what is killing PKI?

Landon Hurley ljrhurley at gmail.com
Fri Oct 5 03:12:09 CEST 2012

Hash: SHA512

On 10/04/2012 07:22 PM, Robert J. Hansen wrote:
> On 10/4/2012 7:05 PM, MFPA wrote:
>> Searching is not an insurmountable problem
> Problems do not have to be insurmountable to have serious effects on
> regular users.
> John Clizbe maintains a 10Mb archive of every message that's ever been
> posted to the Enigmail mailing list.  This comprises tens of thousands
> of messages.  If each message is encrypted individually, then searching
> through that archive could easily take on the order of a minute or more.
>  That's simply unacceptable.
> There are, of course, ways to mitigate this.  As near as I can tell
> they're all just as bad.  For instance, you could say that each time you
> receive an encrypted message, you could add it to the existing archive
> with the same key.  Depending on which mode you use, though, this could
> result in encrypting the 10mb archive for each and every new message
> that comes in.  That's something you really want to avoid.  You could
> try to get around that by using more exotic cipher modes (e.g., consider
> each message's position in the archive to be an index, and use the index
> to set a cipher running in Galois-CTR mode or somesuch), but the more
> complicated the scheme becomes the more fragile it becomes.
>> How is spam any more of a problem in a scenario where all messages are
>> encrypted?
> It becomes completely impossible to do enterprise-level spam filtering.
>  If I send you email in plaintext, your ISP can check that email against
> its spam detection engine and, if my message gets flagged as spam, it
> can be automatically redirected to a spam folder.  If I send you email
> in ciphertext, your ISP can't do that.

Won't the overhead from running gpg or equivalent limit the amount of
spam that will occur afterward anyway? The whole reason that spam works
and is profitable is in the agreggate of millions of messages. If I
introduce a .5 second latency, that undermines the whole economic
incentive, because I can no longer send messages quickly enough. Or am I
overestimating the time it takes to run a single message through
1024-bit RSA with SHA1?

> Now, you might say that this is exactly the behavior you want.  If so,
> great.  But it's not the behavior that the overwhelming majority of
> users want -- I can't count the number of people I know who have
> completely switched to Gmail for their email provider just because of
> their superb spam filtering.  Many of these people are quite
> computer-literate and they know full well that Google is inspecting the
> contents of their email to deliver targeted ads -- but that's a tradeoff
> they're willing to make if it reduces spam.
>> Some will lose (access to) data through carelessness and/or
>> misfortune. Two choices: multiple secure backups of the private key
>> stored in different locations, or don't bother encrypting. Hmm. Which
>> of the two should we promote?
> Who says we should promote anything?  Nobody ever elected me Grand
> Poobah of the Internet.  I don't think anyone ever elected you, either.
>  Instead of telling people what they should do, what's wrong with giving
> people options and telling them that it's their responsibility to make
> informed choices?
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

- -- 
Violence is the last refuge of the incompetent.
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the Gnupg-users mailing list