From: Brad Templeton (brad@templetons.com)
Date: Thu Jun 03 1999 - 15:10:54 CDT
On Thu, Jun 03, 1999 at 03:46:02PM -0400, Dave Barr wrote:
> What about a dual signature system?
>
> Sign the body in an entirely mail-compatible way. This retains full
> compatibility with mail and news gateways, and with mail clients.
> We don't even need to decide on which one -- let the market figure out
> which one is best.
The point is that there really is no "mail compatiable way." In spite
of many proposals no method of signing mail between strangers is yet
adopted with any significance.
There are some systems for intra-company mail or parties who arranged things
in advance. But USENET is all about messages among people with no prior
contact.
The PGP web of trust is a cool idea but it hasn't panned out. Only a tiny,
tiny faction of mail is sent PGP signed or encrypted, and unless you
regularly correspond with the person you don't have their key in your
ring.
USENET will actually break the ground in signatures and certificates
because in USENET you actually need a real cert/signature system. You
have no choice. You have broadcast messages among people who are
strangers.
> Optinally sign the headers with a pgpverify-style system.
For USENET, signing the headers is the primary goal, not the secondary
goal. Signing the body is of course important if there is a body, and
there is no reason not to sign the body, but signing the headers is
the first goal. We want to stop forgeries, and unauthorized postings.
A signature system is of limited value if people can't understand it.
Mail clients are not currently able to understand a random signature
from a stranger, except perhaps some X.509 S/Mime implementations.
These methods are not suitable for news.
> However, it's proven and would work now with minimal effort.
It is not proven, not that i have seen.
I've written extensively on what we want to do with signatures, and
the signing of messages bodies with multipart/signed is simply way
down on the list.