On Sun, Feb 26, 2006 at 01:42:56PM -0800, Trevor Perrin wrote:

> Perhaps this is further support for Iang's contention that we should 
> expect newer, interactive protocols (IM, Skype, etc.) to take the lead 
> in communication security.  Email-style "message encryption" may simply 
> be a much harder problem.

This is neither surprising, nor relevant to email.

We are at this point reasonably good at encrypting unicast traffic and
the associated key management problem is often viable. Encrypting stored
data is a substantially more difficult problem.

We have increasingly common opportunistic TLS encryption of email traffic,
with occasional fully verified secure-channels between some pairs of
sites. We could conceivably some day (political barriers primarily
at this point) have a secure DNS for secure MX record lookups and key
distribution enabling secure channels between most sites. This is viable,
traffic encryption is a tractable problem.

Encrypting email content, to be stored encrypted, and decrypted when
read off-line, or read again later, ... is a problem that the IM
and VoIP vendors don't have to solve. They also don't have to solve
global federation of universally interoperable systems...


 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to