Peter Saint-Andre wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ian G wrote:
To get people to do something they will say "no"
to, we have to give them a freebie, and tie it
to the unpleasantry. E.g., in SSH, we get a better
telnet, and there is only the encrypted version.
We could just as well say that "encryption of remote server sessions is
rare in everyday use". It's just that only geeks even do remote server
sessions, so they use SSH instead of telnet.
The thing is that email is in wide use (unlike remote server sessions).
Well! Within the context of any given application,
we can learn lessons. Just because SSH is only used
by geeks is meaningless, really, we need to ground
that criticism in something that relates it to other
areas. The fact is that SSH came in with a solution
and beat the other guy - Telnet secured over SSL. It
wasn't the crypto that did this, it was the key management,
plain and simple.
Telnet was in widespread use - but was incapable of
making the jump to secure. Just like email. So if
the SSH example were illuminating, we would predict
that some completely different *non-compatible* app
would replace email.
Hence, IM/chat, Skype, TLS experiments at Jabber, as
well as the OpenPGP attempts.
There are important lessons to be learnt in the rise of
IM over email. Email is held back by its standardisation,
chat seems to overcome spam quite nicely. Email is hard
to get encrypted, but it didn't stop Skype from doing
encryped IMs "easily." Phishing is possible over chat,
but has also been relatively easy to address - because
the system owners have incentives and can adjust.
The competition between the IM systems is what is driving
the security forward. As there is no competition in the
email world, at least at the level of the basic protocol
and standard, there is no way for the security to move
forward.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
