[Enigmail] signature test
Robert J. Hansen
rjh at sixdemonbag.org
Sat Feb 16 10:52:24 PST 2008
Florence Fix wrote:
> I want to be able to establish, in case of disagreement (or even
> litigation), the authorship of a given message purportedly sent by
> me.
Enigmail plus a one-sentence policy statement will do the trick. "No
message from me should be considered authentic unless it has a correct
digital signature."
If a student forges an email from you and tries to present it as the
real deal, there are two possibilities:
* The signature will be bad
* The signature will have been deleted
In either case, you can tell the administration "this student knows my
policy, and knows not to consider that message authentic."
In computer security we talk a lot about mechanism and policy.
Mechanism can be thought of as the machine portions of a system, and
policy can be thought of as the human portions. Mechanism and policy
are both useless in isolation; only when they're joined together do they
really become useful.
In this case Enigmail is your mechanism, and "no message from me..." is
your policy. :)
More information about the Enigmail
mailing list