Sean Witham wrote:

> > Thanks, but that will not do. The encryption systems that are free will never be
> safe anymore!
>
>> How did you come to that conclusion ? as for your comments about encrypted email.
>
I  owe an apology to all well-meaning folks for my above statement I made after I
received few insults. All the contemporary legitimate public security systems are
secure enough for most of public communications. In fact the signature I used, and
which spawned some interests, is also based on public cryptography.  It is only
blessed by the U.S. government so it can be used in North America as well as overseas
(internationally).


> Digtally signing a querry sent to a help mailing list gains nothing of value becaues
> there is nothing of value to lose. You don't even need accountability. It doesn't
> matter if the reader can not prove you sent it. If you want people to be able to
> cross check these postings against more important ones than md5 string of you public
> key would be sufficently secure for the purpose. Some encryption systems support
> this week key tag for unimportant email.

The signatures used in current mailing lists are not matured, not because of any
particular cryptography method employed, but because most mail-agents are incapable
of  efficiently hiding the details from users (i.e. the garbage at the end of the
message should be hidden behind a few character code or an icon on GUIs, and a
mechanism should be provided by the mail agent to obtain readable information about
the signature should the reader desire to investigate farther.)

The potential of electronic signatures used in mail-list is not so much a protection
for the reader as for the sender. Namely, the feature called {{ Non-repudiation }}
when applied and obtained from a "un-compromised" CAs, can serve to verify the content
of the signed message after it was signed, so not an intruder nor the sender can alter
it at any time "soon", after the message was signed, so even a sender can not claim,
they didn't write what the signed.

========= PLEASE READ THIS =================
Now, I really wish to disengage from this discussion. I am no authority on this
subject, and all the talk about the strength of the encryptions, algorithms, and
implementations of these is not in my interests, and perhaps not even for the entire
netbsd-help. There are other groups which deal with this subject matter.
==========================================

What, perhaps, we should discuss some day is how to improve miscellaneous  mail-agents
by encapsulating the security features in configuration details, hence, relieving
regular users from the clutter and currently purely managed encryption standards
around the globe due to mostly political and criminal interests in this area. In my
opinion, this would be far more productive activity in the fight against monopolistic
interests of  few large corporations and even governments, when it comes to protection
of privacy.

Do not doubt the cryptography art and/or science, doubt you will ever be able to
verify it. There is a simple way to achieve the highest security possible,
unfortunately those who need it the most and have the most to say about it are not
interested in implementing it.

A brute-force attack to some today considered "insecure" public/private key systems
would need fifteen thousand (15,000) times the age of the universe to break! Who are
we/they kidding? Even a year, or day of  super computer time for that matter protects
me well enough, and I think most of earthly communications today.

-- Igor