NPR : E-Mail Encryption Rare in Everyday Use
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Tue Feb 28 16:28:51 EST 2006
On Sun, Feb 26, 2006 at 01:42:56PM -0800, Trevor Perrin wrote:
> Perhaps this is further support for Iang's contention that we should
> expect newer, interactive protocols (IM, Skype, etc.) to take the lead
> in communication security. Email-style "message encryption" may simply
> be a much harder problem.
This is neither surprising, nor relevant to email.
We are at this point reasonably good at encrypting unicast traffic and
the associated key management problem is often viable. Encrypting stored
data is a substantially more difficult problem.
We have increasingly common opportunistic TLS encryption of email traffic,
with occasional fully verified secure-channels between some pairs of
sites. We could conceivably some day (political barriers primarily
at this point) have a secure DNS for secure MX record lookups and key
distribution enabling secure channels between most sites. This is viable,
traffic encryption is a tractable problem.
Encrypting email content, to be stored encrypted, and decrypted when
read off-line, or read again later, ... is a problem that the IM
and VoIP vendors don't have to solve. They also don't have to solve
global federation of universally interoperable systems...
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list