Yahoo releases internet standard draft for using DNS as public key server
Russell Nelson
nelson at crynwr.com
Mon May 31 15:14:09 EDT 2004
I see that you are not interested in discussing the relative merits of
STARTTLS vs. DomainKeys, but instead are just trying to push
STARTTLS. I hope that Perry will see through your sales job, and will
return your email to you, just as he will return this one to me.
-russ
[Moderator's note: No such luck for you I'm afraid. However, I'd
prefer if both of you tried to stay away from being personal. --Perry]
Peter Gutmann writes:
> Russell Nelson <nelson at crynwr.com> writes:
> >Peter Gutmann writes:
> >> STARTTLS
> >
> >If Alice and Cathy both implement STARTTLS, and Beatty does not, and Beatty
> >handles email which is ultimately sent to Cathy, then STARTTLS accomplishes
> >nothing. If Uma and Wendy implement DomainKeys, and Violet does not, and
> >Violet handles email which is ultimately sent to Wendy, then Wendy can check
> >Uma's signature.
>
> Since none of Uma, Wendy, or Violet implement DomainKeys or even know what
> they are, DomainKeys accomplishes nothing. OTOH if their { ISP, company,
> whatever } has STARTTLS enabled, they're getting their email encrypted without
> even knowing about it and are having better-than-average security applied to
> their POP/IMAP mail account, again without even knowing about it (I suspect
> the latter is far more of a selling point to users than encryption. No-one
> would want to read their mail anyway so they're not worried about that, but if
> it stops those nasty hackers from breaking into their account, it's a good
> thing).
>
> >If, instead, Perry had a list of PGP keys and email addresses, he wouldn't
> >*need* to compare the email address on the incoming email.
>
> He'd instead need to spend even more time mucking around with keyrings and
> updating keys and writing scripts to handle all the checking and wondering why
> it all has to be so complicated, and maybe he should just ask people to fax in
> submissions.
>
> Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list