On Fri, 9 Dec 2005, Ed Gerck wrote: > [...] at least the grand > picture should exist beforehand. This is what this thread's subject > paper is about, the grand picture for secure email and why aren't > we there yet (Phil's PGP is almost 15 years old) -- what's missing. >
and Bill Stewart wrote: > Popularity of a product is critical to its security; > you don't gain anonymity if the Feds can recognize that > you're one of the dozen users of a given application. > Your mom can use Skype, but nobody she knows uses Crypto Kong, > and I only know a few people who use PGP to email their mom. > But some of the Instant Messaging systems use crypto; > too bad that they're continually trying to be incompatible > with each other to gain market share. I think what's missing is the understanding that there cannot be secure email without the persons involved acting responsible and knowing their role in the process. Your mother will probably expect the computer to do the job for her (mine will never expect anything from computers) rejecting any responsibility for her email's security. In my opinion establishing secure email this way is impossible despite the fact that encryption is (relatively) easy if our algorithms work as expected and you have the correct high-quality public key. And even if Instant Messaging systems would use the same crypto people will use them like cell phones without any consciousness of their own responsibility for key validation. Getting good crypto into mass products can help but does not eliminate the necessity for checking essential properties of the system they use. How we can make this job as reliable as possible is the question at the heart of the problem. Ralf Senderek *.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.* * Ralf Senderek <[EMAIL PROTECTED]> http://senderek.com* What is privacy * * Sandstr. 60 D-41849 Wassenberg +49 2432-3960 * without * * PGP: AB 2C 85 AB DB D3 10 E7 CD A4 F8 AC 52 FC A9 ED * Pure Crypto? * 49466008763407508762442876812634724277805553224967086648493733366295231438448 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
