Julien Pierre wrote:
On the other hand, for someone to send you a signed e-mail, they have to obtain their own certificate from a CA, and agree with their terms of service, and the CA has the ability to revoke the certificate if those terms are broken. Therefore, using digital signatures for spam filtering makes sense, but using encryption does not.
I think the main advantage is that your whitelist can be assured that it is a known sender, due to the caching of the cert. If it is a CA-signed cert or not seems irrelevant, as a spammer can send out a squillion messages well before a CA signs up and decides to dust of the revocation software.
Any CAs around who'd like to comment on how long it might take to revoke a cert?
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
