On 2004-05-31T22:32:10-0400, Hubert Chan wrote: > >>>>> "Eric" == Eric S Johansson <esj@xxxxxxxxxx> writes: > > [...] > > Eric> Before you get your knickers in a twist over this attitudes, > Eric> remember that all of the "proper procedures" as put forth by > Eric> pgp/smime enthusiasts have done more to setback to widespread use > Eric> of cryptography than any political/legislative manipulations by > Eric> the spook community. What the crypto geeks have forgotten (or > Eric> maybe never knew) is that human factors wins out over technical > Eric> features any day. > > It all depends on what you're trying to achieve with crypto, and what > your attack model is. If you just want to verify that the person who > is emailing you today was the same guy who emailed you last week, you > can be a lot more lax than if you want to make sure that the email you > got really was from the Linus Torvalds who wrote the Linux kernel. Well this sounds like a debate for the cryptography list, and they seem to have it quite often. > And I don't think that human factors is the reason we don't have > widespread crypto. The thing is that most people just don't see a need > for it. (Here. I'll GPG sign this message just for fun.) But s/mime is in use at many corporations, and that may be the most important area for crypto. Then there are fringe groups that use crypto. Human rights organizations use it; terrorists use it; criminals use it. > P.S. I don't know much (anything) about the camram model, but how well > does it protect against zombied machines? Say, Alice's machine gets > zombied by the latest virus-du-jour, and starts sending out emails, > signed with her camram key. It wouldn't at all. The spammer can get messages through to anyone who has Alice's key whitelisted. Hopefully that's not too many people, and it's not nearly as many people as the spammer can spam today. Alice's key would hopefully be blacklisted quickly via some mechanism. Alice would learn to keep her machine secure if she values being able to send email. If signed messages also required some postage (maybe 23 bits of present value), the spammer/virus would peg Alice's cpu and make the situation more noticeable. If the spam problem becomes intolerable even with hashcash, email is dead, because without hashcash there will be even more spam. Spammers will use zombies even if hashcash is not widely adopted. Hashcash will at least slow spammers down. Ideally it'll slow them down so much they give up, but if it doesn't it's still better than nothing. The alternative is to give up right now and come up with a replacement for smtp. Nobody's serious about doing that, and it would require such a vast change in current infrastructure that it's not likely to happen before spammers have succeeded or failed in destroying email communication. It'd be just like IPv6. *snicker* -- "Not your decision to make." "Yes. But it's the right decision, and I made it for my daughter." - Bill, Beatrix; Kill Bill Vol. 2