Comment # 10 on bug 1193065 from 
> There might be some confusion about what is meant with "signing" here. What I
> mean and probably also the AGE spec means, is making sure that a message
> (encrypted or not) is actually coming from the expected person. As I see it,
> if I would send a rage encrypted file via email to somebody then there is
> nothing that would prevent a MITM that has knowledge of the recipient's
> public
> key (or identity in AGE terms) from replacing the encrypted file with some
> other validly encrypted file containing malicious or misleading data.

GPG also doesn't provide this either though ... ;) 

> 
> If the sole aim is to replace GPG symmetric encryption as outlined in the
> documentation link above then rage-encryption certainly is a fit. So the
> purpose of this is then to protect one's own data from leaking into the wrong
> hands, like file system encryption. I was more thinking about exchanging
> encrypted data between persons, which is the more typical use of GPG.

Yep, :)

You are receiving this mail because: