Date: Tue, 7 Aug 2001 02:29:20 -0700 From: Kris Kennaway <kris@obsecurity.org> To: parv <parv_@yahoo.com> Cc: f-q <freebsd-questions@FreeBSD.ORG> Subject: Re: how is mail secure when only signed? Message-ID: <20010807022920.A72229@xor.obsecurity.org> In-Reply-To: <20010807023118.A47821@moo.holy.cow>; from parv_@yahoo.com on Tue, Aug 07, 2001 at 02:31:18AM -0400 References: <20010807023118.A47821@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
--sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 07, 2001 at 02:31:18AM -0400, parv wrote: > i am curious as why would some people, thus software, would consider a=20 > plain text mail which is only signed, not encrypted, w/ public key of=20 > some encryption scheme as secure? i mean what's stopping alice to use=20 > bob's public key to sign her mail to dupe the receiver as if mail is=20 > from bob? >=20 > in other words, if public key signature is used to mark mail secure, > not to actually encrypt, how could the source/owner of public key be > verified? It's the signer's private key, not their public key, which is used to sign. Hence no-one else can forge it. Kris --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7b7TvWry0BWjoQKURAsARAJoDx6s/ppNJ6QOm7SIjTT5/szur8gCgzI6q GIv7nQIuvPGz7mFG4QJFi4s= =wJfE -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010807022920.A72229>