--On tirsdag, juni 03, 2003 23:13:24 +0200 Harald Tveit Alvestrand
I thought I'd try this....
is there any particular disadvantage or centralization of power implied
in me signing this message with my PGP key?
If not, is there any particular reason that I shouldn't do this all the
It's not a solution, but is there a downside?
well, it turns out that I have to answer this question with "yes".....
1) There is list software out there that munges headers on inner body
parts, making the signature not verify. If people also discard "signature
failed" messages, that means that some people will not hear what I say; for
others, it will just irritate them and condition them to dismiss warnings
about bad signatures - not a good idea in the long run.
2) There is MUA software out there that displays MIME security multiparts
as an empty message with attachments. This means that some people will be
irritated when I send messages in this signed format.
So there is still a downside to using signed mail. Not good.
[for those who advocate non-MIME signing schemes.... different topic.]