[20155] in cryptography@c2.net mail archive
Re: NPR : E-Mail Encryption Rare in Everyday Use
daemon@ATHENA.MIT.EDU (Trevor Perrin)
Tue Feb 28 14:42:03 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sun, 26 Feb 2006 13:42:56 -0800
From: Trevor Perrin <trevp@trevp.net>
To: Ed Gerck <edgerck@nma.com>
Cc: Ben Laurie <ben@algroup.co.uk>,
Paul Hoffman <paul.hoffman@vpnc.org>, cryptography@metzdowd.com
In-Reply-To: <4400C81B.4040708@nma.com>
Ed Gerck wrote:
> Ben Laurie wrote:
>
>> I totally don't buy this distinction - in order to write to you with
>> postal mail, I first have to ask you for your address.
>
>
> We all agree that having to use name and address are NOT the problem,
> for email or postal mail. Both can also deliver a letter just with
> the address ("CURRENT RESIDENT" junk mail, for example).
>
> The problem is that pesky public-key. A public-key such as
>
> [2. application/pgp-keys]...
>
>
> is N O T user-friendly.
True enough about public keys. Not so true about key fingerprints - a
20-char fingerprint is probably not much harder to manage than the usual
sorts of contact info (email, postal, & IM addresses, phone numbers, etc.).
Of course, a fingerprint won't let you encrypt an email without
supporting infrastructure for key lookups. However, it *will* let you
authenticate a session (e.g., IM, VoIP, SSH) if your parter presents his
public key in the handshake.
Perhaps this is further support for Iang's contention that we should
expect newer, interactive protocols (IM, Skype, etc.) to take the lead
in communication security. Email-style "message encryption" may simply
be a much harder problem.
Trevor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
