On Tue, Nov 29, 2016 at 10:18:37AM +0100, Vincent Breitmoser wrote:
Hi all,
(cross-posting on openpgp and messaging mls)
during my work on bringing OpenPGP to K-9 Mail, I found myself
reevaluating a lot of things. This time it's about signed-only mails.
In short, my conclusion so far is that signed-only mails are very rarely
useful, they are holding OpenPGP back as a solution for encrypted
e-mail, and in the interest of usability we should not roll them out in
email crypto solutions on equal terms with encryption.
In some more detail:
https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html
I received positive as well as negative feedback about this, and I'd
love to hear more thoughts about it.
I work for a company where all mail needs to be signed. If someone
wants me to install an SSH public key on a server, I need to be certain
that the person is who they say they are. Furthermore, if one of the
system administrators sends an announcement email to the all-users list,
encrypting it to all possible employees at the company is not practical.
Signing it is still useful, especially if it includes something like a
Wi-Fi configuration file that people might use on their systems.
I use K-9 Mail for personal and work purposes, and I rely immensely on
the ability to send signed-only emails, often to mailing lists. I think
that's an extremely common and important use case that we shouldn't
forget about. Integrity is important even in cases where
confidentiality is not.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: https://keybase.io/bk2204
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp