Re: Fortune 50 secure e-mail
From: Matthew Kwan (mkwan@cs.mu.OZ.AU)
Date: 11/23/02
- Next message: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Previous message: phn@icke-reklam.ipsec.nu: "Re: Fortune 50 secure e-mail"
- In reply to: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Next in thread: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Reply: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Reply: phn@icke-reklam.ipsec.nu: "Re: Fortune 50 secure e-mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: mkwan@cs.mu.OZ.AU (Matthew Kwan) Date: 24 Nov 2002 09:47:39 +1100
=?ISO-8859-1?Q?Henrick_Hellstr=F6m?= <henrick.hellstrm@telia.com> writes:
>Matthew Kwan wrote:
>> Your private keys (both PGP and X.509) are stored on the server in
>> encrypted form. They can only be decrypted by your password, which is
>> passed in as part of your POP/IMAP login.
>Generally not such a good idea. I wouldn't trust a CA without a CSP
>explicitly saying that they *didn't* store any private keys except their
>own.
Rubbish. The keys are stored in *encrypted* form. Until your password is
entered, they are so much random data. It's exactly the same thing PGP
does - using a passphrase to decrypt the key when needed.
>The private key should only be stored on the local computer. The only
>information you must keep on a central server in a X.509 system is the
>CSP and the CRLs.
Nonsense. This forces people to always send/receive e-mail from the
same local machine (or local network at least), making it very
difficult to access e-mail while on the road.
>> The idea is to automate all the painful tasks that make PGP and S/MIME
>> such a nuisance to use.
>AFAIK the only practical problem with using S/MIME is that both you and
>the recipient have to have certificates for e-mail protection. All of
>the major e-mail clients (such as MSOE, MS Outlook, Netscape, Mozilla
>etc) already have full S/MIME support built in.
Remember we are talking about tens of thousands of non-technical users.
If they have to spend an hour configuring their mail client, then click
an extra four buttons every time they need to send an e-mail, then they
won't. Face it - how many of you have bothered to register a PGP or
S/MIME certificate, and how many people do you communicate with using
encryption? And you're probably more familiar with security technology
than most.
A less theoretically-secure system that's easy to use is in reality
much more secure than an inconvenient system, because no-one will bother
using the latter.
mkwan
- Next message: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Previous message: phn@icke-reklam.ipsec.nu: "Re: Fortune 50 secure e-mail"
- In reply to: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Next in thread: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Reply: Henrick Hellström: "Re: Fortune 50 secure e-mail"
- Reply: phn@icke-reklam.ipsec.nu: "Re: Fortune 50 secure e-mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
