[Cryptography] What ever happened to end-to-end email encryption?
Bill Frantz
frantz at pwpconsult.com
Mon Aug 23 16:53:21 EDT 2021
Note that Phil can be justly proud of the WebPKI he worked on.
It has definitely met it's most important design goal: Getting
people to risk their credit card numbers online to make
e=commerce transactions. Now, of course, I have objections to
some features of WebPKI which I have discussed with Phil over
the years, but WebPKI is "good enough" which is enough.
I am also glad he has at least a chance of getting the Mesh adopted.
On 8/23/21 at 1:16 AM, phill at hallambaker.com (Phillip
Hallam-Baker) wrote:
>The realization I came to was that the only way that you can make broad
>scale PKI work is on a direct trust model. This is what PGP has degenerated
>into. Nobody really uses the Web o Trust, it is the fingerprints that
>matter.
My one use of the Web of Trust (WoT) was interesting. I had a
company confidential document I wanted to work on from home. I
wanted to encrypt it and send it to myself via email.
But, I didn't have my PGP key at the office. I didn't even have
its fingerprint.
But Carl Ellison has signed my key, and I had Carl's key's
fingerprint on his business card. I thought about it for a
moment, and decided I trusted that Carl had signed my key, and
not some interloper's key.
So I downloaded "my" key from the KeyServer, checked the
signature, and used it.
Cheers - Bill
----------------------------------------------------
Bill Frantz | Art is how we decorate space,
408-348-7900 | music is how we decorate time.
www.pwpconsult.com | -Jean-Michel Basquiat
More information about the cryptography
mailing list