[Enigmail] Hello World

Alexander Dahl post at lespocky.de
Thu Sep 4 06:16:58 PDT 2008 

Hello, 

> If your correspondent is annoyed and/or disturbed by an inline
> signature, the odds are very good your correspondent is neither
> bothering to check the signature nor validate your key.  That makes the
> signature worthless.  So why are you sending it?

Spread the idea of mail signing, make it possible to verify later, ...

> > the recipient wants to be sure the mail is from me: he should ask.
> 
> And how will your correspondent be able to trust your response?  Calling
> you up voice to get confirmation of the contents of each email seems
> awful inconvenient: why wouldn't you just call the person directly anyway?

You misunderstood me. I didn't mean asking if the mail was from me but
asking for a signed version of the mail which arrives for sure.

> > 90% don't care anyway and I don't disturb them with an inline 
> > signature.
> 
> This is not an argument for PGP/MIME.  This is an argument for using
> per-recipient signature rules.

This is the same argument as above. How should I convince people of
using signed mails if they never get some from me because I had a
per-recipient rule that circumvented this?

> > What are the reasons for defaulting to inline signatures despite of 
> > MTAs stripping attachements?
> 
> It's simpler.  It's supported by more MUAs.  There are more
> implementations available.  Simplicity equals reliability and diversity.

I don't think so. The reliability of a signature should come on first
place. It's not only worthless if it can't be verified although it
should be (no manipulation by an attack) but distracting and causes
additional communication and work which is not necessary if the
signature can be safely verified.

Greets from a mail client defaulting to PGP/MIME ;)
Alex

-- 
***** http://www.lespocky.de *******************************************
GnuPG-FP: 02C8 A590 7FE5 CA5F 3601  D1D5 8FBA 7744 CC87 10D0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080904/ff4e8134/attachment.bin>

More information about the Enigmail mailing list