Re: why bother signing? (was Re: What email encryption is actually in use?)
James A. Donald:
If we had client side encryption that "just works" we would be seeing a few more signed messages on this list,
Major Variola (ret):
But Ben is not spoofed here! So there is little motivation.
[...]
In the absence of any need, its not rational to bother.
There have been episodes of spoofing on this list. If client side encryption "just worked", and if what is considerably more difficult, checking the signatures "just worked", there would be no bother, hence it would be rational to sign --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG j35pZ93cRp46pIhaD4AQ0X3neQjPEV2l9JrKJ2L2 4Eto77muLU+n+EF8nNrcbcSAMw1Vtdttyl1600R9x
There have been episodes of spoofing on this list. If client side encryption "just worked", and if what is considerably more difficult, checking the signatures "just worked", there would be no bother, hence it would be rational to sign
Not "just work" but "opt out" is what you are looking for. If there are n posters to the list and m people signing, then their are only n-m spoof targets. As m approaches n, the number of forgeries rapidly approaches zero as there is no one left worth spoofing who can be spoofed. But as each individuals chance of being spoofed approaches zero, the benefit gained by signing also approaches zero. Consequently unless there are additional costs to non-signing above and beyond spoof protection there will always be a substantial number of unsigned messages. -- Julian Assange |If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and proff@iq.org |work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery
participants (2)
-
James A. Donald -
Julian Assange