesn't actually mean anything.  These opinions are so incendiary that if I wrote them I would make it a point not to sign them, either, so that I could repudiate them later.  The lack of a signature means absolutely nothing.  The IP address goes to House of Aromas, the posting times match up with times you were seen in there grading and drinking lattes.  It doesn't look good.  I'm going to have to remove you from teaching duties."

Moral of the story: signatures do not protect against forgeries.  They protect *individual messages* against being *modified without detection*.  That's all.  It is very possible to forge traffic from someone, even if they are known to be a regular user of OpenPGP.

... The other reason this is a nonstarter: you're now increasing the complexity of the system.  OpenPGP already has a learning curve like the Matterhorn.  People just don't want to use it: it requires too much technical knowledge, too much thinking, too much study.  Adding more levels of complexity to it will just hurt the adoption curve even more.