[Cryptography] Making scenarios realistic
Ralf Senderek
crypto at senderek.ie
Mon Apr 15 13:39:26 EDT 2019
On Mon, 15 Apr 2019, Phillip Hallam-Baker wrote:
> The paper is from 1997. Think about that for a while. Back then we thought that the biggest
> issue any crypto system had to address was how to absolutely guarantee any possibility that the
> FBI could gain any imaginable advantage in any circumstance whether realistic or not.
In 1997 I happened to know people who already tried to broaden the user
base of PGP keys in an academic environment including the improvisation of
user interfaces to PGP. But the common mindset was the opposition to key
escrow in any form, because key escrow is very different from key
availabilty/backup which was a pain in the neck back then, and still is.
> [...] we ended up with end-to-end email take up of about 2 million S/MIME and
> 2 million OpenPGP users having registered a key - about -.1% of users. and they use it for maybe
> 1% of their email.
Even if your numbers were correct (in the open source community a handful
of keys secure the integrity of a large number of OS packages, and almost
all users are unaware of their "use" of GPG keys) the lesson to be learned
here is that key management is the problem to be solved. But it has to be
solved in a way that the user can contol himself, not by key escrow.
--ralf
More information about the cryptography
mailing list