I replied to Tero privately, then realized that I was
not the only recipient of his email. So here's a copy
for everyone's reference.
Alex
Tero Kivinen wrote:
Travis H. writes:
http://www.hamachi.cc/security
Based on a cursory look over this, I'm impressed by both the level of
detail and
On 2006-02-24, Peter Saint-Andre wrote:
Personally I doubt that anything other than a small percentage of email
will ever be signed, let alone encrypted (heck, most people on this list
don't even sign their mail).
That's at least partly because too many mailing lists either
reject signed
From: Peter Saint-Andre [EMAIL PROTECTED]
Sent: Feb 24, 2006 3:18 PM
Subject: Re: NPR : E-Mail Encryption Rare in Everyday Use
...
We could just as well say that encryption of remote server sessions is
rare in everyday use. It's just that only geeks even do remote server
sessions, so they use SSH
While there is merit in arguing how to simplify the mechanics of
using public key encryption for sending and receiving email, I cannot
agree with this assertion:
At 10:44 AM -0800 2/24/06, Ed Gerck wrote:
My $0.02: If we want to make email encryption viable (ie, user-level viable)
then we
At 06:09 PM 2/24/2006 +0100, Ian G wrote:
Steven M. Bellovin wrote:
Certainly, usability is an issue. It hasn't been solved because there's
no market for it here; far too few people care about email encryption.
Usability is the issue. If I look over onto
my skype window, it says there are
On 2/24/06, Alex Pankratov [EMAIL PROTECTED] wrote:
Tero Kivinen wrote:
Secondly I cannot find where it
authenticates the crypto suite used at all (it is not included in the
signature of the AUTH message).
Crypto suite is essentially just a protocol number. It requires
no authentication.
Peter Saint-Andre wrote:
Ian G wrote:
To get people to do something they will say no
to, we have to give them a freebie, and tie it
to the unpleasantry. E.g., in SSH, we get a better
telnet, and there is only the encrypted version.
We could just as well say that encryption of remote
Ed Gerck wrote:
Ben Laurie wrote:
Really? I just write Ed Gerck on an envelope and it gets to you? I
doubt it. Presumably I have to do all sorts of hard and user-unfriendly
things to find out and verify your address.
Perhaps I wasn't clear -- with postal mail you just write my name and
Peter Saint-Andre wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ian G wrote:
To get people to do something they will say no
to, we have to give them a freebie, and tie it
to the unpleasantry. E.g., in SSH, we get a better
telnet, and there is only the encrypted version.
We could
Travis H. wrote:
On 2/24/06, Alex Pankratov [EMAIL PROTECTED] wrote:
Tero Kivinen wrote:
[snip]
The protocol description is missing some details, so cannot say
anything about them (things like what is the format of Ni, Nr, Gi, Gr
when sent over wire and when put to the signatures etc, are
Ben Laurie wrote:
I totally don't buy this distinction - in order to write to you with
postal mail, I first have to ask you for your address.
We all agree that having to use name and address are NOT the problem,
for email or postal mail. Both can also deliver a letter just with
the address
Victor Duchovni wrote:
On Fri, Feb 24, 2006 at 01:44:14PM +, Ben Laurie wrote:
Ed Gerck wrote:
Paul,
Usability should by now be recognized as the key issue for security -
namely, if users can't use it, it doesn't actually work.
And what I heard in the story is that even savvy users
There is a project out there to crack a few of the remaining Enigma
intercepts from the second world war that were never cracked the first
time around...
http://www.bytereef.org.nyud.net:8080/m4_project.html
--
Perry E. Metzger[EMAIL PROTECTED]
13 matches
Mail list logo