On Mon, Oct 17, 2005 at 03:07:07PM +0100, Tim Green wrote:
On 10/17/05, Peter Bassill peter.bassill@starliteassociates.com wrote:
That would be a copy of my digital certificate....
Think secure, if it aint on there when I send a message, good chance it aint from me.
Without knowing how to verify your digital certificate, anyone could stick a 2KB file called "smime.p7s" on an email pretending to be from you.
I know at least mutt, evolution and thunderbird verify the certificate, if it's signed by a known 'good' cert authority, then it's alright, otherwise you might need to look in to it ;)
Of course, this is because some people decided that gpg was (obviously) less secure due to it's p2p nature for deciding wether or not you trust a key... of course, large key authorities are *much* more trust worthy and *never* do anything purely for the money... noooo...
Thanks,