What email encryption is actually in use?

Adam Shostack adam at homeport.org
Wed Oct 2 13:19:02 PDT 2002


On Wed, Oct 02, 2002 at 09:12:47PM +0100, Ben Laurie wrote:
| Adam Shostack wrote:
| >On Wed, Oct 02, 2002 at 04:54:54PM +0100, Ben Laurie wrote:
| >| Lucky Green wrote:
| >| >I also agree that current MTAs' implementations of STARTTLS are only a
| >| >first step. At least in postfix, the only MTA with which I am
| >| >sufficiently familiar to form an opinion, it appears impossible to
| >| >require that certs presented by trusted parties match a particular hash
| >| >while certs presented by untrusted MTAs can present any certificate they
| >| >desire to achieve EDH-level security.
| >| 
| >| This is probably a stupid question, but... why would you want to do this?
| >
| >So that your regular correspondants are authenticated, while anyone
| >else is opportunisticly encrypted.
| 
| ??? How does checking their MTA's cert authenticate them? What's wrong 
| with PGP sigs?

Consistency with last time.

Whats wrong with PGP sigs is that going on 9 full years after I
generated my first pgp key, my mom still can't use the stuff.

Sure, you and I can use PGP, but by and large, people don't bother.
So lets look at a technology that's getting accepted, and improve it
slowly.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume





More information about the cypherpunks-legacy mailing list