Date: Tue, 7 Aug 2001 16:45:10 -0600 (MDT) From: John Galt <galt@inconnu.isu.edu> To: parv <parv_@yahoo.com> Cc: f-q <freebsd-questions@FreeBSD.ORG> Subject: Re: how is mail secure when only signed? Message-ID: <Pine.LNX.4.33.0108071643330.14442-100000@inconnu.isu.edu> In-Reply-To: <20010807023118.A47821@moo.holy.cow>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 7 Aug 2001, parv wrote: >i am curious as why would some people, thus software, would consider a >plain text mail which is only signed, not encrypted, w/ public key of >some encryption scheme as secure? i mean what's stopping alice to use >bob's public key to sign her mail to dupe the receiver as if mail is >from bob? http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html It's not. This was discussed on one of the securityfocus mailinglists a while ago. >in other words, if public key signature is used to mark mail secure, >not to actually encrypt, how could the source/owner of public key be >verified? It's the private key, but that's pretty much irrelevant > > -- There is no problem so great that it cannot be solved with suitable application of High Explosives. Who is John Galt? galt@inconnu.isu.edu, that's who! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.33.0108071643330.14442-100000>