secure sign & encrypt

Tue May 21 10:24:02 2002

--=-qlPInynfxfswG9+89RgT
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Fri, 2002-05-17 at 18:38, Robert J. Hansen wrote:

> Davis' `exploit' (in 1.1) basically boils down to this: if you can't trus=
t=20
> the person you're talking to, then the person you're talking to can use=20
> your words in ways you don't like.  Is that a problem?  Sure.  But it's a=
=20
> social problem, not a technological one.  It demands social solutions, no=
t=20
> different cryptographic standards.

Agreed that the exploit is not really technological. The programs do
exactly as told. From the senders point of view I agree fully to what
you say. BUT if somebody receives an encrypted message he will almost
always automatically assume secure end to end communication - which may
not be the case. The open question is basically if the user should be
educated that the software does not work the way they think (hard, I
think), or if the software should be modified to match the users
(reasonable, imho) expectations.

--=20
secure email with gpg                 avbidder@fortytwo.ch: key id
0x92082481
                                      avbidder@acter.ch:    key id
0x5E4B731F

--=-qlPInynfxfswG9+89RgT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQA86gRkwj49sl5Lcx8RApkTAJwKz0M8/q3Mdmdq0ngygNQG9lufTACgkISh
l9dTJC2VTYbGUjjoc4NXVWE=
=oE4v
-----END PGP SIGNATURE-----

--=-qlPInynfxfswG9+89RgT--