Ok, something to (hopefully) challenge you with: I often send email digitally signed so that receivers can not modify the message and claim I wrote it (the modified version). However, if I do that, what is stopping the receiver from claiming "they never got it" and I'm falsifying the email in the first place? If I include the date in the signed message, they can still claim I put *any* date I wanted in there.
For clarity, consider this scenario: Dan writes and signs the following message and sends it to Tracy on Jan 1, 2009: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Tracy, today is January 1, 2009 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoOqzMACgkQ3GktKdDXU7up4QCglGa6gjD8MX3Gytushc65cVkA IJkAniZ3hQ1WyC0SbecPJRKY9xeSsHTA =KqXV -----END PGP SIGNATURE----- Dan then tells the boss, "I sent the email to Tracy." Tracy claims, "I never got any such email. He probably just made the email, faked the date and then signed it to make it look legit. He's lying!" ==================== Assuming the mail server administrators have no sense of logging or auditing, what can Dan do to provide "proof" of sending? Thanks again everyone! --SR6
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
