"Nelson B. Bolyard" wrote: > > Bob Lord wrote: > > > > > > How common is it for someone to want to reply to signed emails using > > encryption only (no signing)? What are some common usage scenarios? > > One scenario is: > > People want to send info about a new virus or other security vulnerability > to a place like CERT. They want the data to be encrypted. The authenticity > of the data isn't at issue. The sender may even wish to remain anonymous. > Subsequent responses may not need to be encrypted. >
The anonymity issue could be essential in some situations where the sender wants to ensure that *only* the recipient can read the message later. This is a problem if the sent encrypted message is readable by the sender and the email is monitored. If access to the sender's private key can be obtained by some means (theft, bribery, torture etc) then all the traffic sent can be read. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
