​There are two sets of problems identified relating to signed emails. 1) Assertions that impersonation makes the signatures worthless​ 2) Confused legal objections
The second seems to flow from the first but it really isn't clear. In fact I can't tell what side people are arguing on. Telling people to go read a book and come back when they agree is not an argument. The arguments I see here are of the form 'this is really complex and difficult and there are experts, we are not experts, I am not an expert, therefore you must all bow down before my ignorance and do it my way'. That is an audition for a position in the Trump cabinet, not a technical argument. People have been using signed emails for two decades now and none of the risks suggested have appeared. Yes, the OpenPGP Key servers are a 'dumpster fire'. But that affects confidentiality and integrity equally. And if you think that is a problem then you should start looking at ways to fix the OpenPGP trust infrastructure because what you are saying is that the issues you have identified make the system arguably worse than useless. CIA: Confidentiality, Integrity, Availability. The first, most important consideration in virtually every system is to protect the availability of the data. The second most important is integrity. Confidentiality is the least important concern. A bank that is hacked and customer bank details are disclosed is in trouble but a bank that is hacked and has money stolen is in worse trouble and a bank who loses its account data and cannot recover it from backups is a ex-bank. All documents should be signed but only confidential documents need to be or should be encrypted.
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
