Hi, I didn't have much time to reply, so doing that right now.
I'm not encouraging anyone to create ciphers, which can have serious flaws in design. I only claim that if there exist other means of checking authenticity, then signing is not needed. The simplest method of them all is just quoting the previous message. Why? All the cryptographic signature tells is "Hey, I have the private key for this one". But if the message is quoted, then it's a proof good enough, that the recipient has access to the private key. The information transmitted is just the same. ---- > By not signing a message the only thing you are doing > is weakening the security of the person you are emailing. You are saying > 'My security is fine because the message is encrypted. But their > security - believing that the email is from the same key owner as the > last one - is not important to me' Yes, but sending encrypted unsigned messages is still much, much better than sending them unencrypted at all! Having partial security is still better than no security. Yes, the security is weaker, but still better than none. ---- I can code the feature, but what's the point if you're going to reject it anyway (see the Valodim's post on GitHub). It's just about giving the users the freedom to choose. They are the ones to bear the consequences anyway. Can we find some compromise about how the pull request should look like to be accepted? Besides, me constantly rebasing the fork against your HEAD is aa -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
