On 9/7/2014 6:21 AM, Pete Resnick wrote: > Obviously doing e2e > crypto gets you signatures.
No it doesn't. As a matter of practice, it probably will, but the technology does not require it. Sigs are an entirely independent action when doing object encryption. > Since we are blue-skying here, I think it is > perfectly plausible to say, "If you want to send me e2e encrypted > messages, you also have to send me signed messages, So you want to eliminate anonymous communications? Anonymity has historical importance for some kinds of communication. > and you don't or > your signature is not in my contacts list already, your encrypted mail > is going to bounce." I think it's possible that in the fullness of time, > many users go to a contact-list model of email (a la IM) where the mail > simply bounces unless it has a signature that is already in the contacts > list. The Procrustean bed always makes things simpler, and with only a few, uhhh... shortcomings. My point is not that signing is bad or checking against address books is bad, but that mandating such things constrains legitimate communication in important ways. d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
