Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

2005-08-27 Thread Ian G
Steven M. Bellovin wrote: Do I support e2e crypto? Of course I do! But the cost -- not the computational cost; the management cost -- is quite high; you need to get authentic public keys for all of your correspondents. That's beyond the ability of most people. I don't think it is that hard

e2e all the way (Re: Another entry in the internet security hall of shame....)

2005-08-26 Thread Adam Back
On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Adam Back writes: Thats broken, just like the WAP GAP ... for security you want end2end security, not a secure channel to an UTP (untrusted third party)! What is security? What are you

Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

2005-08-26 Thread Peter Saint-Andre
Adam Back wrote: Well I think security in IM, as in all comms security, means security such that only my intended recipients can read the traffic. (aka e2e security). I don't think the fact that you personally don't care about the confidentiality of your IM messages should argue for not doing

Re: e2e all the way (Re: Another entry in the internet security hall of shame....)

2005-08-26 Thread Steven M. Bellovin
In message [EMAIL PROTECTED], Adam Back writes: On Fri, Aug 26, 2005 at 11:41:42AM -0400, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Adam Back writes: Thats broken, just like the WAP GAP ... for security you want end2end security, not a secure channel to an UTP (untrusted third