Home page logo

nanog logo nanog mailing list archives

PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing)
From: Jeroen Massar <jeroen () unfix org>
Date: Fri, 10 Feb 2012 18:46:43 +0100

On 2012-02-10 18:37 , Leo Bicknell wrote:

There's no reason my mail client shouldn't validate the signed e-mail
came from the same entity as the signed web site I'd previously logged
into, and give me a green light that the link actually points to said
same web site with the same key.  It should be transparent, and secure
for the user.

That is a rather nice idea. Most people, especially the common ones, do
not use PGP or heck even S/MIME though and only when one is included in
the web-of-trust can one actually verify these. Of course when that is
done, one should be able to match up email address and website URL quite
easily and your trick will work, at least one can then state:
  "the sender, who is verified by trust, is pointing to his/her
   own website."

The problem still lies in the issue that most people, even on this very
list, do not use PGP or S/MIME. (and that there are two standards does
not help much there either ;)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]