ietf-openpgp
[Top] [All Lists]

Re: "The OpenPGP mail and news header" extenssion

2005-08-14 06:43:40

David Srbecky wrote:
Ben Laurie wrote:

David Srbecky wrote:


OpenPGP: id=b565717f; url=http://josefsson.org/key.txt; preference=sign

Sender wants to receive signed unencrypted messages.


Why would I care whether the sender wants to receive signed messages?


You want to be polite and help to enhance the security.


Surely its all about whether I want to sign my messages? His preference
is irrelevant,


Using preference=sign he explicitly expresses that he *wants* to receive
signed messages. For example some people do not sign messages to
maillist, but if the maillist sends you preference=sign, it means that
it really *wants* signed messages.

he can check the signature or not as he pleases.

How can he do that if you do not sign the message?

The same holds for preference=encrypt.

A preference for encrypted messages is a different thing, it doesn't harm the sender of the message in any way.

Signing messages weakens plausible deniability. It may imply some standing that is not necessarily intended. These things can harm the sender.

Cheers,

Ben.

--
>>>ApacheCon Europe<<<                   http://www.apachecon.com/

http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff