-- Ben Laurie wrote: > > but if you want it to be encrypted to you, then you need to > > publish a key.
Ed Gerck wrote: > This IS one of the sticky points ;-) If postal mail would work this > way, you'd have to ask me to send you an envelope before you can > send me mail. This is counter-intuitive to users. Public key should be part of signature. > Your next questions could well be how do you know my key is really > mine... If key is part of signature, you know it really belongs to the person who posted the item to which you are replying - and sometimes that is the thing that you really want to know. Of course you do not know that the person to which you are replying is really the person he represents himself as being - is he really the fraud control officer for your bank? But presumably you are interacting with the bank through its website, so you, or rather your software, should damn well know the bank's public key, and the fraud control officer's signature should have a certificate by the bank attesting his relationship to the bank. > how do you know it was not revoked It should be checked every time you logon to the bank, and every time you logon, instead of telling the site your password, you proceed with a zero knowledge proof where both parties prove knowledge of the password without revealing the password. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG L4p0k6+mzp2x2QNOdALduMQfwAIXYrsJ3cVYYK4Q 4iEeX76ichaV+J6eVImNtWEoGzvMmAHKNHHix+chD --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]