On 2012-02-10 18:37 , Leo Bicknell wrote: [..]
There's no reason my mail client shouldn't validate the signed e-mail came from the same entity as the signed web site I'd previously logged into, and give me a green light that the link actually points to said same web site with the same key. It should be transparent, and secure for the user.
That is a rather nice idea. Most people, especially the common ones, do not use PGP or heck even S/MIME though and only when one is included in the web-of-trust can one actually verify these. Of course when that is done, one should be able to match up email address and website URL quite easily and your trick will work, at least one can then state: "the sender, who is verified by trust, is pointing to his/her own website." The problem still lies in the issue that most people, even on this very list, do not use PGP or S/MIME. (and that there are two standards does not help much there either ;) Greets, Jeroen