sign encrypted emails

[Robert J. Hansen]

> Don't write "I will encrypt this message"[1] in every mail hoping that the
> recipient deduces that you want to do secret stuff, and leaving them to deduce
> from the absence of that message that you want to do the regular stuff. Hoping
> that other people will infer meaning from things that are totally not
> apparent, /that/ is error-prone.

There also seems to be something else at work here: an allergy to rigor.

GnuPG is most often used in a slipshod, half-thought-through manner.
People don't articulate a security model, much less establish a plan to
mitigate those threats, much less negotiate a policy with their
correspondents to mitigate threats held in common.

Sometime watch the movie _Crimson Tide_.  It's a good action film and
the central premise revolves around a message that violates policy.  A
nuclear ballistic missile submarine is given a legitimate order to
launch missiles at a Russian city.  While preparing to launch, the
submarine receives a second message telling them to abort the launch --
but due to forces beyond their control that message is received only as
a fragment.

The captain refers to the policy: "Any message that does not fully
conform to the policy must be completely disregarded."  The captain
insists on launching, since the last policy-conformant message was a
launch order.

The executive officer insists, "We received an abort signal; at the very
least we need to delay the launch until we can confirm it."  The
executive officer insists on deviating from policy.

I cannot think of the last time I saw a Hollywood blockbuster that was
built around what is, at its heart, a very technical question about how
high-security communications operate.  It's worth viewing.

The short version is -- if you don't have a policy established, you're
not going to be using GnuPG to provide its fullest amount of
communications security.  That policy also needs to tell people how to
handle messages that don't conform to policy.