What is the benefit of signing an encrypted email

Ingo Klöcker kloecker at kde.org
Tue Jan 18 21:09:52 CET 2011

On Tuesday 18 January 2011, Robert J. Hansen wrote:
> On 1/18/11 6:36 AM, Hauke Laging wrote:
> > This is not about convincing someone that a certain email has not
> > been written by me (as in your example) but to assure him that you
> > have written certain emails.
> A good signature from a validated key belonging to a trusted person
> can do this.  But that's it.

Agreed. The question is what does it take for a key to be considered 
validated and for a person to be trusted? In the end those decisions are 
up to the receiver, but I think in certain scenarios (e.g. a mailing 
list like this one) me signing all of my messages could result in me 
building a certain reputation and consequently trust in me and messages 
signed with my key. Of course, I could still be totally untrustworthy.

In the end, all you know for certain is that all of those messages that 
were apparently sent by me were signed with the same key.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110118/bf0dbf2f/attachment.pgp>

More information about the Gnupg-users mailing list