Hollering into the void since 2002

Thursday, November 21, 2002

Sign your e-mail!

Jon Udall suggests that digital assertion of identity is the solution to spam, and Doc Searls calls on bloggers to traffic in signed mail. Damn, now I have to dig up that copy of PGP.

Oddly, when Laura took a class a couple of weeks ago aimed at helping her get certified as an information systems security professional, one of the claims the teacher made was that PGP was insecure. My reaction was "huh?" But their point was that it was possible to sign an e-mail so that anyone with access to your public key could read it. Well yeah, duh. But then, if you intend to encrypt the e-mail but wind up merely signing it, then I could see how that might actually be a security problem. It’s been so long since I used PGP that I don’t even know if there’s anything in the interface to exacerbate or alleviate the problem.

(And don’t miss Doc’s sunrise picture just below this item. I’m awfully fond of sunrise and sunset and photos thereof myself.)

Posted at 8:28 PM

Comments

Well, I don’t remember exactly what I told you, but I don’t think it was that "PGP was insecure". Maybe I did - maybe I was incoherent from all that studying. But what I meant was that the instructor pointed out that if you only encrypt something with your private key and send it, then anyone with your public key can read it, so you don’t have confidentiality. But of course there may be times when you want to do this, to prove you are who you say you are to the receiver(s) (nonrepudiation) when you don’t care about confidentiality. That’s all. I don’t think I made a specific reference to PGP (although I guess I might have).

Posted by Laura at 7:48 AM, November 22, 2002 [Link]

This site is copyright © 2002-2024, Ralph Brandi.