Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-03-01 Thread John W Noerenberg II

At 5:58 PM -0800 2/24/06, Ed Gerck wrote:

A phone number is not an envelope -- it's routing information, just like
an email address. Publishing the email address is not in question and
there are alternative ways to find it out, such as search engines.


Oh really?  Then you should be able to send a note to my gmail address.

At 1:11 PM -0800 2/25/06, Ed Gerck wrote:

Arguments that people give each other their cell phone numbers, for example,
and even though there isn't a cell phone directory people use cell phones
well, also forget the user's point of view when comparing a phone number with
a public-key.


And that distinction is?

To me a cell-phone number is a string of characters, and a public-key 
is - a string of characters.



Finally, the properties of MY public-key will directly affect the 
confidentiality
properties of YOUR envelope. For example, if (on purpose or by 
force) my public-key

enables a covert channel (eg, weak key, key escrow, shared private key), YOUR
envelope is compromised from the start and you have no way of 
knowing it. This is
quite different from an address, which single purpose is to route 
the communication.


And if (on purpose or by force) your cell-phone number is being 
monitored by an eavesdropper, MY call is compromised from the start 
and I have no way of knowing it.


There is no difference.
--

john noerenberg
  --
  All actions are wrought by the qualities of nature only.
  The self, deluded by egoism, thinketh, I am the doer.
  -- Bhagavad Gita
  --

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: NPR : E-Mail Encryption Rare in Everyday Use

2006-02-26 Thread John W Noerenberg II
While there is merit in arguing how to simplify the mechanics of 
using public key encryption for sending and receiving email, I cannot 
agree with this assertion:


At 10:44 AM -0800 2/24/06, Ed Gerck wrote:


My $0.02: If we want to make email encryption viable (ie, user-level viable)
then we should make sure that people who want to read a secure communication
should NOT have to do anything before receiving it. Having to publish my key
creates sender's hassle too ...to find the key.


If an individual wants to receive telephone calls, he has to agree to 
publish his phone number.  For many years, we tacitly agreed that our 
phone numbers would be published.  That a phone number was public 
information wasn't perceived as a problem.  But as the number of junk 
calls increases, the number of people who opt out of phone 
directories increases.  Today, more individuals decide that having a 
public phone number is a problem.


In this regard, public keys are just like cell phone numbers.  How 
many people know your cell phone number?  How did they get it?  You 
can't get a cell phone number from directory assistance.  So if you 
want someone to be able to call you on your cell phone, you have to 
give them the key to your cell phone.  If you want someone to send 
you encrypted email, you have to give them your public key.   It's 
the same thing.


Yet cell phones seem to be viable.

--

john noerenberg
  --
   It took long enough in all conscience for realization to come that
   the externals of civilization - technology, industry, commerce, and
   so on - also require a common basis of intellectual honesty and morality.
  -- Herman Hesse, The Glass Bead Game, 1943
  --

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]