Robot CA at toehold.com

Volker Gaibler volker.gaibler@urz.uni-heidelberg.de
Thu Dec 5 22:12:10 2002


On Thu, Dec 05, 2002 at 11:24:01AM -0600, Kyle Hasselbacher wrote:
> With tools yet to be created, people could get the benefits of encryption
> without having to understand it.  The robot CA will make those tools work
> better.

I think it is really dangerous to give people that feeling of security.
Someone who doesn't understand the basics of encryption will not be able
to use it an a secure way. I'm not talking about mathematics but about
the meaning and implications of a exportable signature, a local
signature and assigning trust - just as examples. 

The most vulnerable point of encryption is the interface key <--> person. 
Just as people get used to accepting all certificates when using SSL.
And granny will not be aware of the fact that only email address is
checked - at least not in every-day business. 

> security.  I don't deny it.  What I think, though, is that the false sense
> of security will always be a problem.  I've talked to users who are
> astonished to learn that their sysadmin can read their email on the mail
> server.  I want those who don't understand security, who think they have
> some, to actually have more than they do now, even if it's not the most
> that's possible.

And the will be astonished that their sysadmin cannot only read their
email but can also forge signatures.

Volker



-- 
 Volker Gaibler                                 contact:
 http://www.volker-gaibler.de                   mail@volker-gaibler.de
 OpenPGP key: 0x86ECAC0B
 get my public key from website above 
+---------------------------------------------------------------------+