Keyservers and the future

Mark H. Wood mwood at IUPUI.Edu
Fri May 20 16:21:36 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 19 May 2005, Radu Hociung wrote:
[snip]
> That's why I am asking the question: could PGP cope if all, or a
> significant proportion of all domains were to enable some kind of email
> transport authentication?

I don't see any connection.  PGP is a sublayer of the application layer.
Transport-layer trust is a separate issue.  PGP takes no notice of
transport mechanisms.

If I receive a message with an invalid PGP signature, or an unsigned
message from someone who habitually signs messages, I don't care how many
MTAs swear that the address is trustworthy; the *message* still appears to
be a forgery.

Transport authentication and message authentication address different
problems.  The only effect of widespread transport authentication on PGP
ought to be a small decline in use of PGP by people who don't understand
the distinction and are enjoying a false sense of security.

- -- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Open-source executable:  $0.00.  Source:  $0.00  Control:  priceless!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: pgpenvelope 2.10.2 - http://pgpenvelope.sourceforge.net/

iD8DBQFCjfJzs/NR4JuTKG8RAsz+AJ9+TOxmCVpeckFiobDu2wkttPL/3QCePsfN
LPwR0LQpeDMaagviTdS0HzA=
=JW+d
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list