Yahoo releases internet standard draft for using DNS as public key server
Ed Gerck
egerck at nma.com
Sun May 30 19:43:52 EDT 2004
Russell Nelson wrote:
> > also sprach Ed Gerck <egerck at nma.com> [2004.05.28.1853 +0200]:
> > > It's "industry support". We know what it means: multiple,
> > > conflicting approaches, slow, fragmented adoption --> will not
> > > work.
>
> In other words .... change. If you have any alternatives to change,
> please describe them. Ollivander's wand shop is not available in this
> universe.
The alternative to change (ie, replacement) is complement. I mentioned that.
>
> > > It would be better if the solution does NOT need industry
> > > support at all, only user support. It should use what is already
> > > available.
>
> This is the point in the script at which I laugh at you, Ed.
I laugh with you ;-)
> S/MIME
> and PGP have been available for many many years now. How many
> messages to the Cryptography Mailing List are cryptographically
> signed? If it was going to happen, it would have *already* happened.
S/MIME and PGP did NOT earn user support. What's wrong with them, we all
know and Martin exemplifies below:
>
> martin f krafft writes:
> > - The technology is too complex to be grasped. users may be able
> > to select encryption in their GUI, but they fail to understand
> > the consequences. This is especially problematic on the receiver
> > side, because no standard user knows how to handle a BAD
> > SIGNATURE alert.
>
> Yup. That's why I think that the MTA that checks the signature should
> surround the RFC2822 address comment with '?' if the signature is
> missing or bad. If the email lacks a valid signature, you really
> *don't* know who it's from, so the question marks are simply telling
> the truth.
That's cute but your suggestion may have missed the point. If the email
lacks a valid signature, there may be many causes. Today, within CA cert
rollover dates, your browser's root certs may just need an update. Absence
of a valid signature simply means you have less evidence of whom it's from,
not no evidence.
> > - The infrastructure is not there. Two standards compete for email
> > cryptography, and both need an infrastructure to back them up.
>
> Two standards? DomainKeys and what else?
No -- DomainKeys has nothingf to do with 'email cryptography'. They are
S/MIME and PGP/MIME.
EG
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list