sign encrypted emails

Robert J. Hansen rjh at
Fri Jan 3 10:28:38 CET 2014

On 1/3/2014 3:33 AM, Doug Barton wrote:
> This threat model doesn't make a lot of sense, except for very naive
> users who cannot distinguish the importance of a message that is
> encrypted vs. a message (encrypted or not) which is signed.

I'm going to cautiously disagree.  What we call "very naive users"
account for the vast majority of GnuPG users.

Unfortunately, that's as far as my disagreement goes.  I see what
Hauke's getting at, but I disagree that it really amounts to much of a
problem, or that his proposed fix would work.

The real problem Hauke's discovered is, "people generally don't have the
educational background to think formally and critically about trust."
Which is, well, true -- but that one's a hell of a hard problem to
solve.  Everything else (including "sign-encrypt-sign" schemes) amounts
to just ways to try to dodge the real issue.

More information about the Gnupg-users mailing list