If you can trust the key, signed only mail is very useful. In fact there is much more use of S/MIME for authentication than for confidentiality.
The use of digital signatures to agree contracts is a red herring. You can use digital signatures to establish a contract but the use of digital signatures does not change what email can do already. There are plenty of contracts that have been enforced after the parties agreed to them by email. Signing a message produces a rebuttable presumption of authenticity. It does not and cannot provide a presumption of intent to offer or accept an offer of a contract unless used in a context in which that is expressly established. In most situations where this is done, there is a rule book that is agreed to. Right now there are big holes in the trust models for OpenPGP and for S/MIME. So saying there is no use for signature because the trust model is really saying you need to fix the trust model. Which we already knew. If I trust a key enough to send confidential documents to it then I trust it enough to verify against the signature.
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
