Authenticating email
Trevor Smith
pmmail@rpglink.com
Thu, 04 May 2000 10:41:57 -0300 (ADT)
On Wed, 03 May 2000 09:02:11 -0400, Jonathan B. Bayer wrote:
>At least with registered smail, the mailman gets a human signature.
>Yes, it can be forged, yes, it may not be the same person. But at
>least there is some physical evidence which can be used for
>authentication purposes. If someone swears they didn't receive
>something, and the PO supplies a signature, the police can compare
>signatures to see if it belongs to the person or not. Not perfect, but
>still understandable to most people.
I just had a great idea. What if there was a registered mail for
email systems? What if you couldn't get the email that was delivered
to you until you submitted a digital signature? Hmm...
I send you a conventionally encrypted message as an attachment (a
message that is just encrypted with a password, not a public/private
key system) *and*, along with that, a short plain-text message that
says:
The attachment to this message is encrypted. To receive the
decryption password by email, simply reply to this message, and sign
your reply with PGP/GnuPG (or some other OpenPGP equivalent).
I receive your signed reply, verifying that you have received the
message and the password is sent to you.
--
Trevor Smith | trevor@haligonian.com
PGP public key available at: www.haligonian.com/trevor
PGP Public Key Fingerprint= A68C C4EC C163 5C0A 6CFA 671F 05D4 0B30 318B AFD6