First, the dissident was just one 'threat model' I mentioned. As I said, the husband/wife case (in case they care) also applies. When I say I want nobody to listen, I mean *nobody*.
Simply isn't possible with the PKI model, there is no way to guarantee all links in the chain are secure when there is so much money and political influence involved... PGP and SSH models are even worst for the general public because they'd simply click through, at least with PKI you know exactly who is a threat...
So, you're saying that CAs and PKIs are inappropriate for private users?
I'd have to agree with that sentiment, ***BUT*** I don't know of anything better for the general run of the mill joe public that would be any better... In most cases I doubt most ppl would be targeted by a government, and even if they were, if a government decided to break into your house and steal your computer for the private keys without you finding out about it, people would still be in ignorant bliss...
Frankly, I don't care much about protecting the little secrets of large companies. I care about protecting *privacy* for *people*.
This is a people problem not a technical problem, and as always money is the root of all evil... If certificates were commoditised and easy/cheap to get hold of this would actually go along way to protecting privacy by the sheer number of emails encrypted, it would make world government surveillance oh so much more fun, then of course the governments in each respective country would possibly try and crack down on it again...
Maybe not yours, but large companies in other countries do have reason to fear the NSA for corporate espionage. There have been reports (and IIRC even admissions) about government secret agencies (of USA and other countries) "helping out" local companies in important international contracts.
The French complained about echelon and it's effect on it's companies and the end result was the French installed their own network with more or less the same capabilities in their own territories around the world, if you can't beat 'em join 'em...
-- Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
