On Oct 18, 4:15pm, s1018954@aix2.uottawa.ca wrote:
If I posted pirated software from this account, according to what you're saying, I could claim a forgery and show reasonable doubt.
Without an author-certification mechanism in place, you can always claim forgery. In this case, to show reasonable doubt you would probably have to prove that some one else would have a motive for forging it in the first place. This is one place where importance of digital signatures can be very strong. *If* we were all wonderful little cypher-junkies and signed everything, then we might plausibly be able to deny forged mail: "I sign everything I ever send, it's hardcoded into my mailer, that didn't come from me..." As it is, in most cases we run on trust, except where we're deliberately trying to make certain that matters are not modified or we're trying to make things a matter of record. [Checksums of binaries, for example, or press releases on controversial topics.] I'm looking forward to the point where my mail reader will sort things according to reputations I give correspondents, and perhaps flag mail which deviates from the norm for each correspondent. [e.g., if Tim May signs something, it's probably pretty severe. If a pgp-fanatic doesn't, something might be up...] I'm also looking forward to the point where I can be on a mailing list where folks look at the first line of my .sig and say, "this is being written by an individual" and I don't have to worry about them thinking I speak for organisations. [Which one would I be speaking for? Shad Valley 1992?] richard -- Richard Martin Alias|Wavefront - Toronto Office [Co-op Software Developer, Games Team] rmartin@aw.sgi.com/g4frodo@cdf.toronto.edu http://www.io.org/~samwise Trinity College UofT ChemPhysCompSci 9T7+PEY=9T8 Shad Valley Waterloo 1992