allows readers of this email to trust I am who I claim to be, "legally"
(as if I showed an ID).
"Legally"?--Talk about a disaster in the making, but one that spammers
might save us from by demonstrating it's foolishiness. Where will
the secret key for signing mail be kept, but in something like an
"address book"? Will "user friendly" operating systems require a
passphrased for each use of the secret key?--probably not. Even if
they did, think of the trojan horses you could easly write if you went
over to the dark side. You might look for the WIN32 "event" that
posts the secret key passphrase "dialog box" and then capture keystrokes.
Or you might mount a dictionary attack on the passphrase using a canned
list of 1000 words plus the user names found on the system. Or you
might pop-up your own imitation of the passphrase dialog box. ...
but let's save that fun game for some other time.
The talk (and new laws) about legally binding crypto signing is as
ridiculous as the talk about how "personal firewalls" make unsafe
systems safe. In the real world, virus and worms turn off "Zone
Alarm" and other "personal firewalls" before they start doing their
real work.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com