On 9/8/2013 6:21 PM, Peter Saint-Andre wrote:
On 9/8/13 3:50 PM, Ted Lemon wrote:
What's the upside to signing my email? I know why I want
everybody I know to sign my email, but what's the upside for me if
I do it? Until there's a clear win, it's not going to happen.
There are two that I see:
1. Since it's quite easy to send faked messages (and I have seen that
done on public lists in an effort to embarrass or impugn the sender),
signing one's messages makes it clear that the message really came
from you.
2. Signing one's messages is a way of advertising that one is capable
of engaging in encrypted communication. (This might not be a welcome
analogy, but it's kind of like open carry for encryption.)
Peter
But until the MUAs across the board support it out of the box, I
believe most people don't know about it or know what it means. See
attached small snippet showing the "Message Security Info" of your
message according to the Thunderbird MUA.
I don't think we can even establish a standard practice with PGP and
others, including with the recent standardized DKIM. Where is the BCP
for the MUAs, MDAs, MSAs?
There will always be victims (users with MUAs) who don't support this
or that, but I think the IETF can finally begin considering ideal
product development concepts for vendors to follow.
--
HLS
cap1.PNG
Description: PNG image
cap1.PNG