Of the five or so papers that I red, the one entitled "Why Johnny Cant Encrypt" was very good. After I read the paper I did my first implementation of PKI with Thunderbird, Enigmail and Mozilla and Yahoo. I found my self remembering bits and parts of this forum as well as prior experience in setting up PKI infrastructure in a lab. I also began to draw certain references from studying topics such as elliptical encryption and other security related issues.
All of us are new in this post 911 cyber environment and the controls are still being implemented to monitor the people that protect our national cyber infrastructure. Accountability seems to increase when the data is encrypted as opposed to plain text. I am examining Finance House applications of PKI to establish identity (not hide it) so that transaction might be verifed with due diligence. This seems to be a certificate issue. If the certificate issuers are issuing certificates with reasonable due diligence then such transactions are reasonable. It is my opinion that certificates issued merely upon sending in a jpeg of your passport are not sufficient due to the capabilities of photo shop and the like. Thus predicating identity upon easily altered JPEGS does not demonstrate reasonable due diligence in order to cross reference to the Specially Designated National List and determine whether the access of the capitol is from Listees. Thank you for your time. Frank Spruill1701 Light StreetBaltimore MD 21230
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
