On Aug 28, 2013, at 2:04 PM, Faré wrote:
>> My target audience, like Perry's is people who simply can't cope with 
>> anything more complex than an email address. For me secure mail has to look 
>> feel and smell exactly the same as current mail. The only difference being 
>> that sometime the secure mailer will say 'I can't contact that person 
>> securely right now because…'
> I agree with Perry and Phill that email experience should be
> essentially undisturbed in the normal case, though it's OK to add an
> additional authorization step.
> One thing that irks me, though, is the problem of the robust, secure
> terminal: if everything is encrypted, how does one survive the
> loss/theft/destruction of a computer or harddrive? I'm no ignoramus,
> yet I have, several times, lost data I cared about due to hardware
> failure or theft combined with improper backup. How is a total newbie
> to do?
This is a broader problem, actually.  If you've ever had to take care of 
someone's estate, you'll know that one of the problems is contacting all the 
banks, other financial institutions, service providers, and other such parties 
they dealt with in life.  My experience dealing with my father's estate - a 
fairly simple one - was that having the *paper* statements was the essential 
starting point.  (Even so, finding his safe deposit box - I had the unlabeled 
keys - could have been a real pain if my sister didn't remember which bank it 
was at.)  Had he been getting email statements, just finding his mail accounts 
- and getting access to them - could have been a major undertaking.  Which is 
one reason I refuse to sign up for email statements ... just send me the paper, 
thank you.  (This is getting harder all the time.  I expect to start getting 
charged for paper statements any time now.)

Today at least, my executor, in principle, work with the mail provider to get 
access.  But for truly secure mail, my keys presumably die with me, and it's 
all gone.

You don't even have to consider the ultimate loss situation.  If I'm 
temporarily disabled and can't provide my keys - how can someone take care of 
my bills for me?

We can't design a system that can handle every variation and eventuality, but 
if we're going to design one that we intend to be broadly used, we have to 
include a way to handle the perfectly predictable, if unpleasant to think 
about, aspects of day to day life.  Absolute security *creates* new problems as 
it solves old ones.  There may well be aspects to my life I *don't* want 
revealed after I'm gone.  But there are many things I *do* want to be easily 
revealed; my heirs will have enough to do to clean up after me and move on as 
it is.

So, yes, we have to make sure we have backup mechanisms - as well as key escrow 
systems, much as the term "key escrow" was tainted by the Clipper experience.

                                                        -- Jerry

The cryptography mailing list

Reply via email to