jbaber@mi.leeds.ac.uk writes (where I have taken the liberty of reformatting for 80 columns):
Now mail is far easier to fake/intercept than a digital signature/encryption - at least I hope so. Therefore if Hal where to sign all of his messages I could check the signatures with a public key obtained from anywhere at all and if they passed then I could be confident that the messages were all written by the entity with control of the secret part of the key - at least far more confident than I am at all of the mail from hfinney@shell.portal.com actually comes from there. So instead of me getting the idea that hfinney@shell.portal.com posts interesting messages I get the idea that the holder of the secret key posts interesting messages - I would probably still use the mail address as keys are less convenient with current mail readers but that is an implementation problem. Hals reputation is therefore transfered to they key - no matter where I got the key from. So if I send encrypted mail to the person with the private part of Hal's key I can be sure that it can only be read by the person who actually sent the messages pertaining to be from Hal.
Well, this is not necessarily the case. A MITM may be signing my messages for me, and then putting them back the way they were before I am allowed to see them. Granted, this would not be easy, and perhaps the difficulty of this would be great enough that you will feel comfortable using an unsigned key. But if it were accomplished, then your messages to me would actually be insecure. No matter how convinced you became of my sincerity and trustworthiness, actually our conversations would be overheard by a third party despite both of our efforts to the contrary. Our use of encryption would be rendered futile. Doesn't this bother you? Hal