NPR : E-Mail Encryption Rare in Everyday Use

Alex Alten alex at alten.org
Sun Feb 26 19:04:53 EST 2006


At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>Alex Alten wrote:
> > At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
> >> Ed Gerck wrote: We have keyservers for this (my chosen technology
> >> was PGP). If you liken their use to looking up an address in an
> >> address book, this isn't hard for users to grasp.
> >
> > I used PGP (Enterprise edition?) to encrypt my work emails to a
> > distributed set of members last year.  We all had each other's public
> > keys (about a dozen or so).
> >
> > What I really hated about it was that when fred at company.com sent me
> > an email often I couldn't decrypt it.  Why?  Because his firm's email
> > server decided to put in the FROM field "fred at server.company.com".
> > Since it didn't match the email name in his X.509 certificate's DN it
> > wouldn't decrypt the S/MIME attachment. This also caused problems
> > with replying to his email.  It took us hours, with several
> > experimental emails sent back and forth, to figure out the root of
> > the problem.
> >
> > No wonder PKI has died commercially and encrypted email is on the
> > endangered species list.
>
>I trust you don't think this is a problem with PKI, right? Since clearly
>the issue is with the s/w you were using.

I place the blame squarely on X.509 PKI.  The identity aspect of it is all 
screwed up.
No software implementation can overcome such a fundamental architectural flaw.

- Alex


--

- Alex Alten


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list