GPG PGP S/Mime vulnerability

Anthony E. Greene agreene@pobox.com
Wed Aug 8 04:07:02 2001


On Tue, 7 Aug 2001, Guy Van Sanden wrote:

>Under ideal surcomstances, yes it should.
>But I've already placed orders (without signatures) in the past
>via free-form e-mails. In my case, I ordered a computer.
>
>I think that, if they make signed messages legally binding,
>someone could take this signed message and resend it to another
>store... I could secure myself against this by including things
>like the company name in the message, but as I forgot to do so
>in the past, a lot of users will to...
This is a function of poor ordering system design, not digital signatures. If the customer and the business chose to accept free-form email they have chosen to accept the risk of error. Tony -- Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/> PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D Chat: AOL/Yahoo: TonyG05 Linux. The choice of a GNU Generation. <http://www.linux.org/>