On Thu, Sep 23, 2004 at 09:57:03AM -0500, Aleksandar Milivojevic wrote: > Sometimes it's unbelivable how long it takes organizations to discover > that email can be signed. Especially nowdays when all major mail > readers have support for at least S/MIME (and the really good ones have > support for at least PGP ;-) ). DE09D78D 888D09A3 18C4ED82 DA081DD1 4CE06F00 CC3D9213 23BDC6F9 Methinks PGP is good for talking within friends, but perhaps trusting communications from J. Random Corporation with PGP as your best means of verification is a stretch. The Web Of Trust idea only takes you so far in combating these problems -- I've heard anecdotal evidence that someone has replicated the entire "Web Of Trust" graph with identical uids on keys of EFF members. If one starts the search from the desired key and searches until finding a plausible name, one is doomed. One must return to one's own key -- AND have faith that everyone in the middle played fairly. http://www.internetnews.com/dev-news/article.php/721571 Even the best-known X.509 Certification Agency has made screwups regarding one of the best-known publicly traded corporations. How hard do you think it would be to get certificates for something that sounds plausibly like a bank? Credit card company? Cryptography is good at solving many problems. But it is not a magical problem solver. End users still need to be educated. Your guess is as good as mine if we'll make progress on the "don't give information to people who ask for it" front. :)
Attachment:
pgp00017.pgp
Description: PGP signature