J. Wren Hunt wrote:
Nelson's parent post which started this thread uses the words "insecure email" I took his use of the word 'insecure' as deliberate and interpreted it as saying that 'secure' mail would be just fine. We're dealing with certs, why not just encrypt? A legitimate owner would be in possession of the keys whereas MITM style attacks would not.
It would be nice if we could use thunderbird to create the keys, create a self-signed cert, and start using it. That wouldn't address the identity problem, but we don't have an identity problem when we are emailing, only an encryption problem (and 99.9% of users are happy to take a risk for 99.9% of email anyway). Most of us send email to people we already know, unlike with web browsing to remote ecommerce sites.
But, as anyone can create keys, an email that is uncertified wouldn't really add anything to determining if you have the right to a domain, would it?
iang
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
_______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto