Thomas Grant Edwards writes:

On the issue of signing, there is another question. Do I really want to sign every message? I don't like signing my written name anywhere I don't have to. And whenever I do, I am careful to look at all the potential consequences. Signatures imply I am agreeing to some kind of contract. Perhaps I prefer my email unsigned, to give me a level of disputability. If my email was a business contract, then I'd be enthusiastic about signing it. But for a post to a political newsgroup, for instance, perhaps I don't want to make sure everybody can cryptographically assure themselves it comes from me. This leaves me open to potential forgery, but email forgery is well known and understood.

Good point. However, the digital signature issue is still outside of what my topic was. I agree with you wholeheartedly. That's one of the reasons I don't sign everything. That particular "argument" about digisigs has been pounded into the ground by the Cypherpunks for the last year and probably longer. I just think (boy I feel repetitive) that there should be something inside the software so the user has the option to sign, or sign on the fly. If I type up a message and think, "hey, I really want people to know this is from me", It would be really cool to just hit a button on the toolbar, or grab a menu option to sign automatically before sending. You don't have to sign everything. But, you don't have to go out to another application (of any sort) in order to sign. It's right there in front of you. That was my point.

Finally is physical security of keys. If I am going to sign anything, I want that key to be under control of only me.

On a personal machine, say at home, that's not really a problem. On a computer at the office where everything is password protected, isn't really a problem either. Since the situations I work with deal mainly with the home user, key management isn't as much a worry as if you're using workstations.

It is difficult for someone like me who uses workstations to keep a key only on floppy, especially as I find myself on different workstations, many diskless, all the time.

This issue has also been pounded into the ground. Carrying a disk around with you is really the only way to guarantee security. (Or memorizing your private key and typing it in every time. EEEEERRRGGHHHH) But, you are right. It is a pain in the ass. -- Brad