Re: What email encryption is actually in use?
On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote: | Adam Shostack wrote: | >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote: | >| Lucky Green wrote: | >| >I also agree that current MTAs' implementations of STARTTLS are only a | >| >first step. At least in postfix, the only MTA with which I am | >| >sufficiently familiar to form an opinion, it appears impossible to | >| >require that certs presented by trusted parties match a particular hash | >| >while certs presented by untrusted MTAs can present any certificate they | >| >desire to achieve EDH-level security. | >| | >| This is probably a stupid question, but... why would you want to do this? | > | >So that your regular correspondants are authenticated, while anyone | >else is opportunisticly encrypted. | | ??? How does checking their MTA's cert authenticate them? What's wrong | with PGP sigs? Consistency with last time. Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff. Sure, you and I can use PGP, but by and large, people don't bother. So lets look at a technology that's getting accepted, and improve it slowly. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
-- On 2 Oct 2002 at 16:19, Adam Shostack wrote:
Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff.
The fact that your mum cannot use the stuff is only half the problem. I am a computer expert, a key administrator, someone who has been paid to write cryptographic code, and half the time I cannot use pgp. Of course, I have had real occasion to use this stuff so rarely that I suspect your mother would never use it no matter how user friendly. The lack of demand may have something to do with Hettinga's rant, that all cryptography is financial cryptography. As I am fond of pointing out, envelopes were first invented to contain records of goods and payments. People use encryption when money is at stake. If people start routinely making binding deals on the internet, they will soon routinely use encryption. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Yek7NX953gkX+mwOcaRKW13pMWVzckXtQLHH7Oqt 45E6Pq+EKfccaEUOQLWtfPKtgE9yfk5u/o8MMv4HG
On Wed, Oct 02, 2002 at 07:45:47PM -0700, James A. Donald wrote:
-- On 2 Oct 2002 at 16:19, Adam Shostack wrote:
Whats wrong with PGP sigs is that going on 9 full years after I generated my first pgp key, my mom still can't use the stuff.
The fact that your mum cannot use the stuff is only half the problem. I am a computer expert, a key administrator, someone who has been paid to write cryptographic code, and half the time I cannot use pgp.
Have you looked at GnuPG? http://www.gnupg.org/ There are some graphical front-ends which I have not tried, but the console version seems straightforward to me. Blessed be, Alfie -- guru, n: A computer owner who can read the manual. [demime 0.97c removed an attachment of type application/pgp-signature]
participants (3)
-
Adam Shostack -
alfieļ¼ leaflock.homeip.net -
James A. Donald