[Dshield] Outlook & PGP signed e-mail. Was: ID theft ring hits 50 banks, firm says

Bo Nordgren bo at nordgren.net
Wed Aug 10 12:45:35 GMT 2005


> Now as mentioned by another poster, in order to actually verify that the
> message was signed by myself, you would need a trusted source for my
> key, which you don't have. However, this is why it is usefully to sign
> all e-mail, and not just critical e-mail. Once you have seen a good
> number of messages that appear to come from me, it is more likely that
> the key is actually mine.

True and a quite interesting point in light of the weight your name can bear.

> The one thing missing about PGP is a set of universally trusted keys,
> like for example browsers come with a set of trusted SSL certificates.
> So you need to establish trust in keys yourself (some people say that
> this is an advantage). In particular Thawte's free certificate are
> usually not verified well.

Unfortionately those kind of services aren't as easy to run as for example a free DNS
service.

--


More information about the list mailing list