[linux-elitists] Phil Zimmermann on key exchange
Karsten M. Self
Mon Dec 10 23:43:55 PST 2001
on Mon, Dec 10, 2001 at 06:24:46PM -0800, Don Marti (firstname.lastname@example.org) wrote:
> begin Seth David Schoen quotation of Fri, Dec 07, 2001 at 11:42:26PM -0800:
> > Reviving a thread from last month:
> (More on encrypted email infrastructure from Seth:
> > The Board of Directors of EFF met today in San Francisco, and I made a
> > presentation about this, in the presence of Brad Templeton and others.
> > One of the conclusions was that EFF's role in implementing something
> > like this is still not defined clearly enough, and we don't know what
> > we could most usefully do.
> In order to seriously deploy encrypted email you need to kick the
> email client support problem and the key management problem at the
> same time.
> One possible role for EFF would be as a founding member of an
> encrypted email industry consortium analogous to W3C. Such an
> organization would have to be positioned as a way to fight
> cyberterrorism and protect infrastructure.
> It would be nice to get Ximian, the KDE project and Qualcomm to
> join, and use the words "Secure Email" or "Email Security" in the
> organization's name somewhere. You probably aren't going to get
> any mail client vendor that depends on many Secret Police customers
> to join.
My own experience is that _authentication_ is as much a significant and
important use as encryption. For this niche, there's a value add to any
individual or organization which wants to create the opportunity for
secure, authentic, communications between business units, with
constituents, or with customers.
Examples IRL that I've run across, and possible partners:
- Customer service for financial institutions. My broker (Schwab) has
email support, but responded to my requests that email solicitations
to my account be stopped with a particularly ironic "however, your
email has been sent via an unsecure channel". I pointed out that
the issue wasn't security, but authentication, and that my prior
(and current) message was in fact signed with a well-known and
fairly widely signed PGP key....
Later, Schwab offered a service to provide account summary
information via email. Initiated with a sample of such a service.
This got a livid response from me, along with a pointer to their
The company mEconomy is apparently targeting financial institutions
which can offer secure networking services to customers as a
value-add (whether this flies or not is another question). Seems
there is a market for both authenticated (this _is_ a message from
Schwab) and encrypted (these are your account details) emails.
While many companies are flocking to the web (and various
exclusionary site designs) to facilitate customer interactions,
email has been largely unutilized. This flies in the face of the
fact that _paper_ mail communications have been used for ages.
Facilitating secure, authenticated, email communications should be a
compelling business case.
The problem, of course, is that you can try selling things to
customers when they come to your website, call your help desk, or
walk into the store. Doing same by way of email is a trickier
proposition, and makes the option less immediately attractive for
companies whose business plan reads "sucker bait".
- Congress has, shall we say, discovered issues with toting tons of
paper of diverse origins into its deepest inner chambers in recent
months. It's also shown a less than stellar record of dealing with
email correspondence. Methods of authenticating _known_
constituents' mail (or at least known campaign contributers') might
- Various sorts of information would be well served to have an
authenticating signature attached (naturally this requires the
recipient know enough to validate the signature and interpret
results properly). Corporate press releases, emergency government
bulletins, various official versions of forms and such.
Just a few ideas off the top of my head (or bottom of the barrel).
1. And that "unsecure" isn't a word, it's "insecure". But I digress.
Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? Home of the brave
http://gestalt-system.sourceforge.net/ Land of the free
Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20011210/6e6d3c08/attachment.pgp
More information about the linux-elitists