 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> From: Bill Ricker [mailto:bill.n1vux-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org] > Sent: Friday, June 10, 2011 9:35 AM > > a signature with a free CA cert deserves no trust - it verifies the > email address was the email address on a certain date only. Same as PGP. The only reason you might trust PGP more is because you were talking to the person on the phone when they said "I'm sending you my signature now." or you got their signature via some other means, which you feel is externally verifiable somehow. It's the external context that gives you more trust. But you can certainly establish all the same external context using S/MIME or PGP alike. The only difference is whether or not you HAVE TO establish external context.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
