[plug] Was bun fight about "bad" words.
Christian
christian at amnet.net.au
Mon Apr 1 20:23:33 WST 2002
On Mon, Apr 01, 2002 at 07:22:44PM +0800, Mark Dixon wrote:
> There may not be "proof of provenance for email", but it is possible to provide fairly convincing
> evidence. For example: I am Mark Dixon. The digital signature attached to this e-mail attests to
> that and links my name to my e-mail. The certificate has been notarised by four people in a "web of
> trust" who met me in person and validated my personal identity documents to give that notarisation
> convincing validity.
1. Few people use digital signatures with their email and even fewer
still use S/MIME.
2. Most people on this list probably don't know those who have signed
your key.
3. Of those people who may happen to know them, chances are the
certification means little because they don't use encryption (or
S/MIME).
4. Of those very few who know them and use S/MIME, even fewer have an
authenticated copy of their key.
5. No operating system is competely secure (yada yada yada) but since
you're using Windows with Outlook Express, there's plenty of chance for
your key to be compromised.
The actual usefulness of your key in authenticating you to this list:
virtually nil.
I take your point that it's *possible* to set up a PKI such that email
is fairly well authenticated. But Paul's claim of the limited validity
of email addresses and names on this list is far stronger.
--
DSA 0x2A0F80F3: 39F3 4E10 9BE9 E728 A9EE 029C D51D EE53 2A0F 80F3
More information about the plug
mailing list