Re: [openpgp] On Signed-Only Mails
Thijs van Dijk <schnabbel@inurbanus.nl> Wed, 30 November 2016 09:42 UTC
Return-Path: <schnabbel@inurbanus.nl>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 581B3129EB5 for <openpgp@ietfa.amsl.com>; Wed, 30 Nov 2016 01:42:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.334
X-Spam-Level:
X-Spam-Status: No, score=-1.334 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=inurbanus.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id smIX8R81tf_9 for <openpgp@ietfa.amsl.com>; Wed, 30 Nov 2016 01:42:34 -0800 (PST)
Received: from mail-ua0-x235.google.com (mail-ua0-x235.google.com [IPv6:2607:f8b0:400c:c08::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C112129D6D for <openpgp@ietf.org>; Wed, 30 Nov 2016 01:40:17 -0800 (PST)
Received: by mail-ua0-x235.google.com with SMTP id 51so207311129uai.1 for <openpgp@ietf.org>; Wed, 30 Nov 2016 01:40:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inurbanus.nl; s=google-inurb; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=W7kEiGMuSBHjqz1LOmdSwgIzcbYb0l/WCEFoxoMRtbg=; b=X86B7aahjY+ktdMgX4RO80rujltY5xLA35P5JvkA2jtpdkJvl7znmco+Vqs7blxipo W82oZMJzOh3nLnH5uGCC+oIKKPhxUsLvPdBdM09/uOne27Fqp3UpIwoNyzAvMHpK0CDA 8T0YTfHh3r4fvgAcih5hH1ov8vNuPoMefQ15o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=W7kEiGMuSBHjqz1LOmdSwgIzcbYb0l/WCEFoxoMRtbg=; b=l3zz9GB8Tdo5y0i+p7wLbSTMbXusrgP0hVxnW2t+K+mCcBUlOm+BSTqScS+01XTK6o JYRvjhgS/hHqpsxaDS95FuRAV0C6dj7pXtHj2KaztbrPvF7E9JqqHkOH3rnTjKx0JHyZ iW1YA1mRaeDaIOWOhzyHj7CSEh3gUuVeKKQ2ZuZWfG2AbZdrqfcmlu8+gqpADFGJeVIe 6CxP15uk+75SIGeevpeTCAkQNrod5KTWFwZLnb+v0Qa11KD/ZRk7otBYg8pRrjkH3yRC 9GeOMDwd49SkktByI6+sU3h3a0MxuFTJ5mQA/QqFpKrwkj2XpuQmsqjsZewk7EHE4fZ+ Yvug==
X-Gm-Message-State: AKaTC0321Z47jpTXTRs6r4Fqtp+aGwdsHbLcUzxkLLGhDWVZKSm0jkzavLSkSFwCJEMoN/3vKXF0/633ozeAHg==
X-Received: by 10.176.80.169 with SMTP id c38mr23584856uaa.61.1480498815865; Wed, 30 Nov 2016 01:40:15 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.21.67 with HTTP; Wed, 30 Nov 2016 01:40:15 -0800 (PST)
In-Reply-To: <bc170d67-3d83-6817-3508-21f904bf7730@giepa.de>
References: <20161129091837.GA25812@littlepip.fritz.box> <bc170d67-3d83-6817-3508-21f904bf7730@giepa.de>
From: Thijs van Dijk <schnabbel@inurbanus.nl>
Date: Wed, 30 Nov 2016 10:40:15 +0100
Message-ID: <CADGaDpGHDvL4xLd5kF=6cCgaPPOWkQb1gHL4D-0aQTP+aLkRsg@mail.gmail.com>
To: Alexander Strobel <Alexander.Strobel@giepa.de>
Content-Type: multipart/alternative; boundary="94eb2c1901f802dffe0542817e6b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/AtYaunvZrLYonSdSozk5ajrG1hA>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] On Signed-Only Mails
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 09:42:37 -0000
On 30 November 2016 at 10:03, Alexander Strobel <Alexander.Strobel@giepa.de> wrote: > Am 29.11.2016 um 10:18 schrieb Vincent Breitmoser: > > Hi all, > > > > (cross-posting on openpgp and messaging mls) > > > > during my work on bringing OpenPGP to K-9 Mail, I found myself > > reevaluating a lot of things. This time it's about signed-only mails. > > > > In short, my conclusion so far is that signed-only mails are very rarely > > useful, they are holding OpenPGP back as a solution for encrypted > > e-mail, and in the interest of usability we should not roll them out in > > email crypto solutions on equal terms with encryption. > > I don't think signed only emails are useless. In my personaly opinion I > would love to see all companies sending out signed emails that contain > invoices. > If any company would change their email addresses or someone from > another department sends me an email, I would know that this is > (presumably) not a phishing attack. [... snip ...] > Sure, the company had to put the fingerprints of their key(s) on their > website or tell it on the phone and I would have to check it, but that's > not a very big problem. > Maybe I miss something but, in this case signing seems a good idea to me. > Yes, conceptually this is a very good case for signing e-mails. In fact, many companies already do this with more light-weight DKIM signatures. As an added bonus, users (or UI makers) are saved the hassle of manual key management because the signing keys are simply available in DNS. -Thijs van Dijk
- [openpgp] On Signed-Only Mails Vincent Breitmoser
- Re: [openpgp] [messaging] On Signed-Only Mails Peter Gutmann
- Re: [openpgp] [messaging] On Signed-Only Mails Vincent Breitmoser
- Re: [openpgp] [messaging] On Signed-Only Mails Peter Gutmann
- Re: [openpgp] On Signed-Only Mails Kristian Fiskerstrand
- Re: [openpgp] On Signed-Only Mails Vincent Breitmoser
- Re: [openpgp] On Signed-Only Mails Brian Sniffen
- Re: [openpgp] On Signed-Only Mails brian m. carlson
- Re: [openpgp] On Signed-Only Mails Alexander Strobel
- Re: [openpgp] On Signed-Only Mails Peter Gutmann
- Re: [openpgp] On Signed-Only Mails Thijs van Dijk
- Re: [openpgp] On Signed-Only Mails Brian Sniffen
- Re: [openpgp] [messaging] On Signed-Only Mails Taylor R Campbell
- [openpgp] Steven Mason's "Electronic Signatures i… ianG
- Re: [openpgp] [messaging] On Signed-Only Mails ianG
- Re: [openpgp] [messaging] On Signed-Only Mails Phillip Hallam-Baker
- Re: [openpgp] Steven Mason's "Electronic Signatur… Phillip Hallam-Baker
- Re: [openpgp] Steven Mason's "Electronic Signatur… vedaal