Robot CA at toehold.com
Volker Gaibler
volker.gaibler@urz.uni-heidelberg.de
Thu Dec 5 22:12:10 2002
On Thu, Dec 05, 2002 at 11:24:01AM -0600, Kyle Hasselbacher wrote:
> With tools yet to be created, people could get the benefits of encryption
> without having to understand it. The robot CA will make those tools work
> better.
I think it is really dangerous to give people that feeling of security.
Someone who doesn't understand the basics of encryption will not be able
to use it an a secure way. I'm not talking about mathematics but about
the meaning and implications of a exportable signature, a local
signature and assigning trust - just as examples.
The most vulnerable point of encryption is the interface key <--> person.
Just as people get used to accepting all certificates when using SSL.
And granny will not be aware of the fact that only email address is
checked - at least not in every-day business.
> security. I don't deny it. What I think, though, is that the false sense
> of security will always be a problem. I've talked to users who are
> astonished to learn that their sysadmin can read their email on the mail
> server. I want those who don't understand security, who think they have
> some, to actually have more than they do now, even if it's not the most
> that's possible.
And the will be astonished that their sysadmin cannot only read their
email but can also forge signatures.
Volker
--
Volker Gaibler contact:
http://www.volker-gaibler.de mail@volker-gaibler.de
OpenPGP key: 0x86ECAC0B
get my public key from website above
+---------------------------------------------------------------------+