[Enigmail] Expect signature header proposal
Patrick Brunschwig
patrick at mozilla-enigmail.org
Tue Oct 7 22:16:06 PDT 2008
Eitan Adler wrote:
[...]
> The fundamental difference between my scenario and yours is that the
> state of "always signing" is not with the sender but with recipient. The
> recipient always gets signed messages regardless of whether not the
> sender always signs all messages.
Well ... the problem with this is that it won't work. How would you want
to enforce such a rule? I am the developer of Enigmail. What could you
do if I would decide not to follow such a standard because I don't like
it? And then, assume I would implement the standard. How could you
ensure that nobody would download the source code, modify that part that
follows the standard and use that version of Enigmail? How could you
prove that the absence of a signature means anything?
It's a fact that the absence of a signature or the presence of a bad
signature simply don't prove anything. There is no information that you
could derive from it. And it's a fact that with the way SMTP is designed
you can't generally enforce signed messages.
-Patrick
More information about the Enigmail
mailing list