Incoming from Will Fiveash: > On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote: > > > > I recently started to sign all my mails and it took me little time > > to find out that you can't delete attachments in signed/encrypted > > mails ... ;-) > > > > Now I want to automate the way I use crypt_autosign that mutt > > checks first if there is an attachment and only signs the mail if > > that's not the case. I was thinking along the lines of > > I have a couple of comments about this: > > - Why sign most messages? Unless the information is important for > others to verify that it came from a particular person why add the > bloat of a signature. Beyond this I find it ironic that people sign > e-mail with a private key where its public key isn't found on a > standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl.
Until recently, I thought the same. My $0.02; it's a political
statement, it's me reacting to what appears to me to be rampant
fascism. I rejoiced when Spain buried Franco, yet it appears many
countries have chosen Oligopoly/Plutocracy/Fascism behind our backs.
This's just me saying "no". :-P
> - If one is concerned enough about allowing others to verify the
> integrity of a message shouldn't this concern also extend to
> attachments which are a classic attack vector?
See the mutt manual for "auto_view".
--
Any technology distinguishable from magic is insufficiently advanced.
(*) :(){ :|:& };:
- -
signature.asc
Description: Digital signature
