At 5:59 PM -0500 2/24/06, John Kelsey wrote:
What we ultimately need is encryption and
authentication that are:

a.  Automatic and transparent.

b.  Add some value or are bundled with something that does.

c.  Don't try to tie into the whole horrible set of PKI standards in
terms of uniquely identifying each human and bit in the universe, and
getting them to sign legally binding messages whose full
interpretation requires reading and understanding a 30-page CPS.

We have the preamble and (a) already; the problem is that the preamble is insufficient. What we ultimately need is encryption and authentication *and validation of the authentication* that match at least (a).

Currently, it is the validation of the authentication that makes most users uninterested. When you get a message from Bob that comes with a warning that says "I cannot tell whether or not Bob really sent this", but you are sure that Bob actually sent that (due to some out-of-band knowledge), you lose faith in the system. When Bob has the same problem with your messages, you give up.

For signed personal mail, (b) and (c) may be mutually exclusive. Why sign your messages if you don't want to be held liable for their contents? How can you get the reward of integrity without the cost of responsibility?

Given those two hurdles, my hopes for authenticated mail near zero. I have some hopes for authenticated syndicated messages through Atom or RSS, but not this year. The hardest part there will be (c), but there are many environments where signing one-way mail is quite appropriate, particularly in replacing paper messages.

The demand for encryption of personal email is perpetually low. Without a legal requirement, it will probably always be a small niche market.

--Paul Hoffman, Director
--VPN Consortium

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to