<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 23, 2017 at 6:17 PM, Moritz Bartl <span dir="ltr"><<a href="mailto:moritz@headstrong.de" target="_blank">moritz@headstrong.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On <a href="tel:21.08.2017%2004" value="+12108201704">21.08.2017 04</a>:30, Jason Richards wrote:<br>
> So, my question then is: what are the benefits of always sending<br>
> PGP-signed email and calling out when email is not signed, especially on<br>
> open email lists such as this?<br>
<br>
</span>Here's a statement by K9Mail developer Vincent Breitmoser that<br>
underlines your point in a blog post titled "Signed-Only Mails<br>
Considered Harmful":<br>
<br>
<a href="https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html" rel="noreferrer" target="_blank">https://k9mail.github.io/2016/<wbr>11/24/OpenPGP-Considerations-<wbr>Part-I.html</a></blockquote><div> </div></div><span style="font-size:12.8px">For lists like this it seems some individuals wish to share their key</span><br style="font-size:12.8px"><span style="font-size:12.8px">and a way to validate their identity.</span><br style="font-size:12.8px"><span style="font-size:12.8px">This is a public list and there is no great way to send encrypted</span><br style="font-size:12.8px"><span style="font-size:12.8px">messages to all yet a signed message is possible.</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">So to cross the bridge from identity in a group to sending a secure</span><br style="font-size:12.8px"><span style="font-size:12.8px">message to an individual some</span><br style="font-size:12.8px"><span style="font-size:12.8px">signed only traffic makes sense. As Vincent (in M. Bartl's message)</span><br style="font-size:12.8px"><span style="font-size:12.8px">stated it is added complexity and not free.</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">I think the list managers once a year or two might start a thread to</span><br style="font-size:12.8px"><span style="font-size:12.8px">allow many to send</span><br style="font-size:12.8px"><span style="font-size:12.8px">a signed message and a way to get their public keys. March first at</span><br style="font-size:12.8px"><span style="font-size:12.8px">4:15am or April first?</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">It might best be addressed in the welcome message to the effect that</span><br style="font-size:12.8px"><span style="font-size:12.8px">"after lurking for awhile</span><br style="font-size:12.8px"><span style="font-size:12.8px">and when a thread of interest surfaces that you wish to contribute to</span><br style="font-size:12.8px"><span style="font-size:12.8px">sign one and only one contribution"</span><br style="font-size:12.8px"><span style="font-size:12.8px">to that thread if and only if signing messages is important.</span><br style="font-size:12.8px"><br style="font-size:12.8px"><span style="font-size:12.8px">We have had some discussions on how to manage an encrypted lists...</span><br style="font-size:12.8px"><span style="font-size:12.8px">complexity is obvious.</span><br style="font-size:12.8px"><span style="font-size:12.8px">Encryption with multiple recipients To:, Cc:, Bcc: & From: is an</span><br style="font-size:12.8px"><span style="font-size:12.8px">interesting problem... A good solution</span><br style="font-size:12.8px"><span style="font-size:12.8px">might have sorted Hillary email issues into a different bucket.</span><br><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>