Well, why Sign Email, Encrypt Email and worry about the entire PKI thing in the first place.
On Undernet? we have ScriptKiddies? try and disrupt anything and everything they can. They have in the past forged emails from core developers with patches to be applied. If you contribute to FreeSoftware or the OpenSourceMovement? then you are likely to have to interact with developers at potentially very remote locations, are you going to phone them up after every email to make sure they sent it?
It takes time to build up a PKI. By getting your key signed today, and signing other peoples keys then when you need to send email to someone else in the world you will hopefully already have a trust path to them.
Setting up a loose PKI is very simple especially if your email client supports it natively. By signing outgoing messages you're raising awareness about signed and encrypted email.
If you have never signed an email in your life and someone forges an email from you containing important information (eg: "I am going to officially resign from my place of work"), then you can't argue that "if it was important then I would have sent it encrypted/signed! It obviously wasn't from me!"
Cos you don't really care. ;)
4 pages link to WhySignEmail:
