|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] Re: Digital Signatures
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 12:33 PM 12/4/2001 +0000, Greg Sabino Mullane wrote:
>There are generally two ways to sign something you've written:
>use an attachment (a detached signature), or make the signature
>and message into a single file (clear text signature).
That's the USER model - it's quite different internally to the
mail "formatter" (the thing that produces data to be sent to an MTA for
transport).
>I think using something besides gpg is a losing battle,
You really mean PGP-based technology, since some of us choose to
use the "original", instead of the copy...(NOTE: I am NOT slamming gpg -
it's great stuff!)
>Especially from companies like VeriSign. The CA model is
>too full of holes for anyone to seriously consider.
I would like to know what you base this statement on, since the CA
and trust model for X.509 is actually better for many things.
>Non-repudiation: I cannot later deny that I sent this message.
This is an important point - both pro and con. Now that digital
signatures are legal in the state of PA (and elsewhere), when you sign
something digitally you are equivocally stating that you wrote it! Keep in
mind that such things could potentially come back to bite you - as well as
benefit you.
>By the way, gpg is available on many platforms, including
>Linux and Windows, for those that want to try something
>free and portable.
So is PGP for personal use.
Leonard
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPAzY8coQtN+AZ15lEQIC/QCg8PbOtJspF37oJ7GLPZRL/lDY5RQAmwXg
s2G8CAtLf7y2MnEMVRETvmmw
=jsgS
-----END PGP SIGNATURE-----
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|