A standard digital signature consists of a digital hash of the "message"
encrypted with the originator's *private* key. I use "message" in quotes
because it could be anything: ASCII, EBCDIC, Baudot, object code -- no matter,
so long as it is 1's and 0's.
The consumer hashes the received message. The consumer decrypts the signature
with the sender's *public* key. The consumer compares the two. If they are the
same then the message is unaltered, is from a possessor of the purported
originator's private key, and the originator cannot deny constructing it
("non-repudiation").
There is no CA (and no certificate) involved. The consumer gets the
originator's public key from some "well-known" source such as the originator's
Web site, or perhaps the originator handed it to her on a piece of paper.
Note the reversal of the usual public key protocol: encrypt with the *private*
key, decrypt with the *public* key.
There are specific e-mail signature schemes that use a certificate. I would
assume the usual deal: the sender chooses a CA to issue the certificate; the
recipient must have that CA's root on hand in order for the process to work.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Paul Gilmartin
Sent: Thursday, February 18, 2021 9:08 AM
To: [email protected]
Subject: Re: XMITIP and ANTI SPOOF message
On Thu, 18 Feb 2021 10:45:44 -0600, Lionel B Dyck wrote:
>The Anti-Spoof was implemented because of auditors and the ability to turn if
>off was at the request of one shop who didn't want it. The default is to have
>it on which is my preference.
>
>SMTP is inherently insecure so having it is an aid but not fool proof for all
>the fools out there 😊
>
Don't underestimate the resourcefulness of your fool.
My understanding is that a digital signature often consists of a
checksum encrypted with the sender's private key which the
recipient can verify with the sender's public key.
Is that what XMITIP does?
What CA does it consult for the keys?
Is EBCDIC a problem?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
