NPR : E-Mail Encryption Rare in Everyday Use

[Victor Duchovni]

On Wed, Mar 01, 2006 at 06:15:36PM +0100, Ian G wrote:

> >>Email is hard to get encrypted, but it didn't stop Skype from doing
> >>encryped IMs "easily."
> >
> >
> >Likewise I have secured email communications with my wife via a single
> >key exchange, so what? Skype has not "easily" created an interoperable
> >federated system that secures all IM communications end-to-end, and
> >many of the issues in doing that are non-technical.
> 
> 
> Right.  Nor did email create a single federated
> system that crosses across to mobile phones.  There
> is always a boundary where a system stops.

Federated accross millions of account issuing organizations, not
technologies, and email did do that, and IM did not. IM is like email from
a choice MCI, Sprint or AT&T, sure they can control the medium better,
but this is a temporary state of affairs...

> The point is that the non-technical issues we
> are looking at here are *better* handled at the
> level of competitive systems, because they have
> incentives to solve them, whereas technical
> committees writing RFCs do not.

These are closed systems that compete with each other, once
they become federated, they can no longer compete on end-to-end
security, because that is a property of the interoperability
framework, not the individual product. Also with millions
of account issuers, the abuse and identity problems become
just as bad as for email. The problem is intrinsic, is not
the result of lazy RFC writers.

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com