Julien Pierre wrote: > > Steve, > > Dr S N Henson wrote: > > > Frederick Roeber wrote: > > > >>>I'm of the opinion that encryption and signing should be turned on > >>>by default > >>> > >>Turning on signing by default might be dangerous, not everybody is > >>comfortable with a Legally Binding Signature on every random note they > >>send. (Plausible deniability can be a good thing!) > >> > >> > > > > Not to mention being flamed in many mailing lists or newsgroups. > > > > Spammers would also love that. > > How would they love it ?
Because they could scan a newsgroup or mailing list and be fairly confident that the email adresses they received (in certificates) are genuine. In some newsgroups (uk.telecom.mobile is one) sending a message with a genuine email address results in large quantities of related spam in record time. > I'm not sure if it would be such a problem actually. > The "auto signing" feature could be taken one step further. > Eg. there could be a new type of e-mail filter that for unsigned or > unverified emails. At some point in the future, I would like to set the > action for that filter in my e-mail client to automatically move all > matching messages to the trash. I don't know about you, but I just don't > think anonymous e-mails are worth replying to, and this type of filter > would automatically get rid of all anonymous correspondence, most > notably spam, because the spammers would face legal charges if their > emails contained a legally binding signature. Thats another issue. I for one don't want any throw away comment I make to be a legally binding so I rarely sign emails other than for future encryption. > That would of course assume that there are worthy CAs out there that I > can trust in my browser to do a good job of verifying users when issuing > certs ... Well at present your typical "this certificate isn't worth the paper its not printed on and we want to bloat each certificate by 1K saying so" CA can't guarantee anything other than at one point in time the email address was valid: they will happily certify freeware email accounts from yahoo et al. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
