From owner-freebsd-questions Mon Aug 6 23:31:28 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mtiwmhc25.worldnet.att.net (mtiwmhc25.worldnet.att.net [204.127.131.50]) by hub.freebsd.org (Postfix) with ESMTP id 37CB837B401 for ; Mon, 6 Aug 2001 23:31:26 -0700 (PDT) (envelope-from parv@worldnet.att.net) Received: from worldnet.att.net ([32.100.199.190]) by mtiwmhc25.worldnet.att.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20010807063119.MZIT5127.mtiwmhc25.worldnet.att.net@worldnet.att.net> for ; Tue, 7 Aug 2001 06:31:19 +0000 Received: by worldnet.att.net (Postfix, from userid 1001) id 2187950D5E; Tue, 7 Aug 2001 02:31:18 -0400 (EDT) Date: Tue, 7 Aug 2001 02:31:18 -0400 From: parv To: f-q Subject: how is mail secure when only signed? Message-ID: <20010807023118.A47821@moo.holy.cow> Mail-Followup-To: f-q Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i am curious as why would some people, thus software, would consider a plain text mail which is only signed, not encrypted, w/ public key of some encryption scheme as secure? i mean what's stopping alice to use bob's public key to sign her mail to dupe the receiver as if mail is from bob? in other words, if public key signature is used to mark mail secure, not to actually encrypt, how could the source/owner of public key be verified? -- so, do you like word games or scrabble? - parv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message