At 05:06 PM 12/6/2001 +0100, Cedric Duval wrote: >This might be what you're searching for: > >(sorry for the long line)
thanks and the longline was not a problem. >Also see the reply from Jacques Distler. There might be some drawback. ah yes, the infamous "man in the middle" attack problem. Yes, we know it's there, and we're deliberately choosing to ignore it. Reason being is that the fix is relatively easy. Since we're planning on using PGP, once you have established contact with a party, you can display the fingerprint and call the other person on the phone and verify that you have the right key. Right now, encrypted e-mail sticks out like a sore thumb. Therefore, I think it's far more valuable to fill the network with opportunistically encrypted e-mail and let the concerned do their own key management to prevent attacks by key management issues. It's also important to make the opportunistically encrypted e-mail identical in format to of the explicitly encrypted e-mail so it all looks identical on the outside. ---eric
