What is the benefit of signing an encrypted email

Robert J. Hansen rjh at sixdemonbag.org
Wed Jan 12 19:52:02 CET 2011


On 1/12/2011 12:10 PM, Hauke Laging wrote:
> Let's take this email as an example. I write it on my PC which may be
> more secure than the average system but has all the weaknesses of a
> system which does all the daily work.

As I recall, Werner has a story about receiving PGP-signed spam.
Apparently, a home user had PGP set up to sign all outbound mail using
the PGP mail proxy service, this user's machine got pwn3d and joined a
botnet, and the spammer was pumping out Viagra mails that went through
the PGP proxy...

Automatic signing policies are bad not just because of emails you write
but don't mean to sign, but because of emails you *don't* write.  :)



More information about the Gnupg-users mailing list