What is the benefit of signing an encrypted email

David Shaw dshaw at jabberwocky.com
Wed Jan 12 20:37:18 CET 2011


On Jan 12, 2011, at 2:12 PM, MFPA wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Hi
> 
> 
> On Wednesday 12 January 2011 at 4:13:44 PM, in
> <mid:A50E1F63-4B2C-440F-8619-6D69951668AF at sixdemonbag.org>, Robert J.
> Hansen wrote:
> 
> 
>> Show me the worth in a signed message that has any of
>> (a) an incorrect signature, (b) from an invalid key, or
>> (c) from someone you believe is utterly untrustworthy.
> 
> Perhaps (b) can provide a level of assurance that the messages on a
> list or newsgroup from the same name actually come from the same
> person.

Or keyholder (of which there might be multiples of), but basically yes.

The examples aren't really great, since "worth" isn't really easy to quantify here, and is somewhat subjective as well.  The a) case is the only one where a message with no signature and one with an incorrect signature are effectively the same thing: an unsigned message.

David




More information about the Gnupg-users mailing list