Yahoo releases internet standard draft for using DNS as public key server

Ed Gerck egerck at nma.com
Sun May 30 19:43:52 EDT 2004 


Russell Nelson wrote:

>  > also sprach Ed Gerck <egerck at nma.com> [2004.05.28.1853 +0200]:
>  > > It's "industry support". We know what it means: multiple,
>  > > conflicting approaches, slow, fragmented adoption --> will not
>  > > work.
> 
> In other words .... change.  If you have any alternatives to change,
> please describe them.  Ollivander's wand shop is not available in this
> universe.

The alternative to change (ie, replacement) is complement. I mentioned that.
> 
>  > > It would be better if the solution does NOT need industry
>  > > support at all, only user support. It should use what is already
>  > > available.
> 
> This is the point in the script at which I laugh at you, Ed. 

I laugh with you ;-)

> S/MIME
> and PGP have been available for many many years now.  How many
> messages to the Cryptography Mailing List are cryptographically
> signed?  If it was going to happen, it would have *already* happened.

S/MIME and PGP did NOT earn user support. What's wrong with them, we all
know and Martin exemplifies below:

> 
> martin f krafft writes:
>  >   - The technology is too complex to be grasped. users may be able
>  >     to select encryption in their GUI, but they fail to understand
>  >     the consequences. This is especially problematic on the receiver
>  >     side, because no standard user knows how to handle a BAD
>  >     SIGNATURE alert.
> 
> Yup.  That's why I think that the MTA that checks the signature should
> surround the RFC2822 address comment with '?' if the signature is
> missing or bad.  If the email lacks a valid signature, you really
> *don't* know who it's from, so the question marks are simply telling
> the truth.

That's cute but your suggestion may have missed the point. If the email
lacks a valid signature, there may be many causes. Today, within CA cert
rollover dates, your browser's root certs may just need an update. Absence
of a valid signature simply means you have less evidence of whom it's from,
not no evidence.

>  >   - The infrastructure is not there. Two standards compete for email
>  >     cryptography, and both need an infrastructure to back them up.
> 
> Two standards?  DomainKeys and what else?

No -- DomainKeys has nothingf to do with 'email cryptography'. They are
S/MIME and PGP/MIME.

EG

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list