Re: OT: Email signing

Arthur Pemberton wrote:


Could someone briefly fill me in on the if, why and how of email signing (I do not mean signatures). I am sure I can google the how, but I would like opions and experiences.


OK, I presume that you mean cryptographic signing. Message signing can be done with either SMIME or PGP. Both accomplish the same thing, and operate in virtually the same way.

Why sign? It's all about trust. If you reliably sign your messages, the people with whom you exchange messages can configure their mail client to trust the fingerprint of your certificate (or, they may trust someone who signed your certificate). They can trust that a message with your name on it, which has a valid signature, was written by you and has not been tampered with. They should also learn not to trust messages that have your name on it, but no signature.

Which method you choose probably will be influenced most by who, exactly, you want to be able to verify your signatures. SMIME uses, in large part, the same infrastructure that is already in virtually every mail client to support SSL connections. That's one of the reasons that SMIME is supported by nearly every major mail client available, out of the box. PGP does pretty much exactly the same thing, but requires an entirely separate infrastructure. I'm not aware of any major client that supports PGP by default; they require plugins, mostly. That gives SMIME a significant advantage if you want to sign messages, and have that information be useful to a wide audience.

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Relevant Pages

  • Re: Looking For People To Sign My GPG Public Key
    ... "Trust Points" accumulated to authenticate other people, ... person who is signing your key or authenticating your application. ... spec and issue differing levels of signatures for people I know well ...
    (Fedora)
  • Re: Mercurial 0.4b vs git patchbomb benchmark
    ... It *is* blind trust to assume without further guarantees that the diff ... the tree in question is created by a local application of that diff. ... Triple signatures, signing both the name of the ancestor, the diff, ...
    (Linux-Kernel)
  • Re: Why are people singing there postings on this mailling list ?
    ... I sign emails for the same reason I sign my snail-mail letters with a pen. ... which I get signatures on a regular basis. ... If your mail client does not support PGP, ...
    (freebsd-questions)
  • Re: [OT] GPG/PGP Sigs (was: Re: [slrn] very easy dis)
    ... If there was a special key, held in trust by an adminstrator ... basic way) and the history of the alias. ... The way the web of trust is supposed to work is that I sign the keys ... your key with its signatures, then fetch any intermediate keys in the ...
    (news.software.readers)
  • Re: Mercurial 0.4b vs git patchbomb benchmark
    ... signatures at the changeset level. ... why I trust the code from my distribution of choice. ... send the line "unsubscribe linux-kernel" in ...
    (Linux-Kernel)