Receiving digital signatures with Outlook Express

Bruce — Tue, 27 Apr 2004 12:39:02 +0000

What's "revocation checking" about, and does it matter that it's turned off? When you receive a digitally signed message using Outlook Express 6, you will see the following screen (unless it has been disabled): When you get past this warning, the digital certificate used to sign the e-mail message is indicated with a red ribbon: Clicking on this ribbon with allow you to view the details of the certificate. You will likely see a note that "You have turned off revocation checking": Here's what Outlook Express help has to say about revocation checking: How do you verify a digital signature? With revocation checking, you can verify the validity of a digitally signed message. When you make such a check, Outlook Express requests information on the digital ID from the appropriate certification authority. The certification authority sends back information on the status of the digital ID, including whether the ID has been revoked. Certification authorities keep track of certificates that have been revoked due to loss or termination. However, according to this Microsoft Knowledge Base article: Beginning with Outlook Express 5.01, certificate revocation checking is disabled by default. If revocation checking is enabled, users with slow connections may experience a long period of inactivity while a certificate's revocation status is checked. This behavior may cause the user to believe that Outlook Express is not working properly. If revocation checking is disabled you cannot know if a certificate is valid or not: it may have expired, or been revoked (e.g. if the owner believes his or her private key has ...

Digital signatures and Apple Mail

Bruce — Sun, 25 Apr 2004 18:00:00 +0000

From http://www.bioneural.net :

Did you get an unexpected e-mail that appeared to be from bioneural.net, but contained a virus or a message about following a link to read the full message? You've just been spammed via a trick called "spoofing"! Can PGP or S/MIME help you separate the wheat from the chaff? Spam, or unsolicited e-mail, is so-called in homage to a Monty Python sketch in which a group of Vikings drown out a conversation by singing "spam, spam, spam". You can hear the original sketch here. Spammers (may they burn in hell) use a number of tricks to achieve their evil goals. Among these is "spoofing": using a fake e-mail header to make it appear that an e-mail was sent by someone else and not from the spammers own account. Someone has been spoofing e-mails that appear to come from me. How do I know? Because I've recently been getting a number of mail delivery failure messages concerning e-mails I never sent to persons I don't know. Is spoofing ever legitimate? Yes. If you change the "Reply-to:" field in your e-mail client to redirect any replies to e-mail sent from one of your own accounts to another account of your own. Read more here. What should I do if I have received (illegitimate) spoofed e-mail? If you receive a spoofed e-mail, never open any attachments and never follow the link: delete it immediately. If you are curious and have the time, you may be able to trace where it really came from. How can I verify the sender's identity? Public-key ...

bioneural.net » signatures

Receiving digital signatures with Outlook Express

Digital signatures and Apple Mail