digital signing of email
I have begun experimenting with digitally signing my emails (via S/MIME (X.509) certificates). This is mostly at the instigation of nugget who recently began strongly advocating this (and whom I thank for taking the time to answer zillions of my questions about this). I still think this stuff is not quite ready for prime time, but I'll keep using it for a bit and see what I think after some more experience. Here is a nice webpage that summarizes the issues and why one might want to mess with this stuff. The basic idea is that privacy advocates suggest that we should routinely send all our emails encrypted, so that no one but the intended recipient can read them, just as we normally send paper mail sealed in an envelope instead of written on a publicly viewable postcard. The technology to achieve this depends on people getting a digital certificate, which must be assigned by some trusted authority. That could cost money, or you can get one free via a service like http://thawte.com.

Pros:

• Digital signing is theoretically a good thing; it ensures that your email can't be messed with or spoofed without that being detected.


• Digital signing is a step toward sending your emails encrypted, which is an even better thing privacy-wise.


• It's free.


• It's somewhat interesting and educational in a geeky way.

Cons:

• Documentation for this stuff sucks. The actual model of what's going on is murky, and the concrete implementation details are also murky. The thawte.com website is not very clear: it seems a classic case of geeks who already know their product/service well and are enthused about it and didn't think to get ordinary laypeople to read it and give feedback.


• Software support for this is still cumbersome and underdocumented. Email is one of those application areas that has zillions of different programs and lots of subtle details to get right. E.g. the certificate technology we are now using works as an attachment. Some email list software strips attachments. Even worse, I have found that sometimes email list software will alter your message, thus invalidating the signature and causing a (true) complaint to the recipient that the message content has been altered. (Hint: if you are replying to a yahoogroups message, be sure to delete any existing appended footer/ad stuff in the quoted text. Otherwise yahoogroups will append the footer/ad to your message. Normally it actually recognizes that your message was signed, and doesn't append that stuff, contrary to normal behavior. So if you don't like ads on yahoogroups, signing your message is a way to have ads not be appended, heh.)


• Signature attachments confuse and frighten some people who don't know what the hell they are. I've already had someone complain that they were worried my email had some sort of virus or something.


• Going a step further to encryption is murkier and depends even more on your client... it took a long time for us to figure out how to get Outlook to encrypt sent email, and then I find that reading an encrypted email is more cumbersome. (Normally I prefer reading in the preview pane, but an encrypted email must be explicitly opened to decrypt it.)


• Some people's mail accounts seem to refuse to accept email with attachments.

(Temas pri mia lastatempa esplorado de diĝita subscribo de retpoŝto, por certigi ke la retpoŝto atingas la ricevonton senŝanĝe. Teorie ĉi tiu estas bona ideo, sed mi ne jam decidis ĉu la realeco tiel bonas, kiel la teorio!)