sign encrypted emails
Doug Barton
dougb at dougbarton.us
Fri Jan 3 10:13:13 CET 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
FYI, your client has horrible line wrapping. If there is a setting,
please change it to 72 columns.
On 01/03/2014 12:59 AM, Hauke Laging wrote:
| Do you agree that it is (or, depending on the content, can be) an
| important information whether a message was encrypted by the sender
| (and for which key)?
Not particularly, no. The message doesn't get encrypted using the
sender's key, although it may be encrypted to the sender's key, along
with the recipient's.
What advantage does it give to the attacker to encrypt a message via
MITM? The likely outcome of doing so would be to reveal that they are
intercepting messages, for what benefit? That's a legitimate question,
not a snark. You seem to be suggesting that this would provide value to
the attacker, if so can you elaborate?
| How can it make little sense to provide this information?
If the sender cares they can insert a statement in their signed message.
"I did/did not encrypt this message before sending." Problem solved.
| Whether it is more important to encrypt a message or to sign it
| differs a lot with the content. Thus I do not understand your
| explanation of importance.
My argument is that the _only_ thing relevant to message validity is the
signature on the message itself. Whether it was encrypted or not should
play no role in the recipient's calculation of the validity of the message.
| This is similar to SSL/TLS without client negotiation:
No, it's not at all. But I don't want to quibble about that, I'm still
interested in your description of the importance of the encryption
itself, separate from the message and signature.
Doug
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
iQEcBAEBCAAGBQJSxn8pAAoJEFzGhvEaGryEulsH/2u1seI5K62Y0Aa5fKI3SRAD
eBc8n62Se7sXw8rOXR+Qp5k191Upg1/Po2mkTSpgPjqc47yeAPaj4pHBAQIiAlgC
1iDdb4RveB3zZeJ4HpVgrRR5ap3S8w+SmnDdbul4evVcnuHnzP7zOFOZ5ZgIVnr8
Aoaei1jaaKal6p6qf5FDOA2c/Ni8pALZ8ZaUDNlDOLMpRS02uKZHUJwpx7eCDuKK
wvvk6X7nicetiKdklDX31eoabGuhu0ret3BbAwq6EEXaAD6FnPIuhgHcvLZzz6Tj
c0XuJD+UYK67p/rm4EdxUdr57rJ3Kr/hKdTjtBVy/l17LZZoXuROa8KSblwtr2U=
=aqFY
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list