On Saturday, January 31, 2009 6:36 AM, Sascha Silbe wrote: > Another scheme (that could be combined with the above one to solve only the > CC party problem) would be accepting only PGP mail and use a manually updated > whitelist / web of trust of PGP keys. Unfortunately, PGP still isn't widespread > enough to reject non-PGP mails and the ones not using it are often far more > susceptible to address harvesting malware, limiting the usefulness of such a filter.
On Saturday, January 31, 2009 2:56 PM, John Levin wrote: > This has the same fundamental problem as Zoemail and any other white list system. > It's really easy to implement a white list. Unless your name is Paypal, the amount > of mail forging your address is vanishingly small, and the utterly insecure From: line > address works just fine for practical purposes. I use that to manage my 12 year old > daughter's mail. On Saturday, January 30, 2009 6:17 PM, John Levin wrote: > This is the wrong place to go into detail about its limitations, although it should be > self-evident that if it were effective, sometime in the past 13 years we'd have started > using it. Though John's January 30th note was about Zoemail, I am reacting to the words "PGP still isn't widespread" in Sascha's post about PGP. I also was once under the assumption that I should always have PGP installed. I was able to verify signatures, and I thought that one day, most people would gravitate to PGP in some form. However, losing a fight with PGP Support over whether the enterprise plug-ins I was requesting for a corporation would reduce the security level of their product (long story about trying to integrate it with single sign on), and also spending many hours over three months trying to install the commercial version on Vista, only to have the PGP engineers tell me that I would have to uninstall all my other Outlook plug-ins for them to continue working on the problem (e.g. card scanner), I realize that it will never be the solution of choice for either commercial enterprise or home office given its current support model. I have not used it since July and have not missed it a bit. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com