Re: Signature as Header
Nelson Bolyard wrote:[color=blue]
> Daniel wrote:[color=green]
>> David E. Ross wrote:[/color]
>>> You want to send an encrypted message to Betty. You use her public key.
>>> It's PUBLIC. Neither you nor Betty care if the bad guys have that key
>>> because it can be used only to encrypt, not to decrypt.
>>> Betty receives your message. She uses a combination of her private key
>>> and her passphrase (like a password but longer, perhaps with spaces and
>>> punctuation) to decrypt the message. Her PRIVATE key is indeed private;
>>> no one else -- not even you -- has it. Her passphrase should exist only
>>> in her head and is not communicated to anyone.
>>> For Betty to send you a confidential reply, she uses your PUBLIC key.
>>> You must then use your own private key and your own passphrase.
>>> This is called public key/private key or asymmetric encryption. Note
>>> that my own public keys (I use two) are on my Web site at
>>> <http://www.rossde.com/PGP/mykeys.html>. I won't tell you where my
>>> private keys are or the file name under which they exist.
>>> For more details, see <http://www.rossde.com/PGP/pgp_encrypt.html#basic>.[/color]
>> Nope! Lets give up, Ross, but thanks for trying.[/color]
> Daniel, Despite your dismissive response, the system of public keys that
> David described is essentially the system used by the US government for
> transmission of all encrypted email, including classified. David described
> PGP, but a similar (equivalent) system, known as Secure MIME (S/MIME) is
> what the government uses, and it's implemented in mozilla email clients such
> as Thunderbird and SeaMonkey today (has been for about 8 years).
> Lots of US military folks use mozilla email clients for their daily work.
> The crypto in those mozilla clients is formally approved by the US government
> for those purposes. It's also found in Microsoft Outlook and Outlook Express,
> if I'm not mistaken, so it's available on virtually every desktop today.
> The system you described, with shared keys good for a day, or a week, or
> a month, while very old, is also very weak due to its shared nature.
> Modern public key systems don't share those weaknesses.
> I encourage you to find out more about them and about S/MIME.
> I think S/MIME could be part of the solution you seek.
Nelson, I don't have any need for secure, one-on-one, communications,
except for banking type stuff, and, in that case, they look after the
encryption, by using the methods you and David explain. Must work,
otherwise people would be bitching all over the place!
Just cannot see how I can have secure comms with you, one-to-one, and
secure comms with David, one-to-one, by using just one public key.
Don't worry about it.