Tuesday, August 08, 2000, 1:26:37 PM, you wrote:
>> 1) Your Thawte certificate is *not* notorised and does *not* certify
>> that the mail comes from Jamie Dainton.
R> just out of curiosity ; i just downloaded PGP 6.5.1i, but as far as i remember -
R> i toyed with it in the DOS days - a PGP key also is not a 100% guarantee that
R> the sender is who he says he is, is it ??
No I agree here, the fact that the signature is bound to Jamie's email
address rather than is actual identity (photographs etc), isn't really
relevant. It still stops anyone forging an email in his address. The
only reason you would need a notarised signature is perhaps for legal
documents etc, or communications that are not wholly email based.
Anyone could forge a PGP key, if you manage to give fake details to
Thawte it says they can sue you for about 10,000 dollars or something
crazy.
I still think that the most acceptable solution would be to send an
S/MIME signature without sending the PGP key, which would be
comparable in size to a PGP signature, and much more elegant.
--
Dave - [EMAIL PROTECTED]
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
