"David Howe" <[EMAIL PROTECTED]> writes: >at Wednesday, October 02, 2002 3:13 AM, Peter Gutmann ><[EMAIL PROTECTED]> was seen to say: >>As opposed to more conventional encryption, where you're protecting >>nothing at any point along the chain, because 99.99% of the user base >>can't/won't use it. >That is a different problem. if you assume that relying on every hop between >you and your correspondent to be protected by TLS
Doing a quick check of all of today's mail, there's only a single hop on the WAN. This is a non-issue. >*and* the owner of that server to be trustworthy (not only in the normal >sense, but resistant to legal pressure, warrants from LEAs and financial >"incentives" from your competitors) If the Uni sysadmins want to read mail sent from Uni machines, they'll get it with or without me using encryption, and it'd be the same for most (all?) corporates. This is a non-issue. >then you are in for a rude awakening at some point. I know exactly what I'm getting from STARTTLS, which is adequate security most of the time, automatically, with no extra effort. If I want real security, I'll send it from a home machine in a lead-lined room while wearing a tinfoil hat, while worrying whether the use of an encrypted message in this manner will attract undue suspicion. Luckily I don't need real security most of the time, just protection from fishing expeditions and general snooping, which STARTTLS gives me. Peter.
