Author: William Lindley Date: Subject: Digital Signing (Beat The Dead Horse) was Re: Free Software for
m$
On Wed, 25 Sep 2002, Matt Alexander wrote: > Derek, but signing gives reasonable assurance that the email received
> is really from him.
OK, I get a message. It's signed. How do I verify the authenticity of
the signature? Against what database? If User X writes a message, sends
it ostensibly from Derek, and signs it with a bogus key, how do I know
that, unless I already have Derek's key... and in fact some huge database
of keys somewhere... it sounds like a data management nightmare, how is
everyone supposed to keep track of everyone else's keys???
(text/plain)