Comments on: Why I Cryptographically Sign My Email https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/ Linux. GNU. Freedom. Fri, 01 Dec 2017 15:29:07 +0000 hourly 1 https://wordpress.org/?v=5.0-alpha-42199 By: Andy https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-132065 Wed, 05 Mar 2014 14:16:17 +0000 http://pthree.org/?p=2219#comment-132065 Not sure why I post this, but regardless, here is your solution so you can stop using signed mail;

http://en.wikipedia.org/wiki/DomainKeys_Identified_Mail

]]>
By: Ricky https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-116415 Thu, 16 Feb 2012 15:20:35 +0000 http://pthree.org/?p=2219#comment-116415 The organization should be charged for harassment.

]]>
By: Ricardo N Feliciano https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-116414 Wed, 15 Feb 2012 00:54:06 +0000 http://pthree.org/?p=2219#comment-116414 Although I don't think ecrypted emails are really neccessary, I do agree it's something that can't hurt either, and can help in the future.

More important then proving you didn't send something, I feel is the ability to verify that the person who send you an email is who they say they are.

My issue, half the emails I send are from my Android phone. Any suggestions on sending encrypted emails on an Android device?

]]>
By: Aaron Toponce https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-116413 Tue, 14 Feb 2012 17:00:03 +0000 http://pthree.org/?p=2219#comment-116413 spindritf- For the 15 minutes it took me to setup my key and then configure my mail client, is hardly a claim to not use the software, because of a "1 in a million" threat. If we all followed that philosophy, then we wouldn't have best case security practices for software or hardware in general.

nemoinis- Sure, you can remove the signature after I send the mail, but my Sent folder will still retain the unadulterated copy. The signature contains a date timestamp when it was applied to the message. I can show, beyond a shadow of a doubt, that I signed the message that claims to not have a signature. Further, the point of the archive is not to prove anything. The point is to create reasonable doubt. The burden of proof is on the accuser. Innocent, until proven guilty, not the other way around.

]]>
By: nemoinis https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-116412 Tue, 14 Feb 2012 16:33:49 +0000 http://pthree.org/?p=2219#comment-116412 Your reasoning, that signing your emails will clear you of suspicion on any non-signed email, is flawed.
One could make the argument that you could send a hurtful unsigned email, then point to your signing record as a sign of innocence.
Signing is useful to protect the content of your email against later alteration (where a recipient would edit the email to suit their purpose), nothing more. Even then, the recipient could remove all traces of signing in the email, and then it would be your word against theirs, again.

]]>
By: spindritf https://pthree.org/2012/02/14/why-i-cryptographically-sign-my-email/#comment-116411 Tue, 14 Feb 2012 14:58:15 +0000 http://pthree.org/?p=2219#comment-116411 A one-in-a-million event is not really a very compelling reason to change one's mailing habits. Especially since the company surely employs some authorization on their mail servers and will not be fooled by forged headers.

]]>