Ben Laurie wrote:
I totally don't buy this distinction - in order to write to you with
postal mail, I first have to ask you for your address.
We all agree that having to use name and address are NOT the problem,
for email or postal mail. Both can also deliver a letter just with
the address ("CURRENT RESIDENT" junk mail, for example).
The problem is that pesky public-key. A public-key such as
[2. application/pgp-keys]...
is N O T user-friendly.
Arguments that people give each other their cell phone numbers, for example,
and even though there isn't a cell phone directory people use cell phones
well, also forget the user's point of view when comparing a phone number with
a public-key.
Finally, the properties of MY public-key will directly affect the
confidentiality
properties of YOUR envelope. For example, if (on purpose or by force) my
public-key
enables a covert channel (eg, weak key, key escrow, shared private key), YOUR
envelope is compromised from the start and you have no way of knowing it. This
is
quite different from an address, which single purpose is to route the
communication.
That's I said the postal analogue of the public-key is the envelope.
Ed Gerck wrote:
My $0.02: If we want to make email encryption viable (ie, user-level
viable)
then we should make sure that people who want to read a secure
communication
should NOT have to do anything before receiving it. Having to publish my
key
creates sender's hassle too ...to find the key.
So you think people can use the post to write to you without you
publishing your address?
I get junk mail all the time at two different postal addresses, without ever
having published either of them. Again, addresses and names are user friendly
(for better or for worse) while public-keys are not -- in addition to their
different security roles (see above).
Ed Gerck wrote:
BTW, users should NOT be trusted to handle keys, much less to handle them
properly. This is what the users themselves are saying and exemplifying in
15 years of experiments.
I think users are perfectly capable of handling keys. The problem they
have is in choosing operating systems that are equal to the task.
That's another notorious area where users can't be trusted -- and that's why
companies lock down their OSes -- or, should a company really allow each user
to choose their desired OS? Apart from compatibility issues, which also do
not allow users to freely choose even the OS in their homes ("Junior wants
to play his games too" scenario).
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
