E-Mail Encryption: Why Isn't Everyone Doing It?

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed Oct 23 22:17:01 2002


--=-1G3hVvgNrIC6qRZuQWWB
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-10-23 at 18:12, Anthony E. Greene wrote:

> You are confusing authentication with encryption.
>=20
> Authentication is complex, but encryption is relatively simple. If I want
> to send you an encrypted message, I don't need to worry about whether you=
r
> electronic identity <peter.schuller@infidyne.com> is connected to the rea=
l
> world person "Peter Schuller". I just need to get a key that can be used
> by <peter.schuller@infidyne.com> to decrypt the message. Compared to
> authenticating a connection between an identity and a person, getting tha=
t
> key is easy.

If you want encryption, you want other people to be unable to look at
the encrypted email. You only want the owner of the respective
emailaddress being able to look at it.

You're right saying that you don't care about the person behind the key.
But you must solve the authentication problem anyway, or you are wide
open to a Man in the Middle Attack. There's just no way to securely
encrypt messages without doing authentication first.

cheers
-- vbi

--
this email is protected by a digital signature   http://fortytwo.ch/gpg

NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l

--=-1G3hVvgNrIC6qRZuQWWB
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iHQEABECADQFAj23BCMtGmh0dHA6Ly9mb3J0eXR3by5jaC9ncGcvcG9saWN5L2Vt
YWlsLjIwMDIwODIyAAoJEIukMYvlp/fWt88An1slvFHTEZFLQG06y9HRTQaERyjj
AKDe4fY/wQ7DKq7Egs17uJTthWb3HQ==
=W/TC
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822

--=-1G3hVvgNrIC6qRZuQWWB--