What is the benefit of signing an encrypted email

Ingo Klöcker kloecker at kde.org
Wed Jan 19 21:25:30 CET 2011

On Wednesday 19 January 2011, Werner Koch wrote:
> Hi!
> I'd like to see a feature in MUAs to wrap the entire mail as
> presented in the composer into a message/rfc822 container and send
> the actual message out with the same headers as in the rfc822
> container.  This allows to sign the entire mail including the
> headers.  On the receiving site the MUA should figure out that the
> signed headers match the actual ones and visually indicate the
> message including the header as signed.

"figure out that the signed headers match the actual ones" may sound 
easy, but it's actually an extremely tough task. Any mailing list 
mangling the Reply-to header will break the signature. Any MTA, virus 
checker, etc. beautifying or otherwise changing the existing headers 
will break the signature. There would need to be some canonical format 
for headers. But that's magnitudes harder than converting the body of an 
email message to the canonical text format.

Still, it sounds like a neat idea.

> This is fully MIME compliant
> and should not break any MIME aware mailer (except for those only
> claiming to support MIME).

True. But those messages will look ugly in most mailers (even in those 
that are fully MIME compliant). In particular, web mailers will most 
likely not be able to view them properly. Not that any serious email 
user would care about them. :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110119/0ceafc2d/attachment-0001.pgp>

More information about the Gnupg-users mailing list