Re: [openpgp] On Signed-Only Mails

Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com> Tue, 29 November 2016 09:58 UTC

Return-Path: <kristian.fiskerstrand@sumptuouscapital.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 635E912964B for <openpgp@ietfa.amsl.com>; Tue, 29 Nov 2016 01:58:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.935
X-Spam-Level:
X-Spam-Status: No, score=-1.935 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=sumptuouscapital-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AjJIoro3ktg2 for <openpgp@ietfa.amsl.com>; Tue, 29 Nov 2016 01:58:49 -0800 (PST)
Received: from mail-lf0-x22d.google.com (mail-lf0-x22d.google.com [IPv6:2a00:1450:4010:c07::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6195129470 for <openpgp@ietf.org>; Tue, 29 Nov 2016 01:58:48 -0800 (PST)
Received: by mail-lf0-x22d.google.com with SMTP id t196so117624515lff.3 for <openpgp@ietf.org>; Tue, 29 Nov 2016 01:58:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sumptuouscapital-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=J/8RjHw0S2VAky5ciwniFryEJx0yHlziIQ4Xks3UG0I=; b=PDb+R9nHNArF1jJpGr0YPzr+zNjybqpYbwZnqa2Y9/uaMfMui6A7M/O7imckfo9dUC hO/mvRLaYH7joYz2J87qZPgHzF+8t9VL1bXgzr4FhcRsqMjxFWBOM/9r7fof3j0OKOfu AS8ns8MwpTJ5yQGIeZQJn/u786M6nxeeywO3Fay4Z43PQwQ3t7RS5OdjYrgG8JPF/2gZ akdwmzvDl45olBp97rmBf6ASyzEE89YvkteuxJvExhbJ/U85pTciNjZfn0YVhv0f3jix GhSptbEHkqnv5OQ3Yf/Bs+TkefV6UUbwnWXwPmGzIepjTuSv1EfJ4prG5lGiPCMeMWFz H5kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=J/8RjHw0S2VAky5ciwniFryEJx0yHlziIQ4Xks3UG0I=; b=bxc7Gw9zswjoDfAn1Y3pOxOeXtC1DmjlnyAttE48TTSSETVfUbBn9JHMJN6ms8908x PGZ6ZKGJciKpUG6nnnH3Y6Gz/WHp5lQ6BggYLibf0G4T2TaWdhWeIHI1zAeOXGM8qijT cM5mjR15hVadzaEm9skkj59W2W0tdAbromAq3ATHhnpTxMHpAd97RPkcejLCKQyiMlxb GWeMj5Ig6urhyCJKttEmnpcO2b/XQBVq6yUJl+vZsik9CpGXMktIBmMK1Ul00JiKl8oH wFvu6UN6qy5TI6iX6CSU8kwfPURlG2i6+tW+2CmCJh5dAtpA/3BKMPN85lwh+N/1nxH2 ZWTQ==
X-Gm-Message-State: AKaTC02a6TaVi4Hik92kWj9n4J2xHDU5sGw7MrlJx/kGFJzQ3Ot5GMeYIMOKWoiFTQ004A==
X-Received: by 10.25.137.87 with SMTP id l84mr10541255lfd.144.1480413526991; Tue, 29 Nov 2016 01:58:46 -0800 (PST)
Received: from [10.201.199.36] ([88.151.161.13]) by smtp.googlemail.com with ESMTPSA id v26sm13581130lja.30.2016.11.29.01.58.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 29 Nov 2016 01:58:45 -0800 (PST)
To: Vincent Breitmoser <look@my.amazin.horse>, openpgp@ietf.org, messaging@moderncrypto.org, openpgp-email ML <openpgp-email@enigmail.net>
References: <20161129091837.GA25812@littlepip.fritz.box>
From: Kristian Fiskerstrand <kristian.fiskerstrand@sumptuouscapital.com>
Message-ID: <d79bd3dc-a4f4-4f41-1a18-fcfe67b76e36@sumptuouscapital.com>
Date: Tue, 29 Nov 2016 10:58:43 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <20161129091837.GA25812@littlepip.fritz.box>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="9OH7KuUNegWAgAO3dkvnkjsmEalWwUVjS"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/BR8RMluWdfyxw_rCYjKoBX4THVs>
Subject: Re: [openpgp] On Signed-Only Mails
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2016 09:58:55 -0000

On 11/29/2016 10:18 AM, Vincent Breitmoser wrote:
> In some more detail:
> https://k9mail.github.io/2016/11/24/OpenPGP-Considerations-Part-I.html
> 
> I received positive as well as negative feedback about this, and I'd
> love to hear more thoughts about it

Confidentiality is not a requirement for a number of my use cases, but
integrity control (including authentication) is. Clearsigned messages
can make archiving easier, and allow for sharing of information across
groups, while still maintaining it is in non-modified form from an
authorized party.

Incidentally I do request confirmation through signed media on a
context-dependent basis in the event of receiving non-signed email.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Nosce te ipsum!
Know thyself!