[Cryptography] Google proposes a Web of Trust replacement to solve the key distribution problem.

Jerry Leichter leichter at lrw.com
Fri Aug 29 12:46:09 EDT 2014 

On Aug 29, 2014, at 2:33 AM, Dave Horsfall <dave at horsfall.org> wrote:
> I had a boss like that once.  Normally a sensible chap, he objected to 
> public key crypto making the public key, well, public.  I tried to explain 
> that you want as many people as possible to know your public key, but I 
> don't think I got through.
SMTP had a flat, democratic model:  Anyone who got hold of an email address could send mail to it.

"Enterprise-ready" email systems - as Microsoft and Exchange customers define them - allow access control on who can send to a particular address.  CEO's don't want to be bothered by email from "the little people" way down the hierarchy.

Before you object to the basic unfairness, keep in mind that we've had moderated lists - like this one - for many years, implementing the same thing.  The only real difference is that we provide the filtering at the level of "the list".

In both cases, the address itself often shows up on return addresses, so as an address, it's "public".

So ... "public" may not mean quite ... "public".  Never has.

Complaints about leakage of email addresses go back years.  Personally I've found most of the complaints over-wrought.  It's not as if spammers have had the slightest problem getting hold of addresses to send to.  The end result of all the angst is something that failed to solve any real problem while getting in the way of possibly useful functions - like the ability to find an email address without being part of the organization that controls his LDAP server.  (Not that LDAP is much to get excited about:  How it manages to be so damn slow will never cease to amaze me.)

                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140829/1122833b/attachment.bin>

More information about the cryptography mailing list