Ben Laurie wrote:
Perhaps this is time to remind people of "Security Against Compelled Disclosure": http://www.apache-ssl.org/disclosure.pdf.
Thanks. Survelillance technology is now almost 6 years ahead of April, 1999, when the cited Report to the Director General for Research of the European Parliament was issued. Today, surveillance is not just a political problem or a concern for someone involved in illegal activities, or just about breaking my own privacy. Surveillance has become an ubiquitious threat to the right to privacy and duty of confidence to others whom I have the legal or moral obligation to protect, dramatically increasing the probability of disclosure by eliminating the "need to know" block usually applied to reduce disclosure risk. Untrustworthy individuals exist and are hard to detect in any organization, including federal and law enforcement agencies and at any government level. The "need to know" policy, which would be the #1 barrier to prevent more individuals to be exposed to the critical information, directly reducing the probability of disclosure, is silently destroyed by surveillance. Thinking about IT security needs in the XXI century, the solution of using encryption and document control to prevent surveillance and secret-disclosure would seem to impose itself. Despite the apparent simplicity and widespread availability of public-key cryptography, PGP and X.509 S/MIME, less than 5% of all email is encrypted. Banks won't even consider using encryption for sending out monthly statements and notices. It's not just the mounting problem with email fraud schemes such as spoofing and phishing. Banks discovered that not even their own employees were willing to use encryption. The real security question of the XXI century is easy-of-use -- that the security solution will actually be used takes precedence over any potential benefits. In this context, the subject of email security is being discussed at http://email-security.net/ -- please take a look at the Blog and Papers sections. Contributions are welcome. A comparison of current email technologies is presented at http://email-security.net/papers/pki-pgp-ibe.htm Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]