Peter Gutmann wrote:
The S/MIME list debated this some time ago, and decided (pretty much unanimously) against it, for two reasosn. Firstly, because it adds huge ugly blobs of base64 crap to each message (and before the ECC fans leap in here, that still adds small ugly blobs of base64 crap to each message). Secondly, because if you get a message from someone you know you'll be able to get a pretty good idea of its authenticity from the content (for example an SSH developer would be unlikely to be advocating SSL in a list posting), and if you get a message from someone you don't know then it's pretty much irrelevant whether it's signed or not. So the consensus was not to sign messages.
What you're saying is that based on only *two* bits of information (e.g., SSH=1 and SSL=0) for a given mail sender, the message could be authenticated well-enough to be useful in the operational context.
I agree with this and that's why I think that conventional digital signatures with 1024-bit keys are an overkill for common email. If the ugly blob of base64 rubbish is small enough, it should be tolearable.
The problem with asymmetric keys, though, is that faking short signatures is too trivial for current cryptosystems.
Cheers, Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
