AW: E-Mail Encryption: Why Isn't Everyone Doing It?

De Bug debug@centras.lt
Thu Oct 24 17:05:02 2002


> I work for a credit bureau. You better believe there's lot's
>of stuff that we can't send by e-mail. You'd be surprised how
>many customers expect us to send consumer data via mail
>without giving thought to encryption. We don't, of course.
>After all we're talking about creditprofiles and stuff like
>that here.

So what =3F What is there to hide =3F Do not your words conform that people dont really care to keep their information secret=3F This is the real answer to the subject question.

Read-only access to information can't cause real harm. Bad things are cause by evil-driven people and not by the information accessability to the public.

Where encryption is really important  is in protecting the rights to manage things i.e. who and what can change/operate/manage/control. Email is not used for such things
(well SMTP protocol could probablly be used for it but it is not the prefered protocol)
All the importance is mostly in identification - i want to be sure who exactlly sent me that paticular email,
who is requesting write access to the databases.

>From my point of view any scheme that is based on keeping information secret is potentially dangerous
It is much better to assume that anyone can read the information and then think about how to make the system work safely

--
De Bug