Digital Signing (Beat The Dead Horse) was Re: Free Software for
m$
William Lindley
plug-discuss@lists.plug.phoenix.az.us
Wed, 25 Sep 2002 08:56:57 -0700 (MST)
On Wed, 25 Sep 2002, Matt Alexander wrote:
> Derek, but signing gives reasonable assurance that the email received
> is really from him.
OK, I get a message. It's signed. How do I verify the authenticity of
the signature? Against what database? If User X writes a message, sends
it ostensibly from Derek, and signs it with a bogus key, how do I know
that, unless I already have Derek's key... and in fact some huge database
of keys somewhere... it sounds like a data management nightmare, how is
everyone supposed to keep track of everyone else's keys???
Still not getting it,
\\/