-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 19 May 2005, Radu Hociung wrote: [snip] > That's why I am asking the question: could PGP cope if all, or a > significant proportion of all domains were to enable some kind of email > transport authentication?
I don't see any connection. PGP is a sublayer of the application layer. Transport-layer trust is a separate issue. PGP takes no notice of transport mechanisms. If I receive a message with an invalid PGP signature, or an unsigned message from someone who habitually signs messages, I don't care how many MTAs swear that the address is trustworthy; the *message* still appears to be a forgery. Transport authentication and message authentication address different problems. The only effect of widespread transport authentication on PGP ought to be a small decline in use of PGP by people who don't understand the distinction and are enjoying a false sense of security. - -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Open-source executable: $0.00. Source: $0.00 Control: priceless! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/ iD8DBQFCjfJzs/NR4JuTKG8RAsz+AJ9+TOxmCVpeckFiobDu2wkttPL/3QCePsfN LPwR0LQpeDMaagviTdS0HzA= =JW+d -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
