Ed Gerck wrote: > Ben Laurie wrote: >> Really? I just write "Ed Gerck" on an envelope and it gets to you? I >> doubt it. Presumably I have to do all sorts of hard and user-unfriendly >> things to find out and verify your address. > > Perhaps I wasn't clear -- with postal mail you just write my name and > address > in YOUR envelope and it gets to me. With PGP and PKI you have to ask for MY > "envelope" first; further, MY public-key creates the secure envelope > that you > now need to trust with YOUR secret...
I totally don't buy this distinction - in order to write to you with postal mail, I first have to ask you for your address. Apart from content of the blob handed over, the two transactions are identical. >> If you handled your keys properly I would not need to ask you for >> anything. > > My $0.02: If we want to make email encryption viable (ie, user-level > viable) > then we should make sure that people who want to read a secure > communication > should NOT have to do anything before receiving it. Having to publish my > key > creates sender's hassle too ...to find the key. So you think people can use the post to write to you without you publishing your address? > BTW, users should NOT be trusted to handle keys, much less to handle them > properly. This is what the users themselves are saying and exemplifying in > 15 years of experiments. I think users are perfectly capable of handling keys. The problem they have is in choosing operating systems that are equal to the task. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]