What is the benefit of signing an encrypted email

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jan 12 18:17:10 CET 2011

On 01/12/2011 12:10 PM, Hauke Laging wrote:
> I mean: It is POSSIBLE to steal my secret key but it is not EASY. For normal 
> email communication I regard this as enough. For signing treaties or other 
> keys I use other keys (and a different environment).

yes, that's true; but here we've been talking about attacks that don't
require stealing of the key (e.g. taking a signed message and placing it
in another context).  if you sign context-dependent messages as a matter
of course, then it's trivial for me to replay one of those messages and
have it imply an entirely different meaning.  Is this a desirable outcome?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110112/9454e9a8/attachment.pgp>

More information about the Gnupg-users mailing list