ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  How to Set Up Encrypted Mail on Mac OS X
Subject:   Potential unsecure issue
Date:   2005-09-12 11:15:14
From:   scott.gardner
I did a quick test to ensure the security of my email communication, as follows:

1. I sent an email from my digital-certificate signed email account (...@mac.com) to an alternate non-signed email account (...@yahoo.com), with the message body "asdf."
2. In my yahoo account, I redirected this email to a 3rd alternate non-signed email account (...@gmail.com), adding this text to the message body: jkl;
3. In my gmail account I received the redirected email with the altered message body, yet still showing signed by ...@mac.com

It appears to me that this digital signature is not accurate, because the message was altered by the recipient and then re-directed to another email.

I've emailed Thawte a couple times and they haven't responded.