Date: Tue, 7 Aug 2001 10:09:04 -0400 From: "Jerry Bell" <jerry@stelesys.com> To: "parv" <parv_@yahoo.com>, "f-q" <freebsd-questions@FreeBSD.ORG> Subject: Re: how is mail secure when only signed? Message-ID: <001c01c11f4a$846ea810$f7bbb1d0@jbell> References: <20010807023118.A47821@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
signed email isn't "more secure" per se, but it does give the recipient an assurance that whoever is claiming to be the sender actually sent the message. If I send you my public key through some means (directly, through a key server, or whatever), then 'sign' my email which means that I basically encrypt a fingerprint of the email I sent with my private key, your browser creates the same fingerprint based on the email, decrypts your 'signature' with the known public key, and does a comparison. If they don't match, then someone's trying to portray someone they're not, or their keys are messed up. That's a pretty simplistic view and I'm sure there are other intricacies, but as you can see, it doesn't really keep unauthorized person from reading your email. Jerry http://www.syslog.org ----- Original Message ----- From: "parv" <parv_@yahoo.com> To: "f-q" <freebsd-questions@FreeBSD.ORG> Sent: Tuesday, August 07, 2001 2:31 AM Subject: how is mail secure when only signed? > i am curious as why would some people, thus software, would consider a > plain text mail which is only signed, not encrypted, w/ public key of > some encryption scheme as secure? i mean what's stopping alice to use > bob's public key to sign her mail to dupe the receiver as if mail is > from bob? > > in other words, if public key signature is used to mark mail secure, > not to actually encrypt, how could the source/owner of public key be > verified? > > > -- > so, do you like word games or scrabble? > - parv > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c01c11f4a$846ea810$f7bbb1d0>