[Cryptography] Cipher death notes
Tom Mitchell
mitch at niftyegg.com
Mon Apr 6 22:31:16 EDT 2015
On Mon, Apr 6, 2015 at 12:51 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:
> Phillip Hallam-Baker <phill at hallambaker.com> writes:
>
> >The second question is one that the folk who think DNSSEC is a mechanism
> for
> >securing the DNS have never really had an answer for. What do I do if the
> >DNSSEC chain does not validate?
>
.......
>
> Here's another one... this is a list full of security geeks, so lets do a
> quick (virtual) show of hands:
>
> - How many people have at some point received signed email (S/MIME, PGP,
> whatever)?
>
Mostly on this list... I might note that mailing list software could help
to
close this gap. As a validating remailer (moderated+) it could attach a
header with
a PGP key or pointer to the senders PGP key if the public bits are
presented to the
list at sign up.
One of the gaps in any authentication process is building a structure of
trust
and by starting with some modest sized groups a bigger web might be built.
Member would cache previous keys and if the server was hacked members
would know because checks against individual and list keys fails.
Normal reminder messages can contain PGP key (or pointer) for moderators
and list managers.
The point is DNS or mail -- it is messages and message validation is the
issue.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150406/d4938be5/attachment.html>
More information about the cryptography
mailing list