Wow! What a mighty leap of faith!
Let me offer a different view...
Stephen's CERT proves that the sender is a person who got a CERT from some CERT
provider and has a contract with that provider, but has no contract with
Anthony,
so that when Steven does something bad to Anthony, like snd him some spam, and
Anthony complains to the CERT provider, the CERT provider is going to say
"You don't have any contract with us, so we do not owe you anything."
In fact, Anthony might not even be findable because of his holding a CERT,
because he was able to obtain the CERT with false information.
So, I have to ask why you trust those CERTS.
I don't trust em just because they come with a contract that denies all kinds
of liabilities in the reliance on or use of those CERTS.
The problem is that I do not trust the transitivity of trust as required by PKI.
This is because I have ever seen proof of trust transitivity.
Show me the proof of it and I will believe it, if your proof stands up!
Cheers...\Stef
At 23:08 +0200 6/4/03, Anthony Atkielski wrote:
Stephen writes:
Does my signature on this message make you trust
it more than, say, the ten ads you got this morning
for Viagra?
Yes.
Why or why not?
It proves who you are, which means that you expose yourself to a certain
extent in the event that you do anything inappropriate with your e-mail.
This implies that your intentions are honorable; and even if they are not,
the signature makes you easier to track down and take action against. So it
makes one feel a bit warmer and fuzzier.
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Disposition: attachment;
filename="smime.p7s"
Attachment converted: Viking5:smime.p7s (????/----) (00097E08)