Yahoo releases internet standard draft for using DNS as public key server

[Peter Gutmann]

Russell Nelson <nelson at crynwr.com> writes:

> > > It would be better if the solution does NOT need industry
> > > support at all, only user support. It should use what is already
> > > available.
>
>This is the point in the script at which I laugh at you, Ed.  S/MIME and PGP
>have been available for many many years now.  How many messages to the
>Cryptography Mailing List are cryptographically signed?  If it was going to
>happen, it would have *already* happened.

It *is* happening, only it's now called STARTTLS (and if certain vendors
(Micromumblemumble) didn't make it such a pain to set up certs for their MTAs
but simply generated self-signed certs on install and turned it on by default,
it'd be happening even more).

>How many messages to the Cryptography Mailing List are cryptographically
>signed?

The S/MIME list debated this some time ago, and decided (pretty much
unanimously) against it, for two reasosn.  Firstly, because it adds huge ugly
blobs of base64 crap to each message (and before the ECC fans leap in here,
that still adds small ugly blobs of base64 crap to each message).  Secondly,
because if you get a message from someone you know you'll be able to get a
pretty good idea of its authenticity from the content (for example an SSH
developer would be unlikely to be advocating SSL in a list posting), and if
you get a message from someone you don't know then it's pretty much irrelevant
whether it's signed or not.  So the consensus was not to sign messages.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com