Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Are the encryption wars really over? Maybe not

From: David Farber <dave () farber net>
Date: Fri, 27 May 2005 12:38:49 -0400


Begin forwarded message:

From: Ed Gerck <egerck () nma com>
Date: May 27, 2005 8:33:46 AM EDT
To: dave () farber net
Cc: Ip ip <ip () v2 listbox com>
Subject: Re: [IP] Are the encryption wars really over? Maybe not


Declan,

I guess we all know what is blocking email encryption. We can't say it's
legislation, anymore. It's just too darn difficult to do. Downloading
Java applets doesn't help much, and you end up having to do your own
key management even if you pay for a cert.

As I have commented elsewhere (crypto list), the public-key model is
also backwards for email. It is similar to having to ask you for an envelope before I can send you postal mail, and trusting YOUR envelope to be secure 
for MY document! OTOH, using "password security" to encrypt email is not
secure at all and just makes the recipient of your emails open to spoofing 
and phishing.
I invite anyone to try without cost a new model called ZMail, which provides end-to-end encryption without the user having to bother with anything crypto, even though it uses keys and certs. After all, why should anyone bother to learn and use cryptography principles, key management, key validation and other technical concepts when all you want to do is send and receive email without 
problems?

BTW, there is no key escrow. The user's login credentials are not stored
anywhere either, not even the sysadmin could break the user's privacy.

To try, please go to https://zsentry.com/mail/register_user.html

Comments are welcome.

Cheers,
Ed Gerck



From: Declan McCullagh <declan () well com>
Date: May 25, 2005 10:09:53 PM EDT
To: politech () politechbot com
Subject: [Politech] Are the encryption wars really over? Maybe not [priv] 
...
I wouldn't be surprised if such a law would permit non-escrowed crypto to be used to secure communication streams while requiring .gov backdoors in crypto used for hard drive or file encryption. In other words, GPG and PGPdisk might become verboten. Programmers might sensibly scoff, but that's the way the Feds think. 



--
________________________________________________
I use ZSentry Mail Secure Email
https://zsentry.com/R/index.html/edgerck () nma com


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: