[20159] in cryptography@c2.net mail archive
Re: NPR : E-Mail Encryption Rare in Everyday Use
daemon@ATHENA.MIT.EDU (Ben Laurie)
Tue Feb 28 14:43:11 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 27 Feb 2006 09:36:52 +0000
From: Ben Laurie <ben@algroup.co.uk>
To: Alex Alten <alex@alten.org>
Cc: Ed Gerck <edgerck@nma.com>, Paul Hoffman <paul.hoffman@vpnc.org>,
cryptography@metzdowd.com
In-Reply-To: <4.3.2.7.1.20060226160016.0452c328@mail.alten.org>
Alex Alten wrote:
> At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>> Alex Alten wrote:
>>> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>>>> Ed Gerck wrote: We have keyservers for this (my chosen
>>>> technology was PGP). If you liken their use to looking up an
>>>> address in an address book, this isn't hard for users to grasp.
>>>>
>>>
>>> I used PGP (Enterprise edition?) to encrypt my work emails to a
>>> distributed set of members last year. We all had each other's
>>> public keys (about a dozen or so).
>>>
>>> What I really hated about it was that when fred@company.com sent
>>> me an email often I couldn't decrypt it. Why? Because his
>>> firm's email server decided to put in the FROM field
>>> "fred@server.company.com". Since it didn't match the email name
>>> in his X.509 certificate's DN it wouldn't decrypt the S/MIME
>>> attachment. This also caused problems with replying to his email.
>>> It took us hours, with several experimental emails sent back and
>>> forth, to figure out the root of the problem.
>>>
>>> No wonder PKI has died commercially and encrypted email is on the
>>> endangered species list.
>>
>> I trust you don't think this is a problem with PKI, right? Since
>> clearly the issue is with the s/w you were using.
>
> I place the blame squarely on X.509 PKI. The identity aspect of it
> is all screwed up. No software implementation can overcome such a
> fundamental architectural flaw.
OK - I'll bite - why does the sender's identity have any impact on the
recipient's ability to decrypt?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
