PGP, S/MIME + SSL cross-reference (Was: Dear RIPE: Please don't encourage phishing)

Jeroen Massar jeroen at unfix.org
Fri Feb 10 17:46:43 UTC 2012


On 2012-02-10 18:37 , Leo Bicknell wrote:
[..]

> There's no reason my mail client shouldn't validate the signed e-mail
> came from the same entity as the signed web site I'd previously logged
> into, and give me a green light that the link actually points to said
> same web site with the same key.  It should be transparent, and secure
> for the user.

That is a rather nice idea. Most people, especially the common ones, do
not use PGP or heck even S/MIME though and only when one is included in
the web-of-trust can one actually verify these. Of course when that is
done, one should be able to match up email address and website URL quite
easily and your trick will work, at least one can then state:
  "the sender, who is verified by trust, is pointing to his/her
   own website."

The problem still lies in the issue that most people, even on this very
list, do not use PGP or S/MIME. (and that there are two standards does
not help much there either ;)

Greets,
 Jeroen




More information about the NANOG mailing list