>> Alex Alten wrote:
>>> At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>>>> Alex Alten wrote:
>>>>> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>>>>>> Ed Gerck wrote: We have keyservers for this (my chosen
>>>>>> technology was PGP). If you liken their use to looking up an
>>>>>> address in an address book, this isn't hard for users to grasp.
>>>>> I used PGP (Enterprise edition?) to encrypt my work emails to a 
>>>>> distributed set of members last year.  We all had each other's
>>>>> public keys (about a dozen or so).
>>>>> What I really hated about it was that when [EMAIL PROTECTED] sent
>>>>> me an email often I couldn't decrypt it.  Why?  Because his
>>>>> firm's email server decided to put in the FROM field
>>>>> "[EMAIL PROTECTED]". Since it didn't match the email name
>>>>> in his X.509 certificate's DN it wouldn't decrypt the S/MIME
>>>>> attachment. This also caused problems with replying to his email.
>>>>> It took us hours, with several experimental emails sent back and
>>>>> forth, to figure out the root of the problem.
>>>>> No wonder PKI has died commercially and encrypted email is on the
>>>>>  endangered species list.
>>>> I trust you don't think this is a problem with PKI, right? Since
>>>> clearly the issue is with the s/w you were using.
>>> I place the blame squarely on X.509 PKI.  The identity aspect of it
>>> is all screwed up. No software implementation can overcome such a
>>> fundamental architectural flaw.
>> OK - I'll bite - why does the sender's identity have any impact on the
>> recipient's ability to decrypt?
> Because the software needs a unique ID/name to find the correct key to 
> use. In practice (corporate) users can have multiple email names, see 
> my reply to Peter Gutman.  This is not the fault of the email 
> architecture, which has been working fine for 30-40 years, but the fault
> of the X.509 architecture trying to piggyback on an address/name space 
> that is not designed with security/cryptography considerations in mind.

I have to admit to not being familiar with S/MIME, but the usual
practice is to identify the signing key in the signature. Certainly this
is what OpenPGP does. Its also kinda weird to refuse to decrypt just
because the signature can't be verified.



http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to