On Friday 22 October 2004 01:03, Steven Noonan wrote: > The only way I can think of as an accurate method of proving the > identity of oneself is PGP.
No. This is a bad assumption. The main points are: 1) I know who I am; irrespective of PGP or anything else. I think you mean that SMTP makes it easy to forge the "sender" header. Sure, this is a problem (of sorts), though the real problem with spam is the content of the message, not the forged headers. 2) however secure PGP is, there are substantial weaknesses in the way in which public keys are verified. If you sign a document using PGP, you are absolutely dependent on a "key signing party" to verify the identity of the person claiming to be you at the party. PGP contains nothing except the honesty of your "sponsors" to verify your identity. Note that exactly the same problems afflict those who would impose on us, at our expense, technological measures e.g. biometrics in smartchipped passports - at our expense - instead of proper security measures . > I suggest people start using it more. Sure, but for helping prevent private messages from being eavesdropped at insecure mail relays etc. rather than for "proving identity". On a list like this, no-one cares who you really are - only what you contribute. Why should I have to prove my "real" identity? Regards Brian Beesley (I think) _______________________________________________ Prime mailing list [EMAIL PROTECTED] http://hogranch.com/mailman/listinfo/prime
