On Wednesday, September 25, 2002, at 09:59 AM, Thoreau wrote:
> I see an attachment, if I don't know what it is, the message is
> deleted.
> The message better have a damn hefty description for me to even
> consider
> opening it. I do not need a signature to tell me wether or not to open
> a
> file. Common sense, and even an up-to-date virus scanner can do
> wonders for
> keeping you safe.
It is unfortunate that some e-mail clients do not handle the standards
properly. I should think it would be possible, however, to view an
attachment with executing it. Assuming that MIME is being used (which
sounds like the case), shouldn't Outlook Express recognize that the
attachment is "text/plain"?
Just as an aside, many mail clients place a forwarded e-mail as an
attachment (I suppose to distinguish between the original and the
recipient's comments. This, too, should open properly in Outlook
Express, right? If so, then what is the difference here?
> Suppose someone gains unauthorized access to Derek's machine? That
> person
> could send out anything they want, signed, and I would be putting my
> faith
> in that signature? Not likely.
The first problem is that someone must gain access to Derek's machine
with sufficient privileges to access his stored keys (assuming that the
keys are stored on the disk and not a removable device).
The second problem is that they must discover his passphrase in order
to use the private key (the keys are encrypted on the disk).
The third problem (I think . . . I get a bit hazy here) is that if
Derek learns of the intrusion he can expire the key so that it may not
be used again. However, I think a previous poster was demonstrating
that the keys can still be used because it doesn't (at least by
default) check the key server upon every use.
- --
Voltage Spike
,,,
(. .)
- --ooO-(_)-Ooo--