On Sun, 9 Oct 2005 13:44:42 GMT Tim Tyler <[EMAIL PROTECTED]> wrote:
> In comp.lang.java.programmer Roedy Green > <[EMAIL PROTECTED]> wrote or quoted: > > > Read my essay. > > http://mindprod.com/projects.html/mailreadernewsreader.html It's gone :-) > FYI, this bit: > > ``Like ICQ, someone cannot send you mail without your prior > permission. They can't send you mail because they don't have your > public key to encrypt the mail.'' > > ...is pretty confusing - because "public key" is a term with a > technical meaning in cryptography - and a public key really *is* > public. > > If you want to allow email only from a list of senders, then you use > a simple white list. Cryptography is not needed or desirable if this > is the intended goal. But what is desirable is the possibility to authenticate the sender of the message as genuine, given the ease with which SMTP headers can be spoofed. Maybe this is suggested in Mr Green's essay, but cryptographically signed email (using the originator's _private_ key), where the signature and hence the originator of the mail can be verified independently, would be very useful. The problem is to get everyone to use digital signatures, and to ensure that such a signature can be linked to an individual or business. I've no illusions here. Take care, -- Stefaan -- As complexity rises, precise statements lose meaning, and meaningful statements lose precision. -- Lotfi Zadeh -- http://mail.python.org/mailman/listinfo/python-list