NPR : E-Mail Encryption Rare in Everyday Use

Alex Alten alex at alten.org
Fri Feb 24 23:05:52 EST 2006


At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
>Ed Gerck wrote:
>We have keyservers for this (my chosen technology was PGP). If you liken
>their use to looking up an address in an address book, this isn't hard
>for users to grasp.

I used PGP (Enterprise edition?) to encrypt my work emails to a distributed 
set of
members last year.  We all had each other's public keys (about a dozen or so).

What I really hated about it was that when fred at company.com sent me an email
often I couldn't decrypt it.  Why?  Because his firm's email server decided 
to put
in the FROM field "fred at server.company.com".  Since it didn't match the email
name in his X.509 certificate's DN it wouldn't decrypt the S/MIME attachment.
This also caused problems with replying to his email.  It took us hours, with
several experimental emails sent back and forth, to figure out the root of 
the problem.

No wonder PKI has died commercially and encrypted email is on the endangered
species list.

- Alex
--

- Alex Alten


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list