On Wed, Mar 06, 2013 at 03:22:47PM -0700, Robert Holtzman wrote: > On Wed, Mar 06, 2013 at 09:37:46AM -0600, Dale Raby wrote: > > I sign most of my messages, even though I only know a few people who > > actively use GnuPG/PGP. As I see it, this is one way of promoting > > encryption. I.e.: "What is that block of gibberish you have at the end > > of your emails?" "That, my friend is my public key. If you have the > > right software you can verify that I sent you that message, and we can > > even send encrypted emails that nobody else can read but us." > > "Really?! Tell me more!" > > .........snip........ > > Your dreaming. In my experience 99.9% of the replies are "why would I > want to?" or the classic stomach turning "I have nothing to hide".
Or the fact it's a pain in the ass to setup, much less work at all with gmail. For many it's a classic cost vs benefit trade off. Beyond this, I've been active in the Kerberos community for a long time and the majority of krbdev mail list participants do not sign or encrypt e-mail unless it is important, like a new release announcement or having a discussion about a security bug which is expected to be encrypted. As a side note, I wonder if a pgp/gpg signature as proof of authorship has ever been tested in court? My guess is no. -- Will Fiveash
