[16193] in cryptography@c2.net mail archive
Re: public-key: the wrong model for email?
daemon@ATHENA.MIT.EDU (lrk)
Fri Sep 17 14:24:25 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 17 Sep 2004 11:29:01 -0500
From: lrk <crypto@ovillatx.sytes.net>
To: cryptography@metzdowd.com
In-Reply-To: <6.0.3.0.0.20040916162226.042a2808@pop.idiom.com>
On Thu, Sep 16, 2004 at 04:57:39PM -0700, Bill Stewart wrote:
> At 10:19 PM 9/15/2004, Ed Gerck wrote:
> >Yes, PKC provides a workable solution for key distribution... when you
> >look at servers. For email, the PKC solution is not workable (hasn't been)
> >and gives a false impression of security. For example, the sender has no
> >way of knowing if the recipient's key is weak (in spite of its length)
> >or has some "key-access" feature. Nonetheless, the sender has to use that
> >key.
>
> I don't understand the threat model here.
That seems to be the actual problem. If you want real security, you need a
vault, guards, cryptographers, and do the crypto in the vault.
I use GnuPG so my e-mail is in an "envelope" rather than on a "postcard".
If the fedz want to read it they bring guns, slammers, and rubber hoses
anyway.
Perhaps it is time to define an e-mail definition of crypto to keep the
"postman" from reading the "postcards". That should be easy enough to
implement for the average user and provide some degree of privacy for
their mail. Call it "envelopes" rather than "crypto". Real security
requires more than a Windoz program.
--
crypto@ovillatx.sytes.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
