Relevance of e-mail (was [OT] Why are you using the GPG / PGP keys?)
Mark H. Wood
mwood at IUPUI.Edu
Tue May 28 22:05:39 CEST 2013
1. Establish a pattern: none genuine without this signature. I
understand it's not possible to prove that an unsigned message
didn't come from me, but this couldn't hurt.
2. OTOH I *can* show that a signed message must have been made with
knowledge of a specific key, which I assert that I control. When
I do write something, I want my authorship to be believed.
3. Habit. The same reason I always automatically relock doors when I've
entered: if I have a policy then I don't have to make judgments
in most cases. (Yes, I *always* carry a house key.) Considering
all the gooey rubbish I *don't* send to my correspondents, I hold
that the small cost of a signature is entirely negligible.
4. Privacy. While I prefer to hand-deliver things like new
passwords, I'm willing to send them in encrypted emails if someone
insists. Or I might want to write to a family member something
that's not super-secret but is nobody else's business.
5. Cool factor. *blush*
6. My signing habit is my tiny contribution toward a future in which
any unsigned email is automatically suspect. This would make it
feasible, for example, to set up a rule sending all mail with
no or unknown signature to a UCE folder (or the bitbucket). I
won't hold my breath while I wait, though.
I should distinguish signing and encryption. I can count on my fingers
the number of encrypted emails I've sent, but I assert that I sign all
emails addressed to humans. (Some mailing-list robots are fragile and
have trouble with signatures when directly addressed. Boo.)
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Gnupg-users