X.509 / PKI, PGP, and IBE Secure Email Technologies
James A. Donald
jamesd at echeque.com
Mon Dec 12 12:34:10 EST 2005
--
From: Ralf Senderek <ralf at senderek.com>
> I think what's missing is the understanding that there
> cannot be secure email without the persons involved
> acting responsible and knowing their role in the
> process. Your mother will probably expect the computer
> to do the job for her (mine will never expect anything
> from computers) rejecting any responsibility for her
> email's security. In my opinion establishing secure
> email this way is impossible despite the fact that
> encryption is (relatively) easy if our algorithms work
> as expected
This sounds like "it is not my fault. It is those
stupid user's fault"
No, it is not those stupid user's fault. It is our
fault. For example phishing ought not to be possible -
would not be possible if we used zero knowledge
technologies to protect passwords.
Whenever a user communicates anything to anyone, they
use a password, or some form of shared secret - their
credit card number - the password whereby they login to
their mail server. Therefore, whenever a user
communicates anything to anyone, it should be secure,
but it is not.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
Jogksi+CFTLv6yHXLYAd6VeQz73gNHYNM1t/B6aB
4uVe9+oTO/DP7awisj6RYpMbzekGf0+UrwxWfnpxM
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list