sign encrypted emails
johannes at zarl.at
Mon Jan 6 00:31:59 CET 2014
On Sunday 05 January 2014 03:10:48 Leo Gaspard wrote:
> Well... I, personally, would attach more importance (no more validity, just
> importance, like in "listen to me very well" or whatever english people say
> to others to get them to listen carefully) to a message signed to an
> offline main key that might wait for a month than to a message sent in
> cleartext. For I would assume the sender designed his message to be
> important enough to make me move to my safe deposit box so as to read it.
In my feeling this is a rather subjective (to the sender) thing: some people
encrypt *every* message no matter how trivial. Other people only encrypt those
messages that match some rather specific criteria. Both kinds of people have
good reasons for their behaviour. That's the reason why I don't attach an
intrinsic importance or anything else to the fact that a message is encrypted.
I can see your reasoning behind "that message feels more important", and I'm
quite sure that many people feel that way. It's just that it went away for me
some time after receiving the n'th encrypted grocery list.
> Of course, without encryption-checking, this assumption is wrong, and this
> is emphasized in one of my previous messages on this thread, with the "We
> got to talk tomorrow" taking importance for the receiver that is unexpected
> to the sender, thus leading to a security flaw.
Yeah. That's definitely what I meant when I said that one should not act
Though if you want a really fancy policy you could require non-encrypted
messages to be discarded and use the signed-but-not-encrypted communications
for counter-intelligence. *g* (Yes, I know the flaw here is not-so-subtle...)
More information about the Gnupg-users