Ask HN: Why don't you use PKS to sign your email?

[Stubbs]

What is it that stops most people from using GPG or a similar system to sign their email?

I know why your common or garden user might not, but I often wonder why, with sites like gpgtools or gpg4win that make install & keygen simpler, more technical people haven't adopted PKS.

So, what stops you signing your emails?

[karlshea]

My reason is that I send mail from lots of different places like my iPhone, Apple Mail on the desktop, Thunderbird on a Windows box, and the GMail web client.

So synchronizing all of those with the right keys and signing software would be either a pain or impossible (i.e. iPhone and GMail on the web).

And on top of it, I doubt more than 1% of the people I email would even know what the signatures were, or would know something was up if an unsigned message came through. Or would even bother to verify the signatures even if they did know what it was.

Everyone you're mailing also has to have software installed to do the verification. I've gotten signed emails before, and do I check to see if it's legit? No. What would it even matter? Most of what I send over email isn't anything security-worthy anyways.

[Stubbs]

Thanks for the reply, I'm gathering info for a project to see if I can't do something about these kinds of things ... a huge task I know, but I feel i can make a start in at least better educating people on what PKS is.

[ammmir]

not a big enough problem for most people. signatures should be built-in to email, not a user-facing feature.

[Stubbs]

I agree, creating or importing keys should be done as part of the setup wizard, alongside entering your email address & password.