On Wed, Mar 05, 2003 at 01:36:36AM +1100, Andrew Lau wrote: > On Mon, Mar 03, 2003 at 10:14:37PM -0600, Steve Langasek wrote: > > ...encourage the widespread adoption of end-to-end cryptographic > > signatures in email. > > > > Nothing else is likely to have much impact. > > Dear Steven, > In my opinion, this would make things worse. If the general > public embraced signed emails as commonly as they use Outlook, I'm > sure we'll encounter just as many viruses/trojans as we do > now. Except, that this time around, they would compromise the signing > application and passphrase/keys as well. The nightmare scenario would > be when these trojans start weakening the whole web of trust we > already have by signing other random keys maliciously. > All the more reason to keep GnuPG/PGP to those who know what > they're doing and why they need it. I am not understanding how this would be a "nightmare scenario". As I understand it, the web of trust is formed by signatures I (to some degree) trust appearing on keys I know nothing about; that is, the web of trust is not formed by signatures I know nothing about appearing on my key or other keys I trust (to some degree). I can sign your key right now and upload it; this proves nothing except my lack of understanding regarding cryptographic signatures. -- Nathan Norman - Incanus Networking mailto:nnorman@incanus.net Unix was not designed to stop people from doing stupid things, because that would also stop them from doing clever things. -- Doug Gwyn
Attachment:
pgpT8pITjDfAj.pgp
Description: PGP signature