funsec mailing list archives
Re: facebook messages worm
From: der Mouse <mouse () rodents-montreal org>
Date: Thu, 7 Aug 2008 12:41:53 -0400 (EDT)
The *real* problem is that digital signatures for E-mail work in *exactly the same way* and provide *the same protection* as SSL does for the Web.
Yes, that's the problem, not the solution statement.
It's also wrong. SSL is an interactive protocol; signed email isn't. SSL uses certs and the CA chains they imply. Some digital signature schemes for email do, perhaps, but some don't; it certainly is not inherent in "digital signatures for E-mail". SSL provides secrecy; signed email doesn't. (Encrypted email does, but you said "digital signatures".) To name just three. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse () rodents-montreal org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: [Full-disclosure] facebook messages worm Juha-Matti Laurio (Aug 06)
- Re: facebook messages worm Gadi Evron (Aug 06)
- Re: facebook messages worm Martin Tomasek (Aug 07)
- Re: facebook messages worm Gadi Evron (Aug 07)
- Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
- Re: facebook messages worm Valdis . Kletnieks (Aug 07)
- Re: facebook messages worm John C. A. Bambenek, GCIH, CISSP (Aug 07)
- Re: facebook messages worm der Mouse (Aug 07)
- Re: facebook messages worm Valdis . Kletnieks (Aug 07)
- Re: facebook messages worm der Mouse (Aug 07)
- Re: facebook messages worm Martin Tomasek (Aug 07)
- Re: facebook messages worm Gadi Evron (Aug 06)