[asterisk-users] Security communication dilemma: your help needed
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sat Jan 10 10:39:14 CST 2009
On Sat, Jan 10, 2009 at 10:04:53AM -0600, Kevin P. Fleming wrote:
> Tzafrir Cohen wrote:
>
> > Suggested modification)
> >
> > X also signs the message with his public key.
> >
> > (If X doesn't want to, this automated procedure will not apply)
>
> I don't understand; if X signs the message using his public key, then
> recipients would need X's private key to verify the signature. Who would
> have that besides X?
Many people publish their public key on keyservers.
>
> > The security alias processor has in its keyring the "approved" public
> > keys. If the signature passes, the mail can be simply forwarded as-is.
>
> No, it can't. It has to be sent onwards to the recipients in encrypted
> form, and the original message can't be sent to them because they don't
> have the private key to use to decrypt the message (they would all need
> the security@ private key to do so).
This means that the message can no longer be signed.
>
> > Rationale: I wouldn't want this delay for every message I send through
> > the alias.
>
> I don't imagine this would take more than a minute to process a message.
> It would hardly be noticeable.
It makes email interactive. Email (by nature) isn't. I hate it when I
have to confirm everything. Even more so when I have to do it every time
around.
Use XMPP instead.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list