I prefer the PGP model because it includes the CA model. That is to say
that you can still have a CA within the PGP model. Both myself and my
colleague from Africa could pay a central CA we both trust (Verisign,
Thawte, whoever) to sign our keys and connect us in the web of trust.
Just a little matter of key distribution, how do you know the CA key given to you is actually the CA? Especially since Thawte no longer does PGP key signing and verisign is making too much money from PKI...
The are a number of issues with the PGP model, it contains an email address, how do you match that against a hostname? As far as I know there is no hardware devices to store pgp keys, or accelerator cards (crypto does chew through a bit of CPU) both devices exist for PKI certificates/keys...
Yep. We end up with collusion which prevents competition in the CA space. It's a shame common browsers only support a few select CA's.
Mozilla Foundation, it's developers and direct support staff (paid/unpaid) are currently reviewing about a dozen or so CAs for inclusion in their browser, CAcert is one of them, which will be good for the community if we can get in, as we provide all certificates for free...
I think huge improvements are needed in software to handle this. We really need to encourage everyone to use signatures etc. and make them so prevalent that email programs etc. will simply refuse to accept or display non-signed and authenticated messages/connections/whatever.
This would be good and bad, if you force the issue you will end up with 2 things, less people being able to email you, and in the very long term encrypted spam so we end up with them beating scanners that way...
It's a balancing act, push things one way you have to even them up the other...
There will be 3 consequences from mass encryption adoption, encrypted spam, and forcing governments to do due diligence as they will no longer be able to simply passively collect any traffic passing their monitoring devices, they'd have to go back to a situation of only targeting people they really had to, this is obviously a good thing, and even the encrypted spam, while being annoying would tick any gov surveillance off due to sheer number of spam messages that could be encrypted that would be the equivalent of noise to them... 3rd is a little more serious, since most people wouldn't care about due diligence with crypto they wouldn't care if they did it right or who they accepted, this is clearly visible from the latest virus trends where they exploit human ignorance, greed and stupidity not exploiting computer software. What else could it be called where a person opens a zip file, uses a password in the email, and runs the program in the zip file infecting themselves... So I foresee a lot of missuses from crypto as much as anything else if/when the general populace gets into it...
Indeed but that is a far better situation than we are in now. We know very well how to deal with physical security due to thousands of years of doing so.
So that's why people still get broken into and all their contents stolen :)
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
