At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
Alex Alten wrote:
> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>> Ed Gerck wrote: We have keyservers for this (my chosen technology
>> was PGP). If you liken their use to looking up an address in an
>> address book, this isn't hard for users to grasp.
> I used PGP (Enterprise edition?) to encrypt my work emails to a
> distributed set of members last year.  We all had each other's public
> keys (about a dozen or so).
> What I really hated about it was that when [EMAIL PROTECTED] sent me
> an email often I couldn't decrypt it.  Why?  Because his firm's email
> server decided to put in the FROM field "[EMAIL PROTECTED]".
> Since it didn't match the email name in his X.509 certificate's DN it
> wouldn't decrypt the S/MIME attachment. This also caused problems
> with replying to his email.  It took us hours, with several
> experimental emails sent back and forth, to figure out the root of
> the problem.
> No wonder PKI has died commercially and encrypted email is on the
> endangered species list.

I trust you don't think this is a problem with PKI, right? Since clearly
the issue is with the s/w you were using.

I place the blame squarely on X.509 PKI. The identity aspect of it is all screwed up.
No software implementation can overcome such a fundamental architectural flaw.

- Alex


- Alex Alten

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to