There have been episodes of spoofing on this list. If client side encryption "just worked", and if what is considerably more difficult, checking the signatures "just worked", there would be no bother, hence it would be rational to sign
Not "just work" but "opt out" is what you are looking for. If there are n posters to the list and m people signing, then their are only n-m spoof targets. As m approaches n, the number of forgeries rapidly approaches zero as there is no one left worth spoofing who can be spoofed. But as each individuals chance of being spoofed approaches zero, the benefit gained by signing also approaches zero. Consequently unless there are additional costs to non-signing above and beyond spoof protection there will always be a substantial number of unsigned messages. -- Julian Assange |If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and proff@iq.org |work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery