Alex Alten wrote:
> At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>> Alex Alten wrote:
>>> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>>>> Ed Gerck wrote: We have keyservers for this (my chosen
>>>> technology was PGP). If you liken their use to looking up an
>>>> address in an address book, this isn't hard for users to grasp.
>>> I used PGP (Enterprise edition?) to encrypt my work emails to a 
>>> distributed set of members last year.  We all had each other's
>>> public keys (about a dozen or so).
>>> What I really hated about it was that when [EMAIL PROTECTED] sent
>>> me an email often I couldn't decrypt it.  Why?  Because his
>>> firm's email server decided to put in the FROM field
>>> "[EMAIL PROTECTED]". Since it didn't match the email name
>>> in his X.509 certificate's DN it wouldn't decrypt the S/MIME
>>> attachment. This also caused problems with replying to his email.
>>> It took us hours, with several experimental emails sent back and
>>> forth, to figure out the root of the problem.
>>> No wonder PKI has died commercially and encrypted email is on the
>>>  endangered species list.
>> I trust you don't think this is a problem with PKI, right? Since
>> clearly the issue is with the s/w you were using.
> I place the blame squarely on X.509 PKI.  The identity aspect of it
> is all screwed up. No software implementation can overcome such a
> fundamental architectural flaw.

OK - I'll bite - why does the sender's identity have any impact on the
recipient's ability to decrypt?




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to