NPR : E-Mail Encryption Rare in Everyday Use
Victor Duchovni
Victor.Duchovni at MorganStanley.com
Wed Mar 8 15:20:29 EST 2006
On Wed, Mar 08, 2006 at 12:53:16PM -0700, Peter Saint-Andre wrote:
> > These are closed systems that compete with each other, once
> > they become federated, they can no longer compete on end-to-end
> > security, because that is a property of the interoperability
> > framework, not the individual product. Also with millions
> > of account issuers, the abuse and identity problems become
> > just as bad as for email. The problem is intrinsic, is not
> > the result of lazy RFC writers.
>
> Well, in the Jabber/XMPP world we require authentication, servers must
> stamp the from addresses, and we use (at a minimum) reverse DNS lookups
> to verify server identities (or use certs with TLS + SASL-EXTERNAL if
> you want true server-to-server authentication). So I'd say the abuse and
> identity problems are not as bad in IM (at least the IM technology I'm
> familiar with) as in email. But you'd hope that we've learned a thing or
> two since email was invented. ;-)
What is the value of such "authentication"? Which organizations will you
trust? For example, most mail that passes SPF is spam... Authentication
by the issuing organization is only useful, if you can keep bad issuers
of the net... If federated Jabber becomes universal, the bad guys cannot
be excised from the network. The botnets cannot be excised from the network,
...
The problem is technology neutral. Loosely along the lines of Goedel's
incompleteness theorem, any universally deployed federated communications
medium will exhibit spam.
<Maxim>Either it is not mature enough, or it has spam.</Maxim>
--
/"\ ASCII RIBBON NOTICE: If received in error,
\ / CAMPAIGN Victor Duchovni please destroy and notify
X AGAINST IT Security, sender. Sender does not waive
/ \ HTML MAIL Morgan Stanley confidentiality or privilege,
and use is prohibited.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list