On Wed 2015-02-11 10:37:34 -0500, David Gil wrote: > Using the same key for signing as for encryption gets vastly weaker > security guarantees (i.e., Gap-DH for EC).There is no excuse for a > new cryptosystem/deployment to do this.
Agreed. > PS. Is messaging@ still forging 'From:' headers? The message as in fact from you. Keeping the From: header intact is hardly "forging". https://tools.ietf.org/html/rfc5322#section-3.6.2 says: The "From:" field specifies the author(s) of the message, that is, the mailbox(es) of the person(s) or system(s) responsible for the writing of the message. For example, if a secretary were to send a message for another person, the mailbox of the secretary would appear in the "Sender:" field and the mailbox of the actual author would appear in the "From:" field. The mailing list is acting as a glorified secretary here. --dkg _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
