--On tirsdag, juni 03, 2003 16:02:52 -0700 Michael Thomas <mat@cisco.com> wrote:
It depends on what you mean by signing. Signing a message in and of itself ought not hurt anything modulo software bugs, etc. But the real question is what does the receiving program (MTA, MUA) do with that signature? At the very least it could verify the signature, but then what? If it doesn't verify do you drop it? (transitive trust comes into play, but most likely). Does it do anything beyond that?
Let me ask something in return: do you think that just the act of signing mail -- with no trust roots implied -- could help? My sense is that it might in a sow-the-seeds kind of way for some later goodness (it's as you say not a solution). I too would be happy to hear downsides.
well... if signing my email would help get rid of the nonconformant mailers on the path that do perverse stuff that breaks signatures, that certainly would be a benefit to the world.... verifying my own signature failed....
and here's why:
Original:
--==========1875089384========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Copy:
--==========1875089384========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline Content-Transfer-Encoding: quoted-printable
The difference matters not at all to anything but a signature verifier..... sigh.
Harald