signing & encrypting
Mon May 20 18:44:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
From: Leigh S. Jones, KR6X [mailto:firstname.lastname@example.org]=20
>It may not be important to know who encrypted=20
>and sent the message because we trust the signature.
I agree, it may not be important, and E(S(m)) is fine for almost
every situation. But S/E/S might be desired, especially if the signed
message is ambiguous about its intended recipient or context.
>Would you sign an encrypted message unseen?
I'm sure a lot of executive types, at least in the physical world.
Secretary says, "sign this", and they usually just do it. They trust
the secretary in order to save time. In the digital world, it it much
easier for someone to pose as a trusted secretary.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6-2 (MingW32) - WinPT 0.5.7
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----