Ed Gerck wrote:
> Ben Laurie wrote:
>> Really? I just write "Ed Gerck" on an envelope and it gets to you? I
>> doubt it. Presumably I have to do all sorts of hard and user-unfriendly
>> things to find out and verify your address.
> Perhaps I wasn't clear -- with postal mail you just write my name and
> address
> in YOUR envelope and it gets to me. With PGP and PKI you have to ask for MY
> "envelope" first; further, MY public-key creates the secure envelope
> that you
> now need to trust with YOUR secret...

I totally don't buy this distinction - in order to write to you with
postal mail, I first have to ask you for your address.

Apart from content of the blob handed over, the two transactions are

>> If you handled your keys properly I would not need to ask you for
>> anything. 
> My $0.02: If we want to make email encryption viable (ie, user-level
> viable)
> then we should make sure that people who want to read a secure
> communication
> should NOT have to do anything before receiving it. Having to publish my
> key
> creates sender's hassle too ...to find the key.

So you think people can use the post to write to you without you
publishing your address?

> BTW, users should NOT be trusted to handle keys, much less to handle them
> properly. This is what the users themselves are saying and exemplifying in
> 15 years of experiments.

I think users are perfectly capable of handling keys. The problem they
have is in choosing operating systems that are equal to the task.



http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to