Steve Langasek wrote: > On Wed, Mar 05, 2003 at 01:36:36AM +1100, Andrew Lau wrote: > > In my opinion, this would make things worse. If the general > > public embraced signed emails as commonly as they use Outlook, I'm > > sure we'll encounter just as many viruses/trojans as we do > > now. Except, that this time around, they would compromise the signing > > application and passphrase/keys as well. The nightmare scenario would > > be when these trojans start weakening the whole web of trust we > > already have by signing other random keys maliciously. > > Well, by definition, I don't trust signatures from people who use Outlook > as their primary mail client, so I don't think this will bother me any... Actually, the worst that could happen is that a user with a virus sends a signed email. Then we would know for sure that it did not come spoofed from a victim user. The *actual* user that sent the mail would be identified in the no uncertain terms of the pgp signature. Perhaps the worst ramifications of that would be that signed email starts to bog down cpus as we all decrypt the contents and keyservers become busier to serve the load of pulling previously unknown keys. Bob
Attachment:
pgp2frvEHxTbx.pgp
Description: PGP signature