On Wed, Mar 05, 2003 at 01:36:36AM +1100, Andrew Lau wrote:
> On Mon, Mar 03, 2003 at 10:14:37PM -0600, Steve Langasek wrote:
> > ...encourage the widespread adoption of end-to-end cryptographic
> > signatures in email.
> >
> > Nothing else is likely to have much impact.
>
> Dear Steven,
> In my opinion, this would make things worse. If the general
> public embraced signed emails as commonly as they use Outlook, I'm
> sure we'll encounter just as many viruses/trojans as we do
> now. Except, that this time around, they would compromise the signing
> application and passphrase/keys as well. The nightmare scenario would
> be when these trojans start weakening the whole web of trust we
> already have by signing other random keys maliciously.
> All the more reason to keep GnuPG/PGP to those who know what
> they're doing and why they need it.
I am not understanding how this would be a "nightmare scenario". As I
understand it, the web of trust is formed by signatures I (to some
degree) trust appearing on keys I know nothing about; that is, the web
of trust is not formed by signatures I know nothing about appearing on
my key or other keys I trust (to some degree).
I can sign your key right now and upload it; this proves nothing
except my lack of understanding regarding cryptographic signatures.
--
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
Unix was not designed to stop people from doing stupid things,
because that would also stop them from doing clever things.
-- Doug Gwyn
Attachment:
pgpT8pITjDfAj.pgp
Description: PGP signature