RE: Best for of signature

From: Alejandro Criado-Pérez (
Date: 02/13/03

  • Next message: Craig Searle: "RE: Suggestions on free XP hard drive wiping utilities?"
    From: Alejandro Criado-Pérez <>
    To: <>
    Date: Thu, 13 Feb 2003 01:11:03 +0100

    Here I give you my experience and opinion about digital signatures.

    I used to love PGP specially because it didn't require an attachment but
    now I changed my mind.
    I bought the Verisign digital ID, especially because it's perfect
    compatibility with Outlook. Anybody with Outlook (most of the people I
    write to) can see the signature without any additional software (not
    like PGP). This is a very important detail for me. Also it doesn't
    modify your message. I can send HTML email with international characters
    and the digital signature won't modify my document. PGP couldn't do

    But there is one big disadvantage with Verisign's digital ID. If I
    receive an encrypted email, after I open it, I can't save the email as
    unencrypted (in PGP you can do this). So whenever my digital ID expires
    and I renew it (which has to be done every year), I won't be able to
    read the encrypted email unless I kept my old ID. My renewed ID wont be
    able to open it. So if in a couple of years I need to see an encrypted
    email they sent me I need my old digital ID or I loose the email
    forever. I wrote to Verisign and they told me that "that's just the way
    it works".

    Also if you sign an email with the Verisign ID and the receiver uses
    webmail or Lotus Notes, the wont be able to read the email AT ALL!! If
    you sign it with PGP and they don't have PGP software, they will still
    always be able to read the email. This gives an extra point to PGP.

    Does anybody know a good digital ID that everybody can read? I've been
    having this problem for a while, and I'm still very surprised that
    there's still no standard for this.
    I don't mind paying for it as long as it works.

    Thank you.

               Alejandro Criado-Pérez

    -----Original Message-----
    From: Meritt James []
    Sent: miércoles, 12 de febrero de 2003 18:14
    To: Chris Berry
    Subject: Re: Best for of signature

    Concur. I distrust them to the extent that I never see them. Hence,
    the vote for inline.


    Chris Berry wrote:
    > >From: Frank Barton <>
    > >I was wondering what people's feelings are here as to the best way to
    > >digitally sign a message.
    > >mutt for example creates the digital signature as an attachment, and
    > >attaches it, while some people create the
    > >signature as part of the text of the message.
    > >
    > >Which way is best? or most compatable?
    > I personally distrust any attachments I didn't specifically request,
    so my
    > vote would be for inline signatures.
    > Chris Berry
    > Systems Administrator
    > JM Associates
    > "For Sys Admins paranoia isn't a mental health problem, its a
    marketable job
    > skill."
    > _________________________________________________________________
    > Tired of spam? Get advanced junk mail protection with MSN 8.

    James W. Meritt CISSP, CISA
    Booz | Allen | Hamilton
    phone: (410) 684-6566