Point of view regarding LISA 2002

Adam Shostack adam@homeport.org
Tue Oct 1 20:12:02 2002

On Tue, Oct 01, 2002 at 06:11:08PM +0200, markus_kampkoetter wrote:
| Michael Tokarev schrieb:
| > Adam Shostack wrote:
| > []
| > > Now, are these GPG's fault?  In most cases, no, they're not.  But
| > > they're problems that we need to address to get say, 10% of the email
| > > on the net to be encrypted.  And if thats a goal, then we need to
| > > examine the things that are preventing us from hitting it.
| >
| > Yeah - learn users to encrypt their emails and there will be
| > many problems with viruses who will try to use encryption too
| > thus making it impossible to detect in-transit...  Oh well... ;)
| >
| > /mjt
| i do not agree with you. at least you will know for sure who sent the virus to 
| you ;))) and worms cannot use cryptotechnology easily.
| (one day later)
| or can they? is it possible to write a script that automatically encrypts to all 
| the keys on ones keyring and sends itself to the corresponding addresses? even 
| if, it never will be able to sign.

Because that worm can't sniff your password?  Or create an inbound
message that requires you to enter you password to decrypt it?  Or
send your private key off via guntella to other instances of itself?

Crypto will make central AV harder.  However, central AV is already
hard, and the benefits of crypto may be large.  (It may be that
STARTTLS is more usable..)


"It is seldom that liberty of any kind is lost all at once."