[LINK] astroturfing

kim holburn kim at holburn.net
Tue Jan 10 15:24:34 AEDT 2012 

Encryption for the masses: Not going to happen.

Current asymmetric encryption while technically secure just isn't
ready for users.  Even for professionals it's hard to keep your secret
key secret.  For normal users?  Not possible.  Not user ready
technology.  Not bogan proof.

As for central PKI?  Government issued SMIME: would you trust a
government to keep your secret key safe?  I wouldn't.

If this were a solution to anything it would be already happening.
It's not cause it's not.  You don't need heavy duty encryption for
every email.  It's a waste of resources.

Kim

On Tue, Jan 10, 2012 at 2:29 PM, Fernando Cassia <fcassia at gmail.com> wrote:
> On Mon, Jan 9, 2012 at 21:09, jim birch <planetjim at gmail.com> wrote:
>>
>> Personally (without having considered this to much) I think I'd be happy to
>> only ever receive communications from validated identities with a good
>> reputation, or have communications flagged with the sender reputation,
>> good, bad or unknown.  I think it would be possible to design a federated
>> system that supports this kind of approach.  This wouldn't fully prevent
>> scams but would make life more difficult for serial offenders.
>
> S/MIME.
>
> To purchase a S/MIME certificate for signing e-mails, Thawte used to
> offer a free version of the certificate (it only certifies that
> e-mails come from a certain account) or you could go the extra length
> and pay for a S/MIME certificate that had you identity (full name and
> nationality) attached to it. Before issuing such certificate, the
> certificate issuer requested that your identity be validated by a
> local attorney, bank, or other such institution with legal power to
> validate your identity. Thawte called this the "web of trust". (ie
> Thawte relied on local attorneys, banks etc to validate who you really
> are, physically).
>
> S/MIME has been around since the Netscape Communicator 4.x days, and
> I´ve used S/MIME certificates in the past (but only the free version,
> that validates e-mail addresses not identity).
>
> Nowadays, most -if not all- serious e-mail clients support S/MIME,
> Mozilla Thunderbird,  Mozilla SeaMonkey, and Outlook I´m sure. There´s
> even free open source plug-ins to do S/MIME over Blackberry.
>
> http://supportforums.blackberry.com/t5/Java-Development/BIS-compatible-open-source-S-MIME-email-encryption-for/td-p/492351
>
> http://www.marknoble.com/tutorial/smime/smime.aspx
>
> Unfortunately Thawte seems to have discontinued its free s/mime
> certificates giveaway, but other S/Mime certificate issuers like
> Verisign remain...
>
> http://www.verisign.com/digital-id/index.html
>
> http://www.globalsign.com/authentication-secure-email/digital-id/index.html
>
> Ultimately, I think each government will sooner or later take the role
> of issuing digital certificates to each of its citizens... I mean, if
> you´ve got your own national ID card or driver´s license, why not
> request a S/MIME certificate to go along with it?.
>
> Although I´m sure the US of A will surely prefer the free market
> version, because we all know Merryl Lynch, BofA, Goldman Sachs and
> HSBC are much more trustworthy than any government institution.
> *cough*
>
> Just my $0.02
> FC
>
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link



-- 
Kim Holburn
IT Network & Security Consultant
Ph: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request

More information about the Link mailing list