>From: Peter Saint-Andre <[EMAIL PROTECTED]>
>Sent: Feb 24, 2006 3:18 PM
>Subject: Re: NPR : E-Mail Encryption Rare in Everyday Use

>We could just as well say that "encryption of remote server sessions is
>rare in everyday use". It's just that only geeks even do remote server
>sessions, so they use SSH instead of telnet.

>The thing is that email is in wide use (unlike remote server sessions).
>Personally I doubt that anything other than a small percentage of email
>will ever be signed, let alone encrypted (heck, most people on this list
>don't even sign their mail).

I'm certain that only a small percentage of e-mail will ever be
signed, so long as the tools to do that are so hard to use, and the
value added so small.  I find it useful to use encryption all the time
on my private data, but virtually never use it for communications,
because even among cryptographers the setup hassles are too great, and
the value added too small.  What we ultimately need is encryption and
authentication that are:

a.  Automatic and transparent.

b.  Add some value or are bundled with something that does.

c.  Don't try to tie into the whole horrible set of PKI standards in
terms of uniquely identifying each human and bit in the universe, and
getting them to sign legally binding messages whose full
interpretation requires reading and understanding a 30-page CPS.  

If email encryption became as transparent as SSL, most e-mail would be
encrypted.  This would still leave various phishing issues, etc., but
eavesdropping and a lot of impersonation and spam and phishing would
get much harder.  


--John Kelsey

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to