Comments on: Why I Cryptographically Sign My Email

By: Ricky

Ricky — Thu, 16 Feb 2012 15:20:35 +0000

The organization should be charged for harassment.

By: Ricardo N Feliciano

Ricardo N Feliciano — Wed, 15 Feb 2012 00:54:06 +0000

Although I don’t think ecrypted emails are really neccessary, I do agree it’s something that can’t hurt either, and can help in the future.

More important then proving you didn’t send something, I feel is the ability to verify that the person who send you an email is who they say they are.

My issue, half the emails I send are from my Android phone. Any suggestions on sending encrypted emails on an Android device?

By: Aaron Toponce

Aaron Toponce — Tue, 14 Feb 2012 17:00:03 +0000

spindritf- For the 15 minutes it took me to setup my key and then configure my mail client, is hardly a claim to not use the software, because of a “1 in a million” threat. If we all followed that philosophy, then we wouldn’t have best case security practices for software or hardware in general.

nemoinis- Sure, you can remove the signature after I send the mail, but my Sent folder will still retain the unadulterated copy. The signature contains a date timestamp when it was applied to the message. I can show, beyond a shadow of a doubt, that I signed the message that claims to not have a signature. Further, the point of the archive is not to prove anything. The point is to create reasonable doubt. The burden of proof is on the accuser. Innocent, until proven guilty, not the other way around.

By: nemoinis

nemoinis — Tue, 14 Feb 2012 16:33:49 +0000

Your reasoning, that signing your emails will clear you of suspicion on any non-signed email, is flawed.
One could make the argument that you could send a hurtful unsigned email, then point to your signing record as a sign of innocence.
Signing is useful to protect the content of your email against later alteration (where a recipient would edit the email to suit their purpose), nothing more. Even then, the recipient could remove all traces of signing in the email, and then it would be your word against theirs, again.

By: spindritf

spindritf — Tue, 14 Feb 2012 14:58:15 +0000

A one-in-a-million event is not really a very compelling reason to change one’s mailing habits. Especially since the company surely employs some authorization on their mail servers and will not be fooled by forged headers.