On Thu, 29 May 2003 06:20:47 +0200, Anthony Atkielski
A simple e-mail implementation of this would be to place a random string in
the subject line of a message intended for a specific recipient that serves
the same purpose as this "secret number."
This works for the somewhat restricted case of e-mail between people who
already have some out-of-band way of communicating.
You're welcome to extend your proposal to handle bootstrapping
communications between people who haven't before - if the whole intent
of the "secret number" is so I can ignore email without it so I don't
get spam, people can't send me e-mail to ask me for a secret number
so they can e-mail me...
And if I *still* have to check my mail that doesn't have the number on it,
in case I've missed a request like that, what has this proposal bought me?
Hash it and sign it with the public key of the recipient. That would work,
because spammers would not have the public key, whereas legitimate senders
Only if it's an *UNPUBLISHED* public key - at which point it just degenerates
into your "secret number" protocol, with the same bootstrapping issues.
Description: PGP signature