Alex Alten wrote: > At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote: >> Alex Alten wrote: >>> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote: >>>> Ed Gerck wrote: We have keyservers for this (my chosen >>>> technology was PGP). If you liken their use to looking up an >>>> address in an address book, this isn't hard for users to grasp. >>>> >>> >>> I used PGP (Enterprise edition?) to encrypt my work emails to a >>> distributed set of members last year. We all had each other's >>> public keys (about a dozen or so). >>> >>> What I really hated about it was that when [EMAIL PROTECTED] sent >>> me an email often I couldn't decrypt it. Why? Because his >>> firm's email server decided to put in the FROM field >>> "[EMAIL PROTECTED]". Since it didn't match the email name >>> in his X.509 certificate's DN it wouldn't decrypt the S/MIME >>> attachment. This also caused problems with replying to his email. >>> It took us hours, with several experimental emails sent back and >>> forth, to figure out the root of the problem. >>> >>> No wonder PKI has died commercially and encrypted email is on the >>> endangered species list. >> >> I trust you don't think this is a problem with PKI, right? Since >> clearly the issue is with the s/w you were using. > > I place the blame squarely on X.509 PKI. The identity aspect of it > is all screwed up. No software implementation can overcome such a > fundamental architectural flaw.
OK - I'll bite - why does the sender's identity have any impact on the recipient's ability to decrypt? Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
