Am 29.11.2016 um 10:18 schrieb Vincent Breitmoser:
Hi all,
(cross-posting on openpgp and messaging mls)
during my work on bringing OpenPGP to K-9 Mail, I found myself
reevaluating a lot of things. This time it's about signed-only mails.
In short, my conclusion so far is that signed-only mails are very rarely
useful, they are holding OpenPGP back as a solution for encrypted
e-mail, and in the interest of usability we should not roll them out in
email crypto solutions on equal terms with encryption.
I don't think signed only emails are useless. In my personaly opinion I
would love to see all companies sending out signed emails that contain
invoices.
If any company would change their email addresses or someone from
another department sends me an email, I would know that this is
(presumably) not a phishing attack. (At least was sent from someone
within this company which gives me some more trust in the reliability of
its contents.) At the moment I receive an email with a sender address
that might or might not belong to the company. How can I know?
Sure, the company had to put the fingerprints of their key(s) on their
website or tell it on the phone and I would have to check it, but that's
not a very big problem.
Maybe I miss something but, in this case signing seems a good idea to me.
Best regards
Alex Strobel
www.gpg4o.com
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp