Keys not trusted

John A. Martin
Fri May 16 21:56:02 2003

Content-Transfer-Encoding: quoted-printable

>>>>> "ds" =3D=3D David Shaw "Re: Keys not trusted"
>>>>>  Fri, 16 May 2003 11:55:36 -0400

    ds> On Fri, May 16, 2003 at 08:16:06AM +0200, Adrian
    ds> 'Dagurashibanipal' von Bidder wrote:
    >> On Friday 16 May 2003 03:54, David Shaw wrote:
    >> > It's one of those eternal questions whether it is better if a
    >> > system is perfectly secure, but not many people use it, or if
    >> > it is less secure, and many people use it.  One way to put
    >> > this is to ask whether it is better to encrypt and be
    >> > vulnerable to a man in the middle attack... or to not encrypt
    >> > and be vulnerable to everything ;)
    >> I guess for some the big is that the people using a
    >> security-made-easy system
    >> when the first attack comes that uses this
    >> will yell

    ds> Yes, this is absolutely true.  I'm not sure what the answer is
    ds> for that except perhaps education... and we all know that
    ds> users don't read the manuals ;)

We lock flimsy doors with weak locks so that it becomes _breaking and
entering_ when someone enters by forcing a door.


Content-Type: application/pgp-signature