On 9/23/2004 11:02, "Greg A. Woods" <woods@???> wrote:
> SPF cannot do anything about forgery for those millions of people who
> will never use it either -- it's quite literally an all-or-nothing
> "solution" that must be implemented by all mailers everywhere in order
> to even begin to be effective whereas PGP guarantees to stop forgery for
> every paired sender and recipient who use it and deploying PGP is done
> on an as-needed basis and requires absolutely no co-operation on the
> part of any ISP or postmaster.
Where the private key and passphrase haven't been stolen from the machine(s)
at one end or the other of the pair of people. (The theft can be rendered
moot, but only after it's detected.)
And where the two people are both in countries where encryption is legal (or
they don't care). And if the people involved avoid 8-bit problems in
transmission.
And, for the s/mime form, where intervening mail servers haven't stripped
the MIME part or done other damage to the signed portion of the message
(detection is easy...avoidance may not be).
Your message (in the less vulnerable form of signing) seems to have survived
all that. Now, if I knew you were you, I could get rid of the
Invalid key part of the Status and the Alert.
*** Status: Good Signature from Invalid Key
*** Alert: Verify signer's key before trusting.
PS: I *suspect* you are you.
--John
