On 10/4/2012 7:05 PM, MFPA wrote: > Searching is not an insurmountable problem
Problems do not have to be insurmountable to have serious effects on regular users. John Clizbe maintains a 10Mb archive of every message that's ever been posted to the Enigmail mailing list. This comprises tens of thousands of messages. If each message is encrypted individually, then searching through that archive could easily take on the order of a minute or more. That's simply unacceptable. There are, of course, ways to mitigate this. As near as I can tell they're all just as bad. For instance, you could say that each time you receive an encrypted message, you could add it to the existing archive with the same key. Depending on which mode you use, though, this could result in encrypting the 10mb archive for each and every new message that comes in. That's something you really want to avoid. You could try to get around that by using more exotic cipher modes (e.g., consider each message's position in the archive to be an index, and use the index to set a cipher running in Galois-CTR mode or somesuch), but the more complicated the scheme becomes the more fragile it becomes. > How is spam any more of a problem in a scenario where all messages are > encrypted? It becomes completely impossible to do enterprise-level spam filtering. If I send you email in plaintext, your ISP can check that email against its spam detection engine and, if my message gets flagged as spam, it can be automatically redirected to a spam folder. If I send you email in ciphertext, your ISP can't do that. Now, you might say that this is exactly the behavior you want. If so, great. But it's not the behavior that the overwhelming majority of users want -- I can't count the number of people I know who have completely switched to Gmail for their email provider just because of their superb spam filtering. Many of these people are quite computer-literate and they know full well that Google is inspecting the contents of their email to deliver targeted ads -- but that's a tradeoff they're willing to make if it reduces spam. > Some will lose (access to) data through carelessness and/or > misfortune. Two choices: multiple secure backups of the private key > stored in different locations, or don't bother encrypting. Hmm. Which > of the two should we promote? Who says we should promote anything? Nobody ever elected me Grand Poobah of the Internet. I don't think anyone ever elected you, either. Instead of telling people what they should do, what's wrong with giving people options and telling them that it's their responsibility to make informed choices?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users