E-Mail Encryption: Why Isn't Everyone Doing It?

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed Oct 23 22:17:01 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2002-10-23 at 18:12, Anthony E. Greene wrote:

> You are confusing authentication with encryption.
> Authentication is complex, but encryption is relatively simple. If I want
> to send you an encrypted message, I don't need to worry about whether you=
> electronic identity <peter.schuller@infidyne.com> is connected to the rea=
> world person "Peter Schuller". I just need to get a key that can be used
> by <peter.schuller@infidyne.com> to decrypt the message. Compared to
> authenticating a connection between an identity and a person, getting tha=
> key is easy.

If you want encryption, you want other people to be unable to look at
the encrypted email. You only want the owner of the respective
emailaddress being able to look at it.

You're right saying that you don't care about the person behind the key.
But you must solve the authentication problem anyway, or you are wide
open to a Man in the Middle Attack. There's just no way to securely
encrypt messages without doing authentication first.

-- vbi

this email is protected by a digital signature   http://fortytwo.ch/gpg

NOTE: get my key here: http://www.google.com/search?q=3DmQGiBDx2a6ERBAC8l

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.7 (GNU/Linux)

Signature policy: http://fortytwo.ch/gpg/policy/email.20020822