J. Wren Hunt wrote:
Nelson's parent post which started this thread uses the words "insecure
email" I took his use of the word 'insecure' as deliberate and
interpreted it as saying that 'secure' mail would be just fine. We're
dealing with certs, why not just encrypt? A legitimate owner would be in
possession of the keys whereas MITM style attacks would not.
It would be nice if we could use thunderbird
to create the keys, create a self-signed cert,
and start using it. That wouldn't address the
identity problem, but we don't have an identity
problem when we are emailing, only an encryption
problem (and 99.9% of users are happy to take a
risk for 99.9% of email anyway). Most of us send
email to people we already know, unlike with
web browsing to remote ecommerce sites.
But, as anyone can create keys, an email that
is uncertified wouldn't really add anything to
determining if you have the right to a domain,
would it?
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto
