|
|
|
|
|
|
by matthewdgreen
4328 days ago
|
|
|
Hi Thomas. I used to think this way too. I think this is certainly a fine way to think about things if your goal is to keep encrypted email deployment limited to the 3-4% of email users who are either technical experts with nothing to say and/or people who are sending obviously sensitive documents. It doesn't scale much beyond that. Moreover, I would argue that a 'translucent' key management infrastructure /can/ be better in all ways than PGP. For example, imagine that Google provided a transparent key distribution service for all its users, but also allowed you to verify key fingerprints manually before sending messages. Congratulations -- for users who care, you've got something that works every bit as well as PGP. Everyone else isn't sending plaintext! Sure an attacker can compromise them, but it requires an expensive MITM attack. They have to be targets a priori, not after the fact. I'm struggling to see how anyone is worse off here, except through the nebulous reasoning that 'making things easy' makes people careless. Making things hard definitely makes people careless -- I've seen this firsthand. But more to the point, even paranoid users have a lot of options that are better than PGP. Using ZRTP to establish secure channels is a very safe way to do things, assuming your attacker can't really forge voiceprints (and this seems hard, even for the NSA). From that point you can push strong public keys out to a dedicated text/email app. That we don't do this is not so much because it's a bad idea -- it's because so far people haven't tried it. |
|
|