North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: What happened to dot pro... (BTW)

  • From: Bradley Dunn
  • Date: Sun Feb 01 23:07:38 2004

John R Levine wrote:
A PGP or S/MIME signature assures you that the mail definitely came from
the address it purports to come from, but it doesn't tell you whether that
person is who you think it is.  That's where limited access domains can
No actually a PGP signature assures you that a particular private key was used to sign a message. It doesn't tell you whether that key belongs to who you think it does. Thus you would verify the key fingerprint via an out of band method (phone, in person, business card). I don't see how a limited access domain helps in binding keys to people, unless the registrars are going to start acting as CAs as well. Anyone can create a PGP key with [email protected] as an associated email address.