Ian G wrote:
Michael Ströder wrote:
Anders, that's not the real problem with S/MIME or PGP.
Encrypting/signing is simply not a business requirement.
...
=> Encrypting/signing must be made a business requirement in
contracts. That's the whole point. And there's no technical solution
for it.
That's as close to a perfect dilemma as I've come across!
Yupp.
It's not a business requirement, so we must make it a business
requirement ... What then creates the upstream requirement? If it
doesn't come from business, where does it come from?
You have to teach people to make these requirements part of the
company's security policy which in turn has to be made integral part of
business contracts with external partners.
Technicians cannot solve this by inventing yet another technology.
But it seems that some security people are very busy with PKI bashing
and convincing others that a new technology will solve all the
non-technical problems. That will obviously fail miserably.
Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto