On 30/06/05 17:03, Nadav Har'El wrote: > SPF is probably the best solution I know of for this problem > which still keeps your plausible deniability (i.e., gpg is TOO strong)
That's an important and often-missed drawback of signed e-mail, but not an inherent one. There are well-established cryptographic solutions letting Alice sign a message to Bob in a way that Bob will be convinced, but not anyone else. This is done by forming a signature that could have been created by *either* Alice or Bob. When Bob gets such a signature he knows he didn't create it so Alice must have, but if Bob shows that signature to a 3rd party, the 3rd party would say "but you could have forged that yourself!". This is called a designated-verifier signature, and GPG doesn't support it. The catch is that the above requires both Alice and Bob to have key pairs and know each other's public key. So it's not applicable in all scenarios, unless combined with PKI or identity-based signatures/encryption. Still, it's applicable in many cases that are now unaddressed. Eran ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
