Vincent Breitmoser <look@my.amazin.horse> writes:
In short, my conclusion so far is that signed-only mails are very rarely
useful, they are holding OpenPGP back as a solution for encrypted
e-mail, and in the interest of usability we should not roll them out in
email crypto solutions on equal terms with encryption.
In some more detail:
https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html
Perhaps you don't see the use cases, but I see many every day: signed
e-mail messages for e-mail based manipulation of databases (e.g., bug
trackers, auto-builders, deployment systems). Clearsigning is
particularly useful because it lets me CC others (they see the command
language, have an opportunity to learn it, question my action---the
social setting of e-mail works very well for interaction with this sort
of command language).
I suppose I could just clearsign a region of a text e-mail, but (a) that
means I need an even more complex UI on mobile devices, and (b) I don't
trust my mail chain not to screw up the formatting---which is part of
why we have PGP/MIME in the first place. The next-best alternative is
a web interface, but that removes the ability to manage it through
mail---with all the threading and conversation conventions that come
with it.
I'm also curious about the UI: do you expect to only offer
(encrypted+signed) and (plaintext)? If there are separate toggles for
encryption and signature anyway, what's the UI benefit?
-Brian
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp