sign encrypted emails

Doug Barton dougb at
Fri Jan 3 10:13:13 CET 2014

Hash: SHA256

FYI, your client has horrible line wrapping. If there is a setting,
please change it to 72 columns.

On 01/03/2014 12:59 AM, Hauke Laging wrote:

| Do you agree that it is (or, depending on the content, can be) an
| important information whether a message was encrypted by the sender
| (and for which key)?

Not particularly, no. The message doesn't get encrypted using the
sender's key, although it may be encrypted to the sender's key, along
with the recipient's.

What advantage does it give to the attacker to encrypt a message via
MITM? The likely outcome of doing so would be to reveal that they are
intercepting messages, for what benefit? That's a legitimate question,
not a snark. You seem to be suggesting that this would provide value to
the attacker, if so can you elaborate?

| How can it make little sense to provide this information?

If the sender cares they can insert a statement in their signed message.
"I did/did not encrypt this message before sending." Problem solved.

| Whether it is more important to encrypt a message or to sign it
| differs a lot with the content. Thus I do not understand your
| explanation of importance.

My argument is that the _only_ thing relevant to message validity is the
signature on the message itself. Whether it was encrypted or not should
play no role in the recipient's calculation of the validity of the message.

| This is similar to SSL/TLS without client negotiation:

No, it's not at all. But I don't want to quibble about that, I'm still
interested in your description of the importance of the encryption
itself, separate from the message and signature.

Version: GnuPG v2.0.20 (GNU/Linux)


More information about the Gnupg-users mailing list