On 17/09/2014, Kevin <kevinsisco61...@gmail.com> wrote: > As someone who deals with security measures each day I need to come at > it from that angle. Your method is great save for the fact that > spammers love spoofed addresses. I doubt anyone could trust something like > abcdcdhhiklklklmnffff...@hotmail.com > Am I missing something? If I'm not, it seems more measures should be > taken. What about digital signatures? Would you change the scheem? > > > -- > Kevin > >
Well, each email is digitally signed using the sender's key (as well as being encrypted using the recipient's key) so it's impossible to spoof the address. As for trust, I think the whole point of cryptography is that you should trust the digital signature rather than just checking the sender's address. With my scheme, the address and the public key are the same thing, so if an email is forged then the software can say "This email isn't really from that address" rather than "Error! Invalid key". I haven't changed anything in terms of the cryptography - I'm just trying to make things more usable. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
