From owner-freebsd-questions Tue Aug 7 15:45:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from inconnu.isu.edu (inconnu.isu.edu [134.50.8.55]) by hub.freebsd.org (Postfix) with ESMTP id 382B137B40D for ; Tue, 7 Aug 2001 15:45:12 -0700 (PDT) (envelope-from galt@inconnu.isu.edu) Received: from localhost (galt@localhost) by inconnu.isu.edu (8.11.2/8.11.2) with ESMTP id f77MjAw17278; Tue, 7 Aug 2001 16:45:10 -0600 Date: Tue, 7 Aug 2001 16:45:10 -0600 (MDT) From: John Galt To: parv Cc: f-q Subject: Re: how is mail secure when only signed? In-Reply-To: <20010807023118.A47821@moo.holy.cow> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 7 Aug 2001, parv wrote: >i am curious as why would some people, thus software, would consider a >plain text mail which is only signed, not encrypted, w/ public key of >some encryption scheme as secure? i mean what's stopping alice to use >bob's public key to sign her mail to dupe the receiver as if mail is >from bob? http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html It's not. This was discussed on one of the securityfocus mailinglists a while ago. >in other words, if public key signature is used to mark mail secure, >not to actually encrypt, how could the source/owner of public key be >verified? It's the private key, but that's pretty much irrelevant > > -- There is no problem so great that it cannot be solved with suitable application of High Explosives. Who is John Galt? galt@inconnu.isu.edu, that's who! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message