what is killing PKI?

[Robert J. Hansen]

On 10/4/2012 9:00 PM, MFPA wrote:
> I guess it depends what speeds you are used to. I expect about three 
> minutes to search around 65,000 messages (including around 3000 
> encrypted) at home using The Bat!, and a little longer at work to 
> search through 2000-3000 unencrypted messages using Outlook.

Yeah, and me, if doing a fulltext search on 100,000 messages takes more
than a fraction of a second, something's quite wrong.  Responsiveness
matters.

> Anyway, I would anticipate spam volumes to be lower if all messages 
> were encrypted. Would the spammers invest the cpu cycles to encrypt 
> their messages to each and every recipient?

Of course they would.  They're already running on hijacked systems,
using botnets to send out spam: why would they care about using up a lot
of somebody else's CPU?  They already don't care about using up a lot of
somebody else's network connection.

> At times I recommend things like restaurants, films, holiday
> destinations, pubs, books, nightclubs, bands. Nobody elected me for
> that either

Yes.  Recommendations are all well and good.  There's a difference
between a recommendation and a should, though.  If I say, "I really
liked this restaurant: they had wonderful seafood," that's different
from saying, "You should go to this restaurant: they have wonderful
seafood."  The first is a statement about how you interact with the
world.  The second is rather rude if you say it to someone who's
allergic to shellfish, or someone who for religious or dietary reasons
must abstain from seafood, or... etc.

> And what's wrong with having safe and sane defaults for those who 
> choose not to make their own informed choices?

This is a meaningless question, because it presumes there's a single
objective standard for what is "safe and sane."  There isn't: all
security decisions are context-sensitive.