[Enigmail] Expect signature header proposal

[Eitan Adler]

Robert J. Hansen wrote:
> Eitan Adler wrote:
[snip]
> 
>> Bob is security conscience and always signs his messages sent to Alice.
> 
> Sure.
> 
>>  Dora wants to harm Bob's career and she sends a forged message claiming
>> to be from Bob to Alice.  Alice is an ordinary human and does not notice
>> the missing "this message is signed" notice and therefore acts upon this
>> message.  Bob's career is ruined.  Alice also gets messages from many
>> people that don't sign their emails.  It would ruin the effect of an
>> "unsigned message" notice if she got it for every message that had no
>> signature.
> 
> Bogus.
> 
> Let's put this into a more realistic scenario.  Imagine that I'm still
> in graduate school and I'm the TA for a class.  A student is angry at me
> for his failing grade, and decides to get payback by posting messages in
> my name to white supremacist mailing lists.
> 
> I get hauled in front of the dean and asked to explain my actions.
> "What actions?"  I get presented with the messages.  "They're not from
> me!  I never signed these -- I sign all my emails!  I have a five year
> record of signing my emails!  Everyone in the department knows this!
> Are you kidding me?!"
> 
> The dean nods.  "Yes, Rob.  We know you didn't sign them.  We're
> assuming it's because you wanted to repudiate them later if we ever
> found them.  You'll understand if we suspend you from your university
> posting while we get to the bottom of this, right?"
> 
[snip]
The fundamental difference between my scenario and yours is that the 
state of "always signing" is not with the sender but with recipient. The 
recipient always gets signed messages regardless of whether not the 
sender always signs all messages.

The sender is still free to send unsigned messages, and unsigned 
messages can still be traced back to the sender in scenario you presented.