Re: secure email

From: Ralph A. Jones (rajones_at_SPAM_ME_NOT_AT_tconl.com)
Date: 10/24/03


Date: Fri, 24 Oct 2003 00:05:57 -0500

Jamie Briant wrote:

> I've got this email which has been digitally signed, so I have the guys
> public key. I want to send an encrypted email back. But, outlook wont let me
> because *I* dont have a certificate. Is this outlook, or will Mozilla,
> Eudora, etc all do the same thing? Is it the whole protocol: it wont let you
> use someone elses public key unless you have a key of your own? Seems a
> great way to make sure that no-one adopts secure email if you ask me.
>
> jamie
>
>

I have been an email encryption advocate since the DOS PGP days when
Phil Zimmerman (the author of PGP) was still being sued by the Justice
Department for providing military-grade encryption to the masses (and,
unfortunately for Phil, enemies of his home country the United States).
  In my experience over the years it has been proven to me over and over
again that it takes a true geek/paranoid (of which I am proud to call
myself) to "buy into" email encryption. Your average, Joe Blow user
could hardly be less interested in email encryption because: a) it adds
two or three clicks to processing email, whether you are using PGP or an
S/MIME-enabled email client like O/OE; or, b) obtaining and installing a
digital certificate or generating a PGP key set is beyond the computer
capabilities/interests of most.

Your friend appears to have joined the relatively small community of
geek/paranoids. I invite you to join us. As others have suggested, you
can pick up a Thawte certificate for free (http://www.thawte.com -- even
though their "public trust" or "notary public" system probably inhibits
the timid).

Last time I checked (although this may have been changed in the most
recent version), Netscape verions 6.x/7.x (Mozilla iterations) did *NOT*
properly support S/MIME.



Relevant Pages

  • Re: Encrypted network communication
    ... Bob) communicate over an insecure channel. ... This type of encryption uses a single shared, ... Secret-key encryption algorithms use a single secret key to encrypt and ... unauthorized users and a public key that can be made public to anyone. ...
    (microsoft.public.dotnet.languages.csharp)
  • RE: PGP scripting...
    ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
    (SecProg)
  • Re: PGP/GPG
    ... You obtain someone's public key, encrypt a message with it, hence ... This is known as message encryption, ... Web of trust (the PGP way) ... if you find a signature under a document that you've ...
    (comp.os.linux.misc)
  • Re: Encrypted Email
    ... PGP will be your best bet. ... Encryption of course encrypts the email so only the ... needs everyone elses public key to decrypt messages. ...
    (microsoft.public.security)
  • RE: Cannot decrypt files encrypted using Crypto API on a different
    ... previous message which uses the recipien't public key.) ... KEK (key encryption key) to protect the session key. ... embedded into your client app and server code). ... but what is the point to encrypt the data if ANYBODY can decrypt it (since ...
    (microsoft.public.platformsdk.security)