NPR : E-Mail Encryption Rare in Everyday Use

[Ben Laurie]

Alex Alten wrote:
> At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>> Alex Alten wrote:
>>> At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>>>> Ed Gerck wrote: We have keyservers for this (my chosen
>>>> technology was PGP). If you liken their use to looking up an
>>>> address in an address book, this isn't hard for users to grasp.
>>>> 
>>> 
>>> I used PGP (Enterprise edition?) to encrypt my work emails to a 
>>> distributed set of members last year.  We all had each other's
>>> public keys (about a dozen or so).
>>> 
>>> What I really hated about it was that when fred at company.com sent
>>> me an email often I couldn't decrypt it.  Why?  Because his
>>> firm's email server decided to put in the FROM field
>>> "fred at server.company.com". Since it didn't match the email name
>>> in his X.509 certificate's DN it wouldn't decrypt the S/MIME
>>> attachment. This also caused problems with replying to his email.
>>> It took us hours, with several experimental emails sent back and
>>> forth, to figure out the root of the problem.
>>> 
>>> No wonder PKI has died commercially and encrypted email is on the
>>>  endangered species list.
>> 
>> I trust you don't think this is a problem with PKI, right? Since
>> clearly the issue is with the s/w you were using.
> 
> I place the blame squarely on X.509 PKI.  The identity aspect of it
> is all screwed up. No software implementation can overcome such a
> fundamental architectural flaw.

OK - I'll bite - why does the sender's identity have any impact on the
recipient's ability to decrypt?

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com