STEED - Usable end-to-end encryption

Jerome Baum jerome at jeromebaum.com
Tue Oct 18 16:45:31 CEST 2011


> I don't see why the ISP has to be the entity providing DNS lookup.
> The one I use won't even allocate me a static address, let alone
> accept RRs from me to serve out to others.  I'm not sure I'd trust
> them to get it right and *keep* it right anyway.

I should clarify. An email provider is also an ISP, and I was referring
to the email-provider type of ISP. But yes I agree that we shouldn't
trust the ISPs too much and that's why I keep saying we shouldn't rely
solely on them.

> If the ISPs won't cooperate, maybe the antivirus vendors would.
> They're already in the data security business, already have an
> extensive network presence, and already get money from me to help me
> secure my information assets.  Build enrollment into the AV product or
> provide a separate setup tool.  It should be simple.

This I'm not too sure if we can trust an AV vendor more or less than an
ISP. That's the problem with making these decisions for the user: We're
pushing the trust onto them, just like the CA root certificates in most
browsers.

The trust decision should be with the user. In a user-friendly way.
Also, I want world peace.

-- 
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA



More information about the Gnupg-users mailing list