[16202] in cryptography@c2.net mail archive
Re: public-key: the wrong model for email?
daemon@ATHENA.MIT.EDU (Anne & Lynn Wheeler)
Sat Sep 18 20:38:57 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 18 Sep 2004 10:19:20 -0600
To: Ed Gerck <egerck@nma.com>
From: Anne & Lynn Wheeler <lynn@garlic.com>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <4149E13C.7060102@nma.com>
At 12:53 PM 9/16/2004, Ed Gerck wrote:
>If the recipient cannot in good faith detect a key-access ware, or a
>GAK-ware, or a Trojan, or a bug, why would a complete background
>check of the recipient help?
a "complete audit and background check" ... would include an audit of the
recipient ... not just the recipient person .... but the recipient ... as
in the recipient operation.
so given sufficient sender concern, checking might be similar to something
that the federal reserve has specified for a fedwire terminal .... although
the announcement about allowing fedwire access via the internet has raised
some eyebrows. i'm sure that such things don't happen .... but could all
the stuff about swift providing internet-oriented services been some
motivation?
the issue for the sender is that they could be concerned about a number of
different possible vulnerabilities ... and complete audit and background
check would be to try and cover all the bases ... aka the leakage of a
classified document wouldn't solely be restricted to technical subversion.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
