sign encrypted emails

Johannes Zarl johannes at zarl.at
Mon Jan 6 00:31:59 CET 2014


On Sunday 05 January 2014 03:10:48 Leo Gaspard wrote:
> Well... I, personally, would attach more importance (no more validity, just
> importance, like in "listen to me very well" or whatever english people say
> to others to get them to listen carefully) to a message signed to an
> offline main key that might wait for a month than to a message sent in
> cleartext. For I would assume the sender designed his message to be
> important enough to make me move to my safe deposit box so as to read it.

In my feeling this is a rather subjective (to the sender) thing: some people 
encrypt *every* message no matter how trivial. Other people only encrypt those 
messages that match some rather specific criteria. Both kinds of people have 
good reasons for their behaviour. That's the reason why I don't attach an 
intrinsic importance or anything else to the fact that a message is encrypted.

I can see your reasoning behind "that message feels more important", and I'm 
quite sure that many people feel that way. It's just that it went away for me 
some time after receiving the n'th encrypted grocery list.

> Of course, without encryption-checking, this assumption is wrong, and this
> is emphasized in one of my previous messages on this thread, with the "We
> got to talk tomorrow" taking importance for the receiver that is unexpected
> to the sender, thus leading to a security flaw.

Yeah. That's definitely what I meant when I said that one should not act 
differently.

Though if you want a really fancy policy you could require non-encrypted 
messages to be discarded and use the signed-but-not-encrypted communications 
for counter-intelligence. *g* (Yes, I know the flaw here is not-so-subtle...)




More information about the Gnupg-users mailing list