Phillip Hallam-Baker wrote:
>One hypothesis that I would like to throw >out is that there is no point in 
>accepting >encrypted email from someone who does >not have a key to encrypt 
>the response.

I'd agree, as I was in just this position in the last week or so: I got a gpg 
encryped email from someone I had no key for, and I haven't cut or circulated 
one in a very long while (my bad, as it were, on the latter point). So what's 
the point in even getting a key from them at that point, after the fact? They 
ARE not many 'hops' away from me in a web of trust sense so far as knowing 
people in person, but without having keys exchanged ahead of time, its all 
moot. As I'm sure this list already knows. Just re-iterating the point made 
here in various ways that key exchange is THE big problem in all of this.

If we can usably crack that nut with 'house servers' on a dongle, we're most of 
the way there wrt secure email, IMNSHO.

Zooko's triangle, pet names...we have cracked the THEORY of secure naming, just 
not the big obstacle of key exchange. And I don't think the wider public was 
concerned/scared enough to care before Snowden. Let's hope they care long 
enough to adopt any viable solutions to the problem that might pop up in the 
wake of all this. The traffic on this list the past week is a very welcome 

-David Mercer

David Mercer
Portland, OR
The cryptography mailing list

Reply via email to