signatures for other people's emails
Hauke Laging
mailinglisten at hauke-laging.de
Wed Apr 16 16:14:23 CEST 2014
Hello,
this is not GnuPG-specific, not even crypto-specific in the sense that I
guess no real change to any crypto tool or standard would be necessary.
Technically it's about a new MIME container usage but crypto-related. I
hope here are the right people to comment on that. Somehow I prefer
getting slammed here over the openpgp working group mailing list...
This idea came from a real experience a few days ago. I am trying to get
crypto usage on a large scale to one of Germany's biggest universities
(FU Berlin). The CS and math departments organize a small (but official)
information event. I give four real courses (inofficial but supported by
the dean; http://crypto.spline.de/). As this is mainly about peer
pressure for the freshman students I wanted to teach some of the Ph.D.
students crypto first. We invited about 30 people, none even reacted.
I was told that this effect was less about the offer itself but more
about the point that this was "one more email from a stranger to a group
of people". I.e. probably not even read by many of them.
That was the example, now the idea:
With a small change to the PGP/MIME standard this would have been
possible: I write the email but do not send it to the intended
recipients but to the dean first. He makes a signature (some easy one-
click feature maybe with a comment) about the email (or about my
signature) and sends it back to me. Then I add his signature to my email
and send it to the recipients. Now this happens: The recipients still
see an email from a stranger to a group of people but now their mail
client tells them that their dean (and maybe even more people) supports
this email.
Of course, you have noticed that a crypto feature does not work in a
mail which shall make people start using crypto but you get the idea.
This would be possible without crypto, too, but I guess to easy to abuse
for being accepted.
I guess it would be enough to replace the signature container by a
multipart container with several signatures. Somehow the real sender
signature would have to be marked (or rather: the support signatures
should be marked as such, either implicitly by being a signature over
the sender signature or explicitly by a notation).
I don't want to be too optimistic but I guess this could be so useful
that it might actually become a reason for the not so small "I have
nothing to hide" group to start using crypto.
Hauke
--
Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/
http://userbase.kde.org/Concepts/OpenPGP_Help_Spread
OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20140416/3c39c3fa/attachment.sig>
More information about the Gnupg-users
mailing list