Since September 2005 I’ve had a PGP key, a cryptographic identity that allows me to use PGP for purposes of (a) encrypting things to myself and others (b) digitally signing messages. I use (a) on backups and on a private notes file on my computer, and very occasionally I encrypt an e-mail to a friend that has passwords or something in it.

The purpose of (b) is that, if you are part of the PGP system, you can verify that an e-mail from me really did come from me. For those who have exchanged key signatures with me, this means that you can be pretty sure it was me who sent it; if you haven’t done this, you can just be sure that it’s the same Sean who has e-mailed you before, even there’s no way of confirming that it’s the real Sean Whitton.

To make this work means PGP-signing every e-mail I send to get the identity out there, so that it means something. Unfortunately this is less and less easy. When I came to Oxford, after several complaints from tutors I had to stop signing e-mail from my university address because it doesn’t play nice with either the Alpine mail program some of the tutors use nor does it work well with Microsoft Exchange. And worse, as I have recently learned, Blackberry phones, which so many of the people I e-mail use, recognise that the message is PGP-signed but still refuse to display the text, saying “this message is PGP signed, please view it on your computer”.

So it’s no longer practical to sign everything, because there are so many people that can’t open my e-mails as a result. It’s sad how many broken mail clients there are, stopping perfectly legitimate and standardised features of e-mail from working.