Re: facebook messages worm

[der Mouse <mouse () rodents-montreal org>]

> > > The *real* problem is that digital signatures for E-mail work in
> > > *exactly the same way* and provide *the same protection* as SSL
> > > does for the Web.
> > [That's] wrong.
> That the same people who don't understand that the little padlock
> doesn't guarantee that you're talking to the website you think you
> are, will also fail to understand that the little e-mail padlock
> doesn't guarantee that the e-mail is from who you think it is.

This sound as though you're saying "protection A doesn't provide what
the typical naïve user mistakes it for; protection B also doesn't
provide what the typical naïve user mistakes it for; therefore, it's OK
to say that protection A and protection B provide *the same protection*
in *exactly the same way*".

Even though they don't provide the same protections (secrecy against
passive snoopers is a big one) and the protections they do provide are
not done in the same way (in at least two respects).

Which is what I'm calling foul on.  They are the same in one
(admittedly fairly significant) respect - not being what they're
naïvely mistaken for - but that hardly makes them the same, and
definitely does not mean they do what *is* the same in the smae way.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.