| ||
Fri 2024-04-19
Thu 2024-04-18
Mon 2024-04-15
Butterick’s Practical Typography Sat 2024-04-13
Fri 2024-04-12
Wed 2024-04-10
Boy Meets Boy Meets Boys’ Love Tue 2024-04-09
Mon 2024-04-08
Search
Archives
2023
12 11 10 09 08 07 06 05 04 03 02 01
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
One good site
MDN
Nelson Minar
Blog licensed under a Creative Commons License
|
The fooferall
around AIM's recent change in terms of service reminds me
how the cypherpunks
movement has failed.
Email is still not encrypted.
It's been at least twelve years since the gauntlet was thrown down. Untrusted networks and servers gives individuals the need to protect their privacy. Cryptography gives us the means. And yet despite the efforts of projects like PGP/GPG email is still unencrypted. Ashcroft knows who all is reading your email. The problem is the cryptonerds have always focussed too hard on getting things exactly correct at the expense of usability. A big part of the problem is key exchange. PGP deliberately exposes the details of key exchange. This protects you against man in the middle attacks, but at the cost of no one ever using PGP. Contrast to Trillian or Skype which gloss over key exchange niceties. You may be vulnerable to a man in the middle attack, but on the other hand at least you're using some crypto. I think the thing that will force an email crypto solution is spam. Authenticated senders are strong spam protection. Once you have the infrastructure for authentication the encryption is easy. But that infrastructure is going to be too centralized for my tastes. |
|
