NPR : E-Mail Encryption Rare in Everyday Use
Trevor Perrin
trevp at trevp.net
Sun Feb 26 16:42:56 EST 2006
Ed Gerck wrote:
> Ben Laurie wrote:
>
>> I totally don't buy this distinction - in order to write to you with
>> postal mail, I first have to ask you for your address.
>
>
> We all agree that having to use name and address are NOT the problem,
> for email or postal mail. Both can also deliver a letter just with
> the address ("CURRENT RESIDENT" junk mail, for example).
>
> The problem is that pesky public-key. A public-key such as
>
> [2. application/pgp-keys]...
>
>
> is N O T user-friendly.
True enough about public keys. Not so true about key fingerprints - a
20-char fingerprint is probably not much harder to manage than the usual
sorts of contact info (email, postal, & IM addresses, phone numbers, etc.).
Of course, a fingerprint won't let you encrypt an email without
supporting infrastructure for key lookups. However, it *will* let you
authenticate a session (e.g., IM, VoIP, SSH) if your parter presents his
public key in the handshake.
Perhaps this is further support for Iang's contention that we should
expect newer, interactive protocols (IM, Skype, etc.) to take the lead
in communication security. Email-style "message encryption" may simply
be a much harder problem.
Trevor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list