>>> The *real* problem is that digital signatures for E-mail work in >>> *exactly the same way* and provide *the same protection* as SSL >>> does for the Web. >> [That's] wrong. > That the same people who don't understand that the little padlock > doesn't guarantee that you're talking to the website you think you > are, will also fail to understand that the little e-mail padlock > doesn't guarantee that the e-mail is from who you think it is.
This sound as though you're saying "protection A doesn't provide what the typical naïve user mistakes it for; protection B also doesn't provide what the typical naïve user mistakes it for; therefore, it's OK to say that protection A and protection B provide *the same protection* in *exactly the same way*". Even though they don't provide the same protections (secrecy against passive snoopers is a big one) and the protections they do provide are not done in the same way (in at least two respects). Which is what I'm calling foul on. They are the same in one (admittedly fairly significant) respect - not being what they're naïvely mistaken for - but that hardly makes them the same, and definitely does not mean they do what *is* the same in the smae way. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
