Anders Rundgren wrote:
Secure e-mail should have been put at the server-level, then we would have had some base-level security that would cover 99% of all uses. But it didn't and therefore 80% of all messages are not even coming from the domain they claim. How very useful.
There is no such thing as secure email at the server level.Once the message has left your hands, it is written on a postcard, unless, before the message left your hands, you placed it in an envelope (PGP, SMIME, whatever).
The problem of messages coming from the domain they claim to be from is also not solved by encryption, neither encryption on the client, or the server.
If I wanted to write a letter, and sign your name at the bottom, and send that letter to somebody who might know you, there is nothing whatsoever you can do to a) stop me doing this, or b) even know that I did this.
Thus digital signatures. If I trust your signature, or if I trust the CA that trusts your signature, then I trust the message came from you, and not someone pretending to be you.
Thus the wider issue of trust. Do I trust the CA who signed your certificate?
Securing email is so much more than just encryption. Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
