public-key: the wrong model for email?

lrk crypto at ovillatx.sytes.net
Fri Sep 17 12:29:01 EDT 2004


On Thu, Sep 16, 2004 at 04:57:39PM -0700, Bill Stewart wrote:
> At 10:19 PM 9/15/2004, Ed Gerck wrote:
> >Yes, PKC provides a workable solution for key distribution... when you
> >look at servers. For email, the PKC solution is not workable (hasn't been)
> >and gives a false impression of security. For example, the sender has no
> >way of knowing if the recipient's key is weak (in spite of its length)
> >or has some "key-access" feature. Nonetheless, the sender has to use that 
> >key.
> 
> I don't understand the threat model here.

That seems to be the actual problem. If you want real security, you need a
vault, guards, cryptographers, and do the crypto in the vault.

I use GnuPG so my e-mail is in an "envelope" rather than on a "postcard".
If the fedz want to read it they bring guns, slammers, and rubber hoses
anyway.


Perhaps it is time to define an e-mail definition of crypto to keep the
"postman" from reading the "postcards". That should be easy enough to
implement for the average user and provide some degree of privacy for
their mail. Call it "envelopes" rather than "crypto". Real security 
requires more than a Windoz program.


-- 
crypto at ovillatx.sytes.net

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list