David Ross wrote:
Ian G wrote [in part]:
(Sales of Certificate Authority certs would shoot
from that small number up to about 10% I'd say
of Tbird users. Most users would be happy with
a default cert. Nothing wrong with that, they are
the best thing available for the price, compared to
nothing.)
That's why I use PGP: It's free, including the certs.
Right, me too. But I'm not religious about it,
and OpenPGP is a right pain in the neck to
integrate with a nice easy mailer, so what
happens? I end up sending almost all my
messages in the clear.
A totally unacceptable result given that my
CPU is sitting idle and could encrypt and
decrypt megabytes per second without ever
puffing.
But it does
require that you really know your recipient.
No, not at all! If that were the case, all
junk mail would be sent on postcards.
Envelopes are cheap, and so is crypto.
On the other hand, why would you send something so sensitive that
it must be encrypted to someone you don't know? Can you trust an
unknown recipient to treat the contents of the message as
sensitive?
Sorry, I don't understand this bit. Say you have
someone you don't know. Let's call him a vendor.
Let's assume he is some dirtbag salacious vendor,
so we can assume we can't trust him.
Even though I don't trust him, I still want to send
my email enquiring about "specific merchandise"
to him encrypted, because I don't want anyone
*else* to know of my interest.
Only if the dirtbag were to post all received emails
on a bulletin board would it be senseless to not
encrypt this email to him. And even then, it would
still give me value if the the reader had difficulty
tying up my name on the bulletin board with me.
What you seem to be assuming is that because
there remains one threat you can't control - the
vendor is a dirtbag - you should then ignore every
other threat. This makes no sense. When you
go driving to work, you still have the possibility
of a two trucks squeezing your car like an eggshell,
but that doesn't mean you decide to drive recklessly.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
