[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Mr. Squirrel? Just who is whom here?
Hal is somewhat right, anyone can use 'Secret Squirrel' and anyone
can use any public key they want also. So, in a many-to-one scope (as
in a maillist) where the sender can not use the one-on-one signed
signiture method how do we have proff of who the sender really is?
Maybe public forums are just not places where it is easy to verify
the identity of a speaker?
A second thing that Hal's comments bring up is that we were reading
the From: headders and ignoreing the keys. In good crypto-mail
readers the key ought to be checked against our own data base of
others keys and the result added to the hedders as say:
KeyCheck: FooBar Bazoid holds this key in XXX database
or some such rot. I wonder what is more important, who I claim to be
in a random message or what key I include...
New keys ought for an ID (or new ID's for the same key) should be
added to the data base as well.
But all this needs to be done automaticly by the mailers and
interfaces, else the system will be mis-used and folks will tire of
the extra work that gets them little advantage.