Victor Duchovni wrote: > On Fri, Feb 24, 2006 at 01:44:14PM +0000, Ben Laurie wrote: > >> Ed Gerck wrote: >>> Paul, >>> >>> Usability should by now be recognized as the key issue for security - >>> namely, if users can't use it, it doesn't actually work. >>> >>> And what I heard in the story is that even savvy users such as Phil Z >>> (who'd have no problem with key management) don't use it often. >>> >>> BTW, just to show that usability is king, could you please send me an >>> encrypted email -- I even let you choose any secure method that you want. >> Sure I can, but if you want it to be encrypted to you, then you need to >> publish a key. > > More strongly, if we've never met, and you are not in the habit of > routinely signing email, thereby tying a key to your e-persona, it > makes no sense to speak of *secure* communication to *you*. Which "you" > would that be, the one who sent me all those exciting zip files of W32 > executables, or the one I think is posting to this list? > > The only identity you (who hypothetically do not garnish each message > with a signature) have is your mailbox. I can bootstrap that (with > questionable initial security) to a key via a "private" unencrypted > email message, and over a time as the key is consistently used grow to > associate the key with an on-line persona.
Don't forget that the ability to decrypt is just as good as a signature to prove association of the key. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]