Jargons of Info Tech industry
Stefaan A Eeckels
tengo at DELETEMEecc.lu
Sun Oct 9 10:42:02 EDT 2005
On Sun, 9 Oct 2005 13:44:42 GMT
Tim Tyler <tim at tt1lock.org> wrote:
> In comp.lang.java.programmer Roedy Green
> <my_email_is_posted_on_my_website at munged.invalid> wrote or quoted:
>
> > Read my essay.
> > http://mindprod.com/projects.html/mailreadernewsreader.html
It's gone :-)
> FYI, this bit:
>
> ``Like ICQ, someone cannot send you mail without your prior
> permission. They can't send you mail because they don't have your
> public key to encrypt the mail.''
>
> ...is pretty confusing - because "public key" is a term with a
> technical meaning in cryptography - and a public key really *is*
> public.
>
> If you want to allow email only from a list of senders, then you use
> a simple white list. Cryptography is not needed or desirable if this
> is the intended goal.
But what is desirable is the possibility to authenticate the sender of
the message as genuine, given the ease with which SMTP headers can be
spoofed. Maybe this is suggested in Mr Green's essay, but
cryptographically signed email (using the originator's _private_ key),
where the signature and hence the originator of the mail can be verified
independently, would be very useful. The problem is to get everyone to
use digital signatures, and to ensure that such a signature can be
linked to an individual or business. I've no illusions here.
Take care,
--
Stefaan
--
As complexity rises, precise statements lose meaning,
and meaningful statements lose precision. -- Lotfi Zadeh
More information about the Python-list
mailing list