Is the signature encrypted
Hauke Laging
mailinglisten at hauke-laging.de
Mon Nov 5 16:29:24 CET 2012
Am Mo 05.11.2012, 10:01:02 schrieb David Shaw:
> Virtually always you *want* your signature to be encrypted.
Why? What critical information is exposed by the signature, assuming I do not
forge the from address?
> Why would you want something else?
The virus-checking mail gateway may want to at least be sure about the sender
(which does not assure it of the sending system being non-compromised and not
evil).
My personal reason is that I (in contrast to one well-known member of this
list...) believe signatures to be the only solution against spam and do not
want the filters be forced into the the mail client. This could be done by
other means than the data signature though. I don't understand why PGP/MIME
does not define a seperate signature for the relevant sender created headers
(from, to, subject, date). That would protect the headers and allow filters to
check the sender without exposing the data signature.
Hauke
--
☺
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121105/ebf36b9e/attachment.pgp>
More information about the Gnupg-users
mailing list