[LINK] Telstra Clouds its Profit Results

Karl Auer kauer at biplane.com.au
Sat Feb 11 22:24:47 AEDT 2012


On Sat, 2012-02-11 at 21:13 +1100, Kim Holburn wrote:
> Email encryption works OK to send encrypted emails to *one* other
> person who is technically capable of decrypting it and who has a
> public key you know and trust.

I routinely send emails to groups of people. I have all their separate
public keys of course. It is no more difficult than having all their
separate email addresses.[1] My mailer automatically chooses and uses
the appropriate public keys for encrypting to one or more individual
recipients.

Apart from importing the keys initially, once per recipient or when a
recipient recuts a key, I really don't have to do anything except click
the "encrypt this" checkbox on an outgoing email.

>   To use email encryption you have to understand the technology and
> have all the recipients of your emails understand it too.

The same is true of email itself. And a host of other tools. Whether the
benefit of learning about the tool is worth the effort is (like anything
else) up to the individual. If your research information is not worth
protecting, then don't take the trouble to protect it. That said, there
is not actually a lot that needs to be understood just to *use*the
technology - one or two simple rules are all that's needed.

I'm certainly not advocating pointless effort. 90% of my emails are not
encrypted, because I do not consider them worth encrypting. But many I
do.

>   This would mostly limit the people you could email to a fraction of
> the people you now email.  You have to trust them and you all have
> private keys and keep them safe.  

You mean, such as a team of researchers? If you treat your keys with the
same respect and level of security that you treat the confidential
information they protect, you are doing all you need to do.

> Sending an encrypted email to more than one person gets linearly (or
> more than linearly) more difficult.  i.e. you can't use cc or bcc in
> encrypted emails.   Encrypted email is not a simple plugin replacement
> for email.

You most certainly *can* use CC and BCC. I do so routinely. I cannot
send the same email encrypted to some and unencrypted to others in a
single step - but this is a failing of my mailer, not a technical
impossibility. If I wanted to do that with my mailer, I would have to
send the mail twice; once encrypted to one set of recipients and once
unencrypted to the rest. However, I have never wanted to do that, and
can't see why I ever would.

BTW, adding encryption really IS a plugin enhancement for most modern
mail clients. For S/MIME, it's generally built in already and requires
no additional work beyond collecting certificates.

Regards, K.
 
[1] Obtaining public keys is easy. Checking that the public key you have
obtained really is the public key of the person you think it belongs to
is another matter. This is where the difference between certificates
(hierarchy of trust) and keys (web of trust) comes in. Certificates are
more convenient, but rely on "outsourced trust". Using keys keeps the
trust issue in your own hands, but is less convenient.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer

GPG fingerprint: AE1D 4868 6420 AD9A A698 5251 1699 7B78 4EEE 6017
Old fingerprint: DA41 51B1 1481 16E1 F7E2 B2E9 3007 14ED 5736 F687
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 230 bytes
Desc: This is a digitally signed message part
URL: <https://mailman.anu.edu.au/pipermail/link/attachments/20120211/e52abe64/attachment.sig>


More information about the Link mailing list