> >PGP, kerberos > > I'm all in favour of using PGP to sign the messages and occasionally to=20 > encrypt them. But I don't see how this secures sending and receiving.=20 > And hence the two issues I raised above.
an issue was raised about the availability of ssl based logins and transport. my comment on that was to rely on client based payload encryption, and an authentication scheme where passwords do not traverse the network. PGP and kerberos can do that. In place of kerberos, you could use a one time password scheme like securID or OPIE. of course, the drawback to all of this is if somebody steals/you lose your laptop, you have to deprecate your keys. But that's a risk you're already taking by having them on a laptop in the first place. In general, having decent mail authentication and transport security is a problem for everybody, not just wireless. The clients and protocols for across the board improvement such that availibility doesn't suffer exist, be it SSL/TLS or some other system and I feel the largest barriers to implementation are political and educational. tack -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
