Re: DCSB: Electronic Commerce: The State of the Art
The signature on the message attached below did not verify. Pronto Secure has the neat feature of doing signature checking on the fly. In the process of testing PSecure I have collected from the keyservers, the keys of most people on the list who pgp sign their messages. (Another neat feature of PSecure makes this a one click task) I could quite easily perform the service of bouncing messages with bad signature back to the list. Please let me know if people agree that this would be a useful service, or is it inappropriate ? My experience over the past few months is that around 10% of all signed traffic on the list checks with a BAD SIGNATURE! Geoff Klein Pronto Secure Product Manager.
-----BEGIN PGP SIGNED MESSAGE----- Geoff Klein writes:
[...] In the process of testing PSecure I have collected from the keyservers, the keys of most people on the list who pgp sign their messages. (Another neat feature of PSecure makes this a one click task)
I could quite easily perform the service of bouncing messages with bad signature back to the list.
Please let me know if people agree that this would be a useful service, or is it inappropriate ?
Bounced messages would probably be considered inappropriate noise by most list members. However, what about bouncing the message back to the sender only? This alerts him to a possible problem -- a bad keyserver entry, an attempted forgery, a mail transmission error, etc. -- without bothering everyone else. MJ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMcr3eG3Fsi8cupgZAQGprwP/RwVsYIiMZ5ZmMTM+d6i/p4u6sUdV0Jye MFtPX79z2mcW8Mr7LpWqYNZojbr2lLvBie9kIsjKJDdYcvMrs5/5Mgagm4TlKIss mRHve7HuijdTO17p8heHdjbIYo2Rk57O/8oYafHU9hit3+dpsX7OdQB3oFKH0Uy2 MQKry5CU+qc= =k0VT -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Message-Signature-Date: Fri Jun 21 10:14:59 1996
From: geoff@commtouch.co.il (geoff) Date: Fri, 21 Jun 1996 12:03:48 +0300
The signature on the message attached below did not verify.
Please let me know if people agree that this would be a useful service, or is it inappropriate ?
I use a lisp package for emacs that I wrote to automatically verify signatures on incoming mail, so I already see the 10% of messages which are improperly signed displayed in a red "bad signature" font. Thus, I'd have no need of this service. Further, it makes philisophical/political sense to me to have verification distributed. Every node should be doing it's own security. Be aware of CC's before replying to this. - -- TJIC (Travis J.I. Corcoran) http://www.openmarket.com/personal/tjic/index.html Member EFF, GOAL, NRA. opinions (TJIC) != opinions (employer (TJIC)) "Buy a rifle, encrypt your data, and wait for the Revolution!" PGP encrypted mail preferred. Ask me about dragbar-time.el for emacs. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed by mail-secure.el 1.006 using mailcrypt Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMcqubYJYfGX+MQb5AQFP5AQAzrePx1jhIfE/iHT0abqvOPQxpQ795/vk CEJBSNLM91S3tSFXtcTvqYWRvE8BksT6l4JqwVhmDWN8U3UV60pJVqbwoLbH3bvs fQcPT+HxvFDknrVIvQibwpOB9Pw9PCyV1mfMkyOjsJzRTCJe7XiFT7TS0bZA+VvX Ls0Jpjozvnk= =0x7g -----END PGP SIGNATURE-----
participants (3)
-
geoff@commtouch.co.il -
Martin Janzen -
Travis J.I. Corcoran