It's all about security!

Digital Signatures and Email

, posted: 17-Jun-2006 10:28

Digital signatures are widely used all over the web for verification and are now also being used to sign things like device drivers ...etc. One thing that I find interesting tho is that not many people in corporates or otherwise are using them to sign their emails (judging by my limited number of contacts! corporate and otherwise). This makes me wonder why. You may think that you dont need a digital signature as you can always check the message headers and identify the source of the message and you'd know if it was authentic or not, but what about a spoofed message that was sent to you from an internal network, how would you know that the message can be trusted? Imagine this happening in a corporation where there are high profile people or something - you get the idea anyway. Now one way to reduce compromise in such situations is to you a digitial signature to sign emails. But among my limited number of contacts- corporate and not -  Mauricio is the only person I know who uses a digital signature. So if they are not important, then why is someone like Mauricio using them and if they are, then why are not that many people using them? (for me the issue is cost :-) )

Mauricio, I would like to know your opinions on this matter :-)

Other related posts:
I'm back!
Security in Windows Vista
What is the Bell-LaPadula model?

Comment by freitasm, on 17-Jun-2006 11:30

I use the signature because it's a way to identify myself to others - they know that's a valid signature and message, that malware won't be able to use the signature from the certificate storage, etc.

Also because there's no "I said, you said". If you get my message and it's signed, the e-mail client will tell you if it's been tampered in any way, so in any case everyone knows that the message is true to the original form.

When I was working in the big mean cubicle world, the big corporate company, my co-workers wouldn't understand why I was creating PDF files to send to clients, instead of simply sending the Word document - which everyone knows contains more information than we may want to disclose.

It's all about information security and management, really.

Author's note by Dan, on 17-Jun-2006 11:37

So why is it then that using signed emails are not very common in corporates ...etc? Do people not care much about security? I think I should turn this into a geekzone forum post :-)

Comment by taniwha, on 5-Jul-2006 19:01

some of my clients (humans, not software) will not accept email unless they're GPG signed.

Comment by barf, on 18-Jan-2007 20:25

I use GPG signing and it seems more common than S/MIME signing (by my own observation). The idea of paying to have an S/MIME key signed by one of the major x.509's doesn't appeal to me.

Add a comment

Please note: comments that are inappropriate or promotional in nature will be deleted. E-mail addresses are not displayed, but you must enter a valid e-mail address to confirm your comments.

Are you a registered Geekzone user? Login to have the fields below automatically filled in for you and to enable links in comments. If you have (or qualify to have) a Geekzone Blog then your comment will be automatically confirmed and placed in the moderation queue for the blog owner's approval.

Your name:

Your e-mail:

Your webpage:

DanDotNet's profile

Daniel Wissa

Recent Posts

Yet another Tech Journey!


Amazon Links