NPR : E-Mail Encryption Rare in Everyday Use

Ed Gerck edgerck at nma.com
Sat Feb 25 16:11:55 EST 2006


Ben Laurie wrote:
> I totally don't buy this distinction - in order to write to you with
> postal mail, I first have to ask you for your address.

We all agree that having to use name and address are NOT the problem,
for email or postal mail. Both can also deliver a letter just with
the address ("CURRENT RESIDENT" junk mail, for example).

The problem is that pesky public-key. A public-key such as

[2. application/pgp-keys]...


is N O T user-friendly.

Arguments that people give each other their cell phone numbers, for example,
and even though there isn't a cell phone directory people use cell phones
well, also forget the user's point of view when comparing a phone number with
a public-key.

Finally, the properties of MY public-key will directly affect the confidentiality
properties of YOUR envelope. For example, if (on purpose or by force) my public-key
enables a covert channel (eg, weak key, key escrow, shared private key), YOUR
envelope is compromised from the start and you have no way of knowing it. This is
quite different from an address, which single purpose is to route the communication.

That's I said the postal analogue of the public-key is the envelope.

> Ed Gerck wrote:
>> My $0.02: If we want to make email encryption viable (ie, user-level
>> viable)
>> then we should make sure that people who want to read a secure
>> communication
>> should NOT have to do anything before receiving it. Having to publish my
>> key
>> creates sender's hassle too ...to find the key.
> 
> So you think people can use the post to write to you without you
> publishing your address?

I get junk mail all the time at two different postal addresses, without ever
having published either of them. Again, addresses and names are user friendly
(for better or for worse) while public-keys are not -- in addition to their
different security roles (see above).

> Ed Gerck wrote:
>> BTW, users should NOT be trusted to handle keys, much less to handle them
>> properly. This is what the users themselves are saying and exemplifying in
>> 15 years of experiments.
> 
> I think users are perfectly capable of handling keys. The problem they
> have is in choosing operating systems that are equal to the task.

That's another notorious area where users can't be trusted -- and that's why
companies lock down their OSes -- or, should a company really allow each user
to choose their desired OS? Apart from compatibility issues, which also do
not allow users to  freely choose even the OS in their homes ("Junior wants
to play his games too" scenario).

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list