-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Thursday 2005-12-08 at 22:28 -0800, Crispin Cowan wrote:
Funny story: I started using Enigmail (GPG plugin for Mozilla mail client) about 5 years ago. For six months, all of the mail I sent out everywhere was GPG-signed. Then I upgraded Mozilla, it broke the (not yet supported) Enigmail plugin, and I couldn't be bothered to fix it. So I started sending out mail with no digital signatures.
Now, according to the usage models of public key signed documents, I *should* have started receiving complaints from people about "Crispin usually signs his mails, and this is not signed; are you an imposer or what?" But that *never* happened. Not once. This convinced me that very, very few people actually check digital signatures, and thus they are of very little value in casual correspondence :(
If the MUA kept track of signatures, it could warn if someone started to send non signed email. This info could be kept with the address book; for example, mozilla stores "prefers html" info. In the suse-linux-s list we had a period when somebody impersonated other people, creating quite a nasty turmoil. Many of the old hands there use pgp/gpg signatures routinely. - -- Cheers, Carlos Robinson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFDmaE9tTMYHG2NR9URAk87AJwPho8v2rEtSYHo9lUQE/oMazT6xgCeO9kp vZFgejfhEfoqDiY4qAyMLdA= =OTas -----END PGP SIGNATURE-----