On 6/2/04 10:23 AM, Marta Edie at mledie at insightbb.com wrote: > What is digital signing anyway? > Marta
Marta, How do I know this came from you? It could be from an imposter. Someone who has your email address and is faking sending mail as you. Imagine if you sent Steve Jobs a letter stating you thought he was a terrible man and the computers his company makes stink. They are worse than Windows, they are not innovative, and they do not contain anything useful in the way of software. Suppose Steve Jobs called you and said, "Why would you say such things?" I doubt he would call, but he would likely tell people that email from you should be regarded as hostile. Imagine if you sent the FBI email about your neighbor being a communist, or worse... You get the idea. A digital signature is nothing more than a bunch of ascii characters grouped in a certain manner, saved as a file. You get these characters when you sign up and ask for one from either Verisign or Thwate. These companies provide you with that certificate (group of characters). Now that you have your certificate, both Mail and Entourage 2004 can use them when sending mail. For example, I want to send you mail, so I send it from my digitally signed address and you get it. My certificate is now inside your keychain. You *know* the email is from me because you can check the certificate. If you have a certificate and reply to me, now I have your certificate. Now, not only can we send digitally signed email but we can now encrypt our messages so no one else can see them as they pass along the Internet. Our own secret decoder rings. To get your very own certificate for free, head to http://www.thwate.com/ and locate the "free email certificate" section. Once you have a free certificate, you can then start a "web of trust" to get your cert upgraded. For example, if I look in my keychain, I see about 30 "Thwate Freemail Member" certs. I need to double-click on them to find out who they belong to. When you get enough *points* (by being in a web of trust), you get a new certificate that has your name instead of "Thwate Freemail Member". Perhaps the group would like to start a web of trust. I have my own name cert now and it makes life a bit easier. Now, I do not want-nor will I- get drawn into a conversation about the ultimate reliability of email. If you want to deliver a message and make SURE the user knows it's you, see them face to face. Certificates and their use is the current solution for email and web based security. Schoun | The next meeting of the Louisville Computer Society will | be June 22. The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
