[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Authentication and email
At 9:19 PM -0500 2/10/03, Derek Atkins wrote:
Paul Hoffman / VPNC <paul.hoffman@vpnc.org> writes:
At 4:44 PM -0500 2/10/03, Derek Atkins wrote:
>Yea, and look how secure our email system is....
> Well, yes, let's look. Security is available where the two end-users
want it, and is available where any pair of servers want it. Few
people turn it on in either step, but those who want it use it almost
invisibly.
But it generally requires both sides to agree, because it's not
ubiquitous.
Which is a good indication of how few people want to use it.
If I wanted to encrypt this email, I couldn't. Why?
Because there is no way I could -- there is no guarantee that you
could even read it (let alone have a key I could encrypt with).
Of course you could. If you and I agree that you should encrypt a
message for me, it is trivial for us to agree to (particularly if we
are using S/MIME).
So, I couldn't encrypt this email _even if I wanted to_. That's the
problem.
Hogwash. Find my S/MIME cert or PGP key and encrypt. If I don't make
them available to you, you can't encrypt, but it also means I don't
want you to.
I want a system where, if I want to encrypt a message, I can
be guaranteed that you can read it.
If I have an S/MIME certificate out there with an encryption key, I
can read what you encrypt with. The same is true for a PGP key.
> > The IESG has already
>stated that optional security is bad (because optional security means
>no security). Let's not revisit that rathole.
We fully disagree here. Forcing visible security where none is needed
leads to most people not wanting to use security. If security is free
or very low-cost, it should be required. When it is any more expensive
either in processing time or in user hassle, it should be optional and
easy to implement if used.
Who has the right to decide where security is needed and where it is
not?
The user of the protocol? Naaah, that's not the IETF way.
Your idea of when it is needed is not the same as mine, and I
bet that neither of us would completely agree with some human rights
worker in Africa.
Fully agree.
The reason I agree with the IESG is that by forcing
implementers to include security it means that users always have the
choice and don't have the problem I do with this email.
The IESG forces implementers to include security? In which universe
does that happen? Implementers leave out the security part of lots of
protocols that have security specified. In fact, you will find that
most email clients have good, interoperable end-to-end security built
in even though it is optional and rarely used. Your polemic above is
just plain silly: anyone who wants you to send them encrypted mail
using Internet standards can do so, usually quite easily. And
voluntarily, too!
--Paul Hoffman, Director
--VPN Consortium