[Cryptography] PGP-Signed Email
Jason Richards
jjr2 at gmx.com
Sat Aug 26 18:17:42 EDT 2017
Phillip Hallam-Baker:
> Jason Richards:
>> Phillip Hallam-Baker:
>>> I disagree with the analysis. Signed email is no more complex if
>>> every mail is signed and will be rejected otherwise. At that
>>> point, the complexity is reduced because spam is a very different
>>> issue.
>>>
>>> A more precise analysis would be signed SMTP mail is more complex.
>>
>> I read the analysis as being about the complexity of presenting
>> information to the user. Does a signed email mean that it came from
>> the sender? It should, however it doesn't.
[ Snip a bunch of commentary that I don't quite agree with, however ...]
> All we need then is a set of mail clients that will transparently
> switch from legacy SMTP transport to JMTP when needed.
This is indeed where I think we need to go. I know many people who do
this manually now, e.g. "let's discuss this via Signal or Wickr rather
than via corporate email". Making this automatic in a fashion similar
to cipher suite and protocol negotiation would be a large step forward.
I do see some complexity in customisation, e.g. how a user or an
enterprise specifies which services they support and in which order or
preference, however this would be a much better problem to solve than
the problem of better securing email.
J
More information about the cryptography
mailing list