[Enigmail] Expect signature header proposal
Patrick Brunschwig
patrick at mozilla-enigmail.org
Tue Oct 7 22:15:11 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eitan Adler wrote:
[...]
> The fundamental difference between my scenario and yours is that the
> state of "always signing" is not with the sender but with recipient. The
> recipient always gets signed messages regardless of whether not the
> sender always signs all messages.
Well ... the problem with this is that it won't work. How would you want
to enforce such a rule? I am the developer of Enigmail. What could you
do if I would decide not to follow such a standard because I don't like
it? And then, assume I would implement the standard. How could you
ensure that nobody would download the source code, modify that part that
follows the standard and use that version of Enigmail? How could you
prove that the absence of a signature means anything?
It's a fact that the absence of a signature or the presence of a bad
signature simply don't prove anything. There is no information that you
could derive from it.
- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEVAwUBSOxB3ncOpHodsOiwAQJxeAf/fV+zYu6bJLlFmKYg1PTo3nK66keoakTr
DeEmIpGBSOZUH37vTlMZ9mwK3vcQ5EwcY7PO+natp6ws2uCNjD429//ONtvf7BuW
J5njVF011HHqrdfJollTwTmj24lYqEaaM8LUN7owqsuyTAhoAm7xiqc5jGY8bTjL
g2uIKwwmtYRwnn6ycngOcAHFq6Hxb8JEOAsJPygywDlvjrxRsjbHInG4ZWU3vMMn
bHkq/mnK9aO/IwUxkH6zZAEBCK5RJMcfYq/7EfHHZrm4iBSQ23PESAydBVrbCKqt
hUPSx0MxwsbxD/Z34QoGUS2iIwv4Yc+F+LlX2xBtUdxbPVLQeUP+Gg==
=etPh
-----END PGP SIGNATURE-----
More information about the Enigmail
mailing list