My brother, Pete, asked a great question when I used a digital signature to sign a message to him: "So what's the benefit of signing? Is it something I could/would/should do frequently?"
He's referring to using a Digital Signature to electronically "sign" an email message. The digital certificate is impossible to forge, and proves that the message was really sent by the person who claimed to send the message.
When people habitually use these signatures, then it prevents someone else (like a spammer, or worse) from impersonating them.
In this case, I signed my message to him, which sent both my digital certificate and a code at the end of the message. This code was created by mathematically processing all the contents of the message and the certificate. The email program on his end compared the code to the contents of the message, and the certificate, and found that they matched. It also checked the certificate against the signature of the company that issued the certificate, to be sure the certificate itself wasn't forged. This meant that not even one letter in the message was changed between my computer and his.
If Pete then saved my signing certificate into his email program, he could also encrypt the messages he sent to me, and no one could read them except me.
Pete also has a "confidentiality notice" on his email - legalese saying that misdirected mail should be deleted. Lots of people use these, my work recommends this sometimes, too. If people encrypted all their confidential information, they wouldn't need the notice, misdirected mail would be unreadable by any unintended recipients.
Signed and encrypted messages are widespread in the DoD and somewhat in the geek community
In fact, messages containing attachments or links won't even go through the US Air Force mail system unless they're signed. Yes, this is a pain in the neck when we work with external organizations who don't have digital certificates.
I used Comodo for my free certificate at home, in Mozilla thunderbird
Apparently it's only valid for a year - I had forgotten that ( oh look, good until 5/24/2009 ) - I'll be interested to see what happens on May 30 - I think it'll die and I have to get another one. I'll pay for it then, I think.
The fact that Pete is pretty savvy in computers, and digital certificates are wildy useful to prevent identity theft, shows the problem.
Digital Certificates are not widespread use enough to make a difference right now. Why? That's another post.
Maybe someday.
Perry
AI and Voter Engagement
19 hours ago
No comments:
Post a Comment