At 8:58 AM -0500 2/5/2001, Steve Bellovin wrote:
>Every now and then, something pops up that reinforces the point that
>crypto can't solve all of our security and privacy problems.  Today's
>installment can be found at
>For almost all of us, the end systems are the weak points, not the

While I certainly agree with your general point, I don't think this 
case is good exemplar.

"The exploit requires the person reading a wiretapped email
message to be using an HTML-enabled email reader that also
has JavaScript turned on by default."

The notion that e-mail should be permitted to contain arbitrary 
programs that are executed automatically by default on being opened 
is so over the top from a security stand point that it is hard to 
find language strong enough to condemn it.  It goes far beyond the 
ordinary risks of end systems.

The closest analogy I can thinking of is the early days of the 20th 
century when some doctors began prescribing radium suppositories for 
a variety of ills.

Arnold Reinhold

Reply via email to