sign encrypted emails

[Peter Lebbing]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/01/14 11:15, Hauke Laging wrote:
> Why should I write "I will encrypt this message to 0x12345678" in every
> mail which is boring, easily forgotten and error-prone if the problem can
> *easily* be solved technically with much better results?

Don't write "I will encrypt this message"[1] in every mail hoping that the
recipient deduces that you want to do secret stuff, and leaving them to deduce
from the absence of that message that you want to do the regular stuff. Hoping
that other people will infer meaning from things that are totally not
apparent, /that/ is error-prone.

If someone writes me a signed statement "see me tomorrow", I will show up. I
will not come carrying my highly volatile nuclear concoction just because the
message is encrypted. You should feel confident a signed statement is coming
from the person who signed it. You can't deduce very much at all from the
message arriving encrypted, I think. When the message arrives /unencrypted/
and contains confidential stuff, you could show up with a clue-bat and say
"Dude, not cool, not cool", because it was obviously (within reason) sent
unencrypted. But it being encrypted means nothing.

The social solution is not "include some statement each and every time" but
"don't deduce anything from it being encrypted". It's not a burden, it's a
change of expectation.

If you want to convey something to someone, just say so. Don't say "see me
tomorrow", but say "I want to discuss X tomorrow with you, be sure to bring Y."

HTH,

Peter.

[1] By the way, your statement might not even be true; how often have you
written "See the attachment" and then forgetting to attach the file? I have
done it countless times.

- -- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>