Date: Fri, 17 Apr 1998 01:27:11 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: patl@phoenix.volant.org Cc: hetzels@westbend.net, current@FreeBSD.ORG Subject: Re: Digitally Signed Messages Message-ID: <199804170127.SAA00859@usr06.primenet.com> In-Reply-To: <ML-3.3.892772193.1183.patl@asimov> from "patl@phoenix.volant.org" at Apr 16, 98 05:16:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Half right. HTML doesn't add any useful information, and obscures > the body of the message when view in non-HTML-aware MUAs. But > Digital Signatures DO add useful information, namely a verification > that the message is not a forgery and has not been tampered with. > (Within whatever trust level you assign to that particular key.) > This is just as useful in a mailing list as it is in a private > discussion. Possibly more so, since the exposure to potential > forgers is greater. Digital signatures require an out-of-band courier or a Diffie-Helman key exchange or a central ceritificate authority that verifies the identity of the sender by chking their physical ID before signing the certificate. The problem with the certificates generally used in mailing lists is that they are not sufficiently verifiable that they can be used as identification, which is how their senders are pretending they can be used. Basically, they are subject to man-in-the-middle attacks. This means that they are generally worthless clutter. The VeriSign "personal certificates" are not usable because the certificate authority, Verisign, will not vouch for the identity of the user. An interesting side point: The X.509 ceritificate that you sent is invalid for signing email. It has a number of fields that are not compliant with X.509, and the "mail" bit is zero. And no, I refuse to become a certificate authority. 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170127.SAA00859>