Re: Should IETF do more to fight computer crime?

[Bertrand . Ibrahim]

Steve Bellovin <[EMAIL PROTECTED]> said:
> I'm far from convinced, for example, that the LOVEBUG  virus would
> have been prevented were all mail digitally signed, because  I
> strongly suspect that the attack would have invoked a digital
> signature API to generate digitally-signed copies of itself.

I would hope that any software I use, that is able to put my digital signature
on some data, would ask me for my pass-phrase every time my private key is 
used. I would even hope that such software wouldn't be able to use my private
key without the pass-phrase, otherwise anybody with access to my computer could
easily forge my signature.

If this requirement is not met, the digital signature has no value.

Peace,

Bertrand Ibrahim.
--------------------------------------------
[EMAIL PROTECTED]
http://cui.unige.ch/eao/www/Bertrand.html