Wait, PKI isn't dead, it will save email

M Taylor mctylr at privacy.nb.ca
Tue Jan 14 12:04:04 EST 2003 

The Holy Grail of Security?
By JENNIFER EVANS
Special to Globe and Mail Update
Friday, January 10

<http://rtnews.globetechnology.com/servlet/ArticleNews/tech/RTGAM/20030110/gtevans/>

E-mail has been in the news a lot recently as investigators have gone back 
and found 'smoking guns' in long-discarded messages. 
...
Those 'confidential' disclaimers on messages are largely pointless, as 
e-mail is considered by the Canadian government to be a form of 
insecure communication. Enterprise-wide initiatives to secure e-mail 
are spotty and unreliable. But despite the obvious threats to 
intellectual property and corporate security, very few are taking 
advantage of a solution that offers end-to-end secure e-mail 
communication, file sharing and other electronic exchanges, a solution 
that would virtually rid the enterprise of the threat of compromise. Are 
governments and corporations negligently slow to adapt or does PKI have 
a major public relations problem? 
...
Historically the issues with PKI have been its marketing, its ease of 
use, and its incomprehensibility to the layperson.

And not just for the layperson. Three years ago, when I was working for a 
network security value added reseller, we picked up Entrust as a solution. 
Entrust was a pioneer in public key infrastructure, and yet a team of 
experienced security sales people had a very difficult time understanding 
what it did, much less articulating it to clients and understanding which 
clients would find it of value.

One of the reasons why PKI is so inscrutable is its basis in remote 
mathematical concepts of encryption, logarithms, terms like 'hash value' 
and the various types of keys that are used during the process (public 
key, private key, session key, and so on), not to mention digital 
signatures and digital certificates, forbidding concepts that are not 
easily conveyed to the user or the executive. 
..

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list