Re: Authentication and email

[Derek Atkins <derek@ihtfp.com>]

Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:

> At 4:44 PM -0500 2/10/03, Derek Atkins wrote:
> >Yea, and look how secure our email system is....
> 
> Well, yes, let's look. Security is available where the two end-users
> want it, and is available where any pair of servers want it. Few
> people turn it on in either step, but those who want it use it almost
> invisibly.

But it generally requires both sides to agree, because it's not
ubiquitous.  If I wanted to encrypt this email, I couldn't.  Why?
Because there is no way I could -- there is no guarantee that you
could even read it (let alone have a key I could encrypt with).

So, I couldn't encrypt this email _even if I wanted to_.  That's the
problem.  I want a system where, if I want to encrypt a message, I can
be guaranteed that you can read it.  If you don't want to encrypt your
reply, that is your prerogative.

> >   The IESG has already
> >stated that optional security is bad (because optional security means
> >no security).  Let's not revisit that rathole.
> 
> We fully disagree here. Forcing visible security where none is needed
> leads to most people not wanting to use security. If security is free
> or very low-cost, it should be required. When it is any more expensive
> either in processing time or in user hassle, it should be optional and
> easy to implement if used.

Who has the right to decide where security is needed and where it is
not?  Your idea of when it is needed is not the same as mine, and I
bet that neither of us would completely agree with some human rights
worker in Africa.  The reason I agree with the IESG is that by forcing
implementers to include security it means that users always have the
choice and don't have the problem I do with this email.

> --Paul Hoffman, Director
> --VPN Consortium

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com