GPG PGP S/Mime vulnerability
Guy Van Sanden
sienix@crosswinds.net
Wed Aug 8 10:14:02 2001
Again, you are right about that, but the currently proposed
legistation would put responsability with the customer.
The point is, that if the signatures would incorporate the
message-headers, they would provide better security...
>On Tue, 7 Aug 2001, Guy Van Sanden wrote:
>>Under ideal surcomstances, yes it should.
>>But I've already placed orders (without signatures) in the past
>>via free-form e-mails. In my case, I ordered a computer.
>>
>>I think that, if they make signed messages legally binding,
>>someone could take this signed message and resend it to another
>>store... I could secure myself against this by including things
>>like the company name in the message, but as I forgot to do so
>>in the past, a lot of users will to...
>
>This is a function of poor ordering system design, not digital
signatures.
>If the customer and the business chose to accept free-form
email they have
>chosen to accept the risk of error.
>
>Tony
>--
>Anthony E. Greene <agreene@pobox.com>
<http://www.pobox.com/~agreene/>
>PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD
6C94 239D
>Chat: AOL/Yahoo: TonyG05
>Linux. The choice of a GNU Generation. <http://www.linux.org/>
>
>
>_______________________________________________
>Gnupg-users mailing list
>Gnupg-users@gnupg.org
>http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>