Keys not trusted

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Fri May 16 08:15:02 2003


--Boundary-02=_qIIx+RM6+V7yWGj
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Friday 16 May 2003 03:54, David Shaw wrote:

> It's one of those eternal questions whether it is better if a system
> is perfectly secure, but not many people use it, or if it is less
> secure, and many people use it.  One way to put this is to ask whether
> it is better to encrypt and be vulnerable to a man in the middle
> attack... or to not encrypt and be vulnerable to everything ;)

I guess for some the big is that the people using a security-made-easy syst=
em=20
=2D where some vulnerabilities are traded against convenience - won't be aw=
are=20
of these vulnerabilities but just assume that their system is absolutely 10=
0%=20
secure. So, when the first attack comes that uses this well known (amongst=
=20
those who care to know) vulnerability, people will yell 'but you promised u=
s=20
a secure system' - and there's nothing you can do. Telling them that it=20
wasn't designed to be secure in this way will not help you, then.

cheers
=2D- vbi

=2D-=20
featured link: http://fortytwo.ch/smtp

--Boundary-02=_qIIx+RM6+V7yWGj
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj7EgipgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjQmbWQ1c3VtPTgxNjMwYmFhYmU5YTA2NzBi
YjE5YzFmYTg1MjdhN2FiAAoJEIukMYvlp/fW4tEAmgNKtbItLMxg9gu0V8dgXW0s
fGSqAJ0feWVhQANpzHo2mPJCf3PbI7hs9Q==
=xdlr
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.4&md5sum=81630baabe9a0670bb19c1fa8527a7ab

--Boundary-02=_qIIx+RM6+V7yWGj--