E-Mail Encryption: Why Isn't Everyone Doing It?
Adrian 'Dagurashibanipal' von Bidder
Wed Oct 23 22:17:01 2002
On Wed, 2002-10-23 at 18:12, Anthony E. Greene wrote:
> You are confusing authentication with encryption.
> Authentication is complex, but encryption is relatively simple. If I want
> to send you an encrypted message, I don't need to worry about whether you=
> electronic identity <email@example.com> is connected to the rea=
> world person "Peter Schuller". I just need to get a key that can be used
> by <firstname.lastname@example.org> to decrypt the message. Compared to
> authenticating a connection between an identity and a person, getting tha=
> key is easy.
If you want encryption, you want other people to be unable to look at
the encrypted email. You only want the owner of the respective
emailaddress being able to look at it.
You're right saying that you don't care about the person behind the key.
But you must solve the authentication problem anyway, or you are wide
open to a Man in the Middle Attack. There's just no way to securely
encrypt messages without doing authentication first.
this email is protected by a digital signature http://fortytwo.ch/gpg
NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/gpg/policy/email.20020822