On Thu, Feb 16, 2012 at 8:13 AM, Phillip Hallam-Baker <[email protected]> wrote: > That works really well in the O/S world because in practice you can't > stop a policy enforcement point from being a potential point of > failure. The reason I dislike the peering model is that instead of one > single point of failure you end up with fifty single points of > failure. > > If Alice has her private key on every device that can read email then > the loss of any one of those devices exposes her key and all the > emails.
You seem gung-ho on abandoning the end-to-end model. I understand the reasoning, and in the case of e-mail accept it fully, but I don't understand why we can't have a hybrid in the web case. A hybrid uses !end-to-end to security bootstrap end-to-end security. Note also that if all users get personal domainnames, like you and I and another .01% of users, then we can have end-to-end secure e-mail between personal domains once we boostrap end-to-end relationships between them (a big caveat, that, because most likely there will be a multi-hop PKI trust path only, certainly to begin with). The ends here would be servers in closets, sure, but they are suitable ends because they are the users' servers, not some other organization's. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
