Hi John Thursday, October 16, 2003, 12:37:44 AM, you wrote:
JM> Sorry if I scared you, but this really is from me, here is my phone JM> number too If you would like to verify that I sent this message. JM> 573-222-2483 Ok, I bite the bait and jump in :) The reason digital signatures are so useful is that they can really authenticate you in a near categorical manner. To fake a digital signature is very difficult due to the mathematical properties and trust mechanisms it is based on. On the other hand, how can I be sure that the person at the phone number you mentioned is really John Morse? For a reasonably skilled attacker, creating an email message apparently from John Morse is easy. This spoofed message can be made to look VERY convincing. Putting a phone number of his choice in the email is easy too, since he's writing the email in the first place. I call the number and talk to the attacker. All he has to say is "Yep this is John. Told ya!". How would I know if I were really talking to you? If you had signed that message digitally, however, the reader could be very sure that the sender was indeed John Morse. Work is in place to have digital signatures granted the same legality as handwritten signatures. It's rather interesting actually if you'd like to read up on it somewhere. I don't agree with the person who called you ignorant and refused to explain further. Many people don't know how PGP really works and what its benefits could be. To them it just gets in the way. Very understandable. Brushing them off isn't going to help increase mass acceptance, though. A major stumbling block is that most people don't know others who're using PGP, so they're hesitant to adopt it. Once it becomes more widespread, however, people will grow to like the confidentiality and, as we call it, "non-repudiation" that things like PGP can provide. Check it out sometime, you might like it too. Cheers, -- Vishal ________________________________________________ Current version is 2.01 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
