Re: NPR : E-Mail Encryption Rare in Everyday Use
At 5:58 PM -0800 2/24/06, Ed Gerck wrote: A phone number is not an envelope -- it's routing information, just like an email address. Publishing the email address is not in question and there are alternative ways to find it out, such as search engines. Oh really? Then you should be able to send a note to my gmail address. At 1:11 PM -0800 2/25/06, Ed Gerck wrote: Arguments that people give each other their cell phone numbers, for example, and even though there isn't a cell phone directory people use cell phones well, also forget the user's point of view when comparing a phone number with a public-key. And that distinction is? To me a cell-phone number is a string of characters, and a public-key is - a string of characters. Finally, the properties of MY public-key will directly affect the confidentiality properties of YOUR envelope. For example, if (on purpose or by force) my public-key enables a covert channel (eg, weak key, key escrow, shared private key), YOUR envelope is compromised from the start and you have no way of knowing it. This is quite different from an address, which single purpose is to route the communication. And if (on purpose or by force) your cell-phone number is being monitored by an eavesdropper, MY call is compromised from the start and I have no way of knowing it. There is no difference. -- john noerenberg -- All actions are wrought by the qualities of nature only. The self, deluded by egoism, thinketh, I am the doer. -- Bhagavad Gita -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: NPR : E-Mail Encryption Rare in Everyday Use
While there is merit in arguing how to simplify the mechanics of using public key encryption for sending and receiving email, I cannot agree with this assertion: At 10:44 AM -0800 2/24/06, Ed Gerck wrote: My $0.02: If we want to make email encryption viable (ie, user-level viable) then we should make sure that people who want to read a secure communication should NOT have to do anything before receiving it. Having to publish my key creates sender's hassle too ...to find the key. If an individual wants to receive telephone calls, he has to agree to publish his phone number. For many years, we tacitly agreed that our phone numbers would be published. That a phone number was public information wasn't perceived as a problem. But as the number of junk calls increases, the number of people who opt out of phone directories increases. Today, more individuals decide that having a public phone number is a problem. In this regard, public keys are just like cell phone numbers. How many people know your cell phone number? How did they get it? You can't get a cell phone number from directory assistance. So if you want someone to be able to call you on your cell phone, you have to give them the key to your cell phone. If you want someone to send you encrypted email, you have to give them your public key. It's the same thing. Yet cell phones seem to be viable. -- john noerenberg -- It took long enough in all conscience for realization to come that the externals of civilization - technology, industry, commerce, and so on - also require a common basis of intellectual honesty and morality. -- Herman Hesse, The Glass Bead Game, 1943 -- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]