[Enigmail] Expect signature header proposal
John Clizbe
John at Mozilla-Enigmail.org
Tue Oct 7 17:13:25 PDT 2008
Eitan Adler wrote:
> [snip]
> Alright - what about this scenario:
>
> Bob is security conscience and always signs his messages sent to Alice.
> Dora wants to harm Bob's career and she sends a forged message
> claiming to be from Bob to Alice. Alice is an ordinary human and does
> not notice the missing "this message is signed" notice and therefore
> acts upon this message. Bob's career is ruined. Alice also gets
> messages from many people that don't sign their emails. It would ruin
> the effect of an "unsigned message" notice if she got it for every
> message that had no signature.
>
> Even if it is not a header there should be some way to enable/disable a
> "unsigned message" notice per user.
Your header kludge is subject to so many easy attacks as to be unworkable.
Crypto can solve some problems very very well.
This is not one of them.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 679 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20081007/bc3afd2e/attachment.bin>
More information about the Enigmail
mailing list