> In your opinion, is it > cryptologically feasable > > to generate a signature system that cannot be easily faked? > It seems > > that if rpms can be verified against GPG keys, then the > same could be > > applied to email. Would this be sufficient security? I do > not know, > > but I believe it is worth discussion. . . . . > The question is then: is such a solution less resources consuming like > doing the virus testing your own? > Good points both. To Dale's post, consider the overhead of encrypted email as with GPG/PGP. It is possible to assure the integrity and source of an email message using GPG keys. But this assumes that both sender and recipient have key pairs, that the keys are not compromised, that the sender has access to the recipient's public key, and that the recipient has access to (and trust in) the sender's public key. Quite a lot of infrastructure needed just to send a message. GPG keys on packages work because the situation is different: The value of a package is higher to the recipient than that of many email messages. There is no need to validate the identity of the recipient, as is done for email messages, when distributing packages. There are far fewer keys for users to manage. It would be a different matter entirely if every package and every update required acquiring a unique key, as is potentially the case for email messages, where there are many senders and many recipients. A useful model remains that of physical mail systems. "Snail mail" postal systems have a number of built-in advantages that email systems do not have: A trusted channel. Although theft of the mail is possible, physical mail is handled by a national postal organization. No one sends mail by giving it to his neighbors in a form that they can read, and asking them to pass it along. Users do not have to have any kind of special mailbox or key to use this trusted channel. A legal framework and enforcement capability. There is an established understanding in each nation about what constitutes legal and illegal use of the mail. Standards for acceptable and unacceptable mail. Postal authorities can refuse mail that is dangerous or unfit for the mail stream. An economic model that encourages responsible use of the mail. The majority of the cost of sending mail is borne by the sender and not the recipient. The cost of sending messages increases with the size, distance, and quantity of messages to be sent. Quite the opposite is true of email. Without these, we are left to sort our own mail, so to speak. With these in place, email would be quite different than it is today. Erik
