-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Atom 'Smasher' wrote:
well, I'm on the opinion that the user should never ever see there is a key unless they have a specific security need to do so. Think about the most successful systems with encryption today: SMTP/TLS and HTTPS
<<snip>> ===================
in the meantime, only geeks will allow signed messages to bypass further checks. i think that signatures and hashcash serve different purposes, and to that extent the technologies are complimentary... if i have your key in my keyring you can sign a message and it won't be subject to filtering... but if i don't know you, then hashcash will do the same thing. also, i may not want to sign an email with my key (maybe i'll want to deny later that i authored it)... in that case, hashcash is more valuable.
the whole point behind signatures (in this context) is to indicate automatically that the message is from someone I know. Not from someone pretending to be someone I know but actually someone that I know and have exchanged e-mail with in the past. That's it. End of requirements (sort of). It's not to have any greater level of meaning. That's for someone else's concern. It's just "it says it's from Joe, does it look like his signature?"
=================
well, here's the question how fast can you for someone's key if it's a small number of bits. After all, that's what all of our techniques boil down to. If I use a public key system with 256 bits, how fast can spammer fake being me? What's a reasonable lower floor?
=================
now, if we add the requirement that we want to also encrypt e-mail in transit, again, what's the size of the organization that can regenerate my key, how long would take, etc.
===========
mind you, if we use the Russian dolls model of encryption (weak outside, strong inside) then it wouldn't matter so much because if you truly wanted to protect your contents, you would protect your contents explicitly. I'm mostly thinking about envelope level protection.
============
...atom
_________________________________________ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 -------------------------------------------------
"What you are seeing is not just a consolidation of seed companies, it is really a consolidation of the entire food chain. Since water is as central to food production as seed is, and without water life is not possible, Monsanto is now trying to establish its control over water." -- Robert Farley, Monsanto -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.6 (FreeBSD) Comment: What is this gibberish? Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBMix+AAoJEAx/d+cTpVci8goIALNY0/8H94Ep/sVDNCoR/vyn aMFHN34t+XrQL94cYxnK/Xvwn69Mli3D0EehCevYF1bQeINPFx4s1A3fsUgdhxe8 lv3WiiJZeNuCY7rH2PqVvYYZdE2JHdZAHIiPCDiTOZTLFY7n91w9ZLRgDExdgXpY OEQwXrMq8Jesqx2Qul8X0Fg1fECKmD1Dt0nXwFhqv6lXTN6td7fSLeLWwe0/KYJL 4GuWQ++KQh+AlB9H8Hlphw17niwrZiCokQdZfFRefgY1dWP7HylzB/yZ/NegNH2U pro3n9TF3bd0rLRD9GzfEDPU+wseanfi9VgFGtgv5l45DZvqASdrcSRJmcpO71k= =EgJl -----END PGP SIGNATURE-----