On Thu, 29 May 2003 06:20:47 +0200, Anthony Atkielski <anthony@atkielski.com> said: > A simple e-mail implementation of this would be to place a random string in > the subject line of a message intended for a specific recipient that serves > the same purpose as this "secret number." This works for the somewhat restricted case of e-mail between people who already have some out-of-band way of communicating. You're welcome to extend your proposal to handle bootstrapping communications between people who haven't before - if the whole intent of the "secret number" is so I can ignore email without it so I don't get spam, people can't send me e-mail to ask me for a secret number so they can e-mail me... And if I *still* have to check my mail that doesn't have the number on it, in case I've missed a request like that, what has this proposal bought me? > Hash it and sign it with the public key of the recipient. That would work, > because spammers would not have the public key, whereas legitimate senders > would. Only if it's an *UNPUBLISHED* public key - at which point it just degenerates into your "secret number" protocol, with the same bootstrapping issues.
Attachment:
pgp00245.pgp
Description: PGP signature