On Sun, Mar 08, 2009 at 10:40:57AM -0700, Jens Alfke wrote: > Yes, that's why I sent this to user@ instead of d...@. :)
Sure. > SSL connections are valuable for privacy, but in a message-passing > system they don't do anything for authentication of content. As an > analogy: you probably use an SSL connection to receive your email from a > trusted mail server. But somehow you still get spam with forged headers. > The solution to this is S/MIME, which involves signing the messages. It's not as clear cut as that. SSL client/server certificates can be used to verify identity. > Conversely, if the messages are signed, it saves you from having to > trust the messenger. This is really convenient, as you can make use of > any reachable nearby node to help relay messages, even if it's a nearby > stranger's laptop at the café. (You can trust your snail mail because the > envelopes are sealed, even though you don't know your mailman.) ... but sure. -- Noah Slater, http://tumbolia.org/nslater
