The main problem is an implementation problem, where a bad and popular version of Outlook was crashing when trying to verify the signature.
Now it all comes down to a global PKI, be it SSL/TLS or PGP. PGP has got it running at an individual user level with the www.keyservers.net but for TLS NO CA will deliver a certificate that can sign other certificates (corporate e-mail certificates). I think there are some attempt to do that...
If you look back on this list you will see a thread called GLOBAL PKI where there was a lot of discussion at the time...
For spamming having signed e-mail is good as you can trace back (traceability). But are you responsible when a virus on your computer sends signed e-mail with a virus attachment.
At a SPAM meeting before INET2002 a company talked about certifying advert....
Well all the options are open, but going to have a mainstream digital signature is the goal...
Cheers
Franck
On Wed, 2003-06-04 at 09:13, Harald Tveit Alvestrand wrote:
I thought I'd try this.... is there any particular disadvantage or centralization of power implied in me signing this message with my PGP key? If not, is there any particular reason that I shouldn't do this all the time? It's not a solution, but is there a downside? Harald Alvestrand, wondering.....
|
-- Franck Martin <franck@sopac.org> SOPAC |