E-Mail Encryption: Why Isn't Everyone Doing It?

[Anthony E. Greene]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23-Oct-2002/17:46 +0200, Peter Schuller <peter.schuller@infidyne.com> wrote:
>In order to achieve secure communication, there are certain steps that
>MUST be taken. It cannot happen automatically, because if it does it is
>by definition not secure.

There are relative levels of security. The tools need to allow full
automation of the process, or else it won't happen. Users could be offered
varying levels of automation and security and allowed to make a choice. It
could be a simple as three buttons labeled like this:

 - Protect all my outgoing email if possible (Default)

 - Don't bother protecting my email

 - Advanced

>It works exactly the same as any "real world" communication. If I'm
>given a phone number to John Doe and call him up - I have no way of
>knowing I am really talking to John Doe, nor that he possesses the role
>that someone else claims he does.

You are confusing authentication with encryption.

Authentication is complex, but encryption is relatively simple. If I want
to send you an encrypted message, I don't need to worry about whether your
electronic identity <peter.schuller@infidyne.com> is connected to the real
world person "Peter Schuller". I just need to get a key that can be used
by <peter.schuller@infidyne.com> to decrypt the message. Compared to
authenticating a connection between an identity and a person, getting that
key is easy.

Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE9tspVpCpg3WyUI50RAvkoAJwPS5VbYKsxisNpuFn7AffRlpJAEwCgjxZZ
1DRYEt3tCbSIclVCOat2ORU=
=+jsQ
-----END PGP SIGNATURE-----