[19223] in cryptography@c2.net mail archive
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
daemon@ATHENA.MIT.EDU (James A. Donald)
Mon Dec 12 15:36:58 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography <cryptography@metzdowd.com>
Date: Mon, 12 Dec 2005 09:34:10 -0800
In-reply-to: <Pine.LNX.4.58.0512070105200.2778@safe>
--
From: Ralf Senderek <ralf@senderek.com>
> I think what's missing is the understanding that there
> cannot be secure email without the persons involved
> acting responsible and knowing their role in the
> process. Your mother will probably expect the computer
> to do the job for her (mine will never expect anything
> from computers) rejecting any responsibility for her
> email's security. In my opinion establishing secure
> email this way is impossible despite the fact that
> encryption is (relatively) easy if our algorithms work
> as expected
This sounds like "it is not my fault. It is those
stupid user's fault"
No, it is not those stupid user's fault. It is our
fault. For example phishing ought not to be possible -
would not be possible if we used zero knowledge
technologies to protect passwords.
Whenever a user communicates anything to anyone, they
use a password, or some form of shared secret - their
credit card number - the password whereby they login to
their mail server. Therefore, whenever a user
communicates anything to anyone, it should be secure,
but it is not.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Jogksi+CFTLv6yHXLYAd6VeQz73gNHYNM1t/B6aB
4uVe9+oTO/DP7awisj6RYpMbzekGf0+UrwxWfnpxM
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
