NPR : E-Mail Encryption Rare in Everyday Use
Alex Alten
alex at alten.org
Sun Feb 26 19:04:53 EST 2006
At 05:12 PM 2/26/2006 +0000, Ben Laurie wrote:
>Alex Alten wrote:
> > At 02:59 PM 2/24/2006 +0000, Ben Laurie wrote:
> >> Ed Gerck wrote: We have keyservers for this (my chosen technology
> >> was PGP). If you liken their use to looking up an address in an
> >> address book, this isn't hard for users to grasp.
> >
> > I used PGP (Enterprise edition?) to encrypt my work emails to a
> > distributed set of members last year. We all had each other's public
> > keys (about a dozen or so).
> >
> > What I really hated about it was that when fred at company.com sent me
> > an email often I couldn't decrypt it. Why? Because his firm's email
> > server decided to put in the FROM field "fred at server.company.com".
> > Since it didn't match the email name in his X.509 certificate's DN it
> > wouldn't decrypt the S/MIME attachment. This also caused problems
> > with replying to his email. It took us hours, with several
> > experimental emails sent back and forth, to figure out the root of
> > the problem.
> >
> > No wonder PKI has died commercially and encrypted email is on the
> > endangered species list.
>
>I trust you don't think this is a problem with PKI, right? Since clearly
>the issue is with the s/w you were using.
I place the blame squarely on X.509 PKI. The identity aspect of it is all
screwed up.
No software implementation can overcome such a fundamental architectural flaw.
- Alex
--
- Alex Alten
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list