Log in

No account? Create an account
Previous Entry Share Next Entry
Why don’t more people sign their email?
I’ve long been a fan of digital signatures and encryption. It may be a minority interest, but I find it rather exciting that seriously strong encryption is built in to software that we use every day.

Back in the ’90s I used PGP to digitally sign my email, but it left unsightly debris in the messages, and wasn’t widely supported. About five years ago I was delighted to discover that a technology called S/MIME was supported by almost all major email packages, and that digital certificates (used for signing and encrypting emails) were freely available, from companies such as Thawte. And as an added benefit, Thawte have a community-enabled identity verification system called Web of Trust. Signed emails will display with a verified name in email clients like Outlook or Apple Mail, even for recipients who don’t have their own certificate (other clients or webmail will show that the messages have a tiny smime.p7s attachment).


I've been regularly signing my emails with a Thawte certificate since early 2004, and since then I’ve verified the identity of a rather paltry eleven people in the Web of Trust. But I still don’t receive all that many signed emails, and I wonder why.

In world full of paranoia about identity theft, and email addressing being so easy to fake, a technology which confirms the identity of an email’s sender surely should be more popular than it is. Its relatively easy to get a certificate, and simple to use when you have one, so why don't more people sign their email?

  • 1
Oh. My. God! You've updated Livejournal. Are you feeling all right... or bored? ;)

Just what I was thinking - but then in that respect I don't really have a leg to stand on!

  • 1