What is the benefit of signing an encrypted email
Hauke Laging
mailinglisten at hauke-laging.de
Wed Jan 12 17:39:00 CET 2011
Am Mittwoch 12 Januar 2011 17:15:48 schrieb Daniel Kahn Gillmor:
> If enigmail were to default to signing everything, then it would sign
> messages for people that they have not thought about. As a result, that
> weakens the meaning of their signature, to the point where even if they
> *have* thought about and decided to sign any given message, the fact
> that their signature is attached thoughtlessly to so many other messages
> makes it dubious.
Thus it makes sense to use different keys for
a) usual ("not thought about") email, just as a first hard line of defense
against forgery
b) serious, valuable signatures
That's why I would like to have a standardized description for keys which
tells the other one what they are used for (and what not...) and in what kind
of environment:
1) testing
2) webmail (used on untrusted systems)
3) used on normal-security but generally trusted systems
4) smartcard
5) used in a high-security environment only
This category would have to be certified, too, of course.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110112/7f9ba9e8/attachment-0001.pgp>
More information about the Gnupg-users
mailing list