Re: Email encryption and virus scanning

[Dave Piscitello <dave () corecom com>]

At 08:44 AM 5/21/2002 -0400, Frederick M Avolio wrote:
> If you do use encrypted e-mail, do you really (no, really) use authentication?

Heresy! Recant lest we impale thee on a sharp spike!

> The question needs to be massaged, but I think everyone gets the idea. 
> What, ho! Authentication! Integrity checking!! But if Dave sends me an 
> email I am more likely to trust the context of the e-mail (does this sound 
> like Dave's normal eloquent prose?) than if the signature checks 
> (something must have broken the email as it was processed).

Thanks for the compliment. I  agree that authentication alone isn't
sufficient to assert complete trust in the contents of an email's message body
and attachment. But context doesn't scale. Think of encrypted and signed
email from Wachovia Bank's confirming a transaction - authentication is really
all I can rely on.

David M. Piscitello
Core Competence, Inc. &
The Internet Security Conference
3 Myrtle Bank Lane
Hilton Head, SC 29926
dave () corecom com
www.corecom.com
www.tisc2002.com
hhi.corecom.com/~yodave/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards