Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Protect email with digital certificates' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Protect email with digital certificates
Authored by: tonygoulding on Jun 24, '06 12:10:12PM

Digital signatures offer a strong trust mechanism for things like email messages and (as has been stated) validating the signature against the public key of the sender is a good security step to help ensure the integrity of the message (i.e. it hasn't been tampered with) and authenticity of the sender. However, there is a further step if you want to fully leverage this trust model.

If my private (signing) key has been compromised allowing a baddie to masquerade as me by signing mails with my private key, then I would want to revoke that certificate with the Certificate Authority (CA) that issued it. If your application (such as Mail) doesn't take the next step of performing a REVOCATION check of the certificate with the issuing CA, you might have a false sense of trust in the signature.

Some applications have this revocation checking ability built-in; some do not. Not sure about Apple Mail (although requirements for CRL/OCSP checking can be switched on/off I believe in the Keychain).

Agreed, that this might be an unlikely situation and overkill for Joe Average, but worth noting nontheless.


[ Reply to This | # ]