V
Vanguard
Peter D said:applies equally to all other forms of identification, too.
But it doens't matter. Justifying the failure of one supposedly
trusted
system by pointing out that other systems are as vunerable (a too wide
generalisaiton imho) does ZERO to address the failure of the first.
Certificates give the impression of trust and security. They aren't
trustworthy (as demonstrated).
Because you and Roberto are using security certificates for the wrong
purpose. They do not identify nor validate the sender. You're
complaining that a screwdriver doesn't do as good a job as a hammer.
Right tool for the right job. Certificates identify the author, not the
sender. Other proposals are in place, like Yahoo's DomainKeys and SPF
(Sender Policy Framework) to help identify the sender. These proposals,
by the way, only address identifying the sender, not the author
specified by the certificate used in signing the *content*. Sender and
author are different identities which may or may not be the same.
Please explain why equating the sender identity (which is a very
desirable function) to the content author is important. I get a
digitally signed e-mail from you. You are the author of the *content*
of that message. You might be the sender of that content. I then
forward as attachment your message onto someone else but I also
digitally sign my message. Should my digital signature wipe yours? No.
My digital signature applies to MY content, not to the attached file
which is someone ELSE's content. The recipient should know which
content was signed by me and which content was signed by you. However,
the recipient of my message sees ME as the sender although it includes
signed content from you. There can be more than one author within a
message and the digital signature only identifies one of them for the
content against which the certificate was used to encode the digital
signature. I don't get to include other authors in my digital signature
just so I can make one of them in that e-mail list happen to match my
e-mail address in the delivered message to the recipient. That is one
scenario in which multiple authors are contained with one message.
How do I equate sender with author in my digitally signed message that
gets sent out through a bulk mailing service, like when sending a
newsletter to my subscribers? The sender is definitely not me. How do
I even add the headers into my digitally signed message that aren't even
there until the message gets delivered to the mail server? The mail
server is going to add several headers to my e-mail that obviously I
won't have at the time I am composing my e-mail and opt to digitally
sign it. You have software that sees into the future and can add the
appropriate information into your application? Hindsight is the only
perfect science but it is always retrospective. You are asking
certificates to perform a function for an event that hasn't happened
yet!
E-mail delivery has been an easily spoofable communications medium. It
was designed 20 years ago before the explosion of web access back around
1992-1994, back when users were more trustworthy themselves. The
community was smaller, more professional, and much better educated.
Suggestions to provide a completely new and forcibly trusted e-mail
protocol to replace SMTP have fallen on deaf ears, so instead the
current proposals are patches to the existing SMTP protocol.