> From: Bill Ricker [mailto:bill.n1...@gmail.com] > Sent: Friday, June 10, 2011 9:35 AM > > a signature with a free CA cert deserves no trust - it verifies the > email address was the email address on a certain date only.
Same as PGP. The only reason you might trust PGP more is because you were talking to the person on the phone when they said "I'm sending you my signature now." or you got their signature via some other means, which you feel is externally verifiable somehow. It's the external context that gives you more trust. But you can certainly establish all the same external context using S/MIME or PGP alike. The only difference is whether or not you HAVE TO establish external context. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
