ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: What real users think [was: Re: pgp signing in van]

2013-09-09 15:39:59
from [Steve Crocker] [Permanent Link] 
Yes, I am speaking of what would be possible today with a fresh start.  The 
fresh start would also include signatures and encryption as a required part of 
the design.  (If everyone has to have a key, the key management problems would 
be greatly reduced.)

Steve

On Sep 9, 2013, at 4:36 PM, Dave Crocker <dhc(_at_)dcrocker(_dot_)net> wrote:


On 9/9/2013 1:27 PM, Steve Crocker wrote:

Actually, I interpret the chemistry professor's comment in a
different light.  It would be possible to design a system where:

o the standard end user software doesn't facilitate editing the other
person's text, and

o each piece of text is signed.

The result would be a system where a recipient would know whether the
person who is alleged to have written a piece of the message actually
did so, and the normal mode of use would be to leave things
untouched.  Or, if you edit someone else's text, it immediately
becomes your text.



The professor's comment was on function, not method. My comment was on
the limitations to methods available at the time.

In a controlled environment, with good resources, quite a bit is
possible. Indeed, server-based "department-level" email products in the
1980s did enforce such restrictions. The single-administration servers
had complete control over the message.

Distribution with independent administrative authorities makes this a
very different game. Enforcement by fiat is impossible.

That's where signing comes in, of course. Modify the content and the
signature fails. Besides the computational overhead -- which was
relatively onerous back when the infrastructure was being established --
this requires that the receiver know and demand that the signature be
present; this requirement has its own adoption barriers.

Starting with a blank sheet and today's technologies, the requirement is
possibly feasible to satisfy -- if we ignore the continuing human
factors barriers to large scale email authentication. However given the
resources at the time the operational service was developed, I think it
wasn't.


d/
-- 
Dave Crocker
Brandenburg InternetWorking
bbiw.net
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: What real users think [was: Re: pgp signing in van], Hector Santos
Next by Date:  Re: What real users think [was: Re: pgp signing in van], Brian E Carpenter
Previous by Thread:  Re: What real users think [was: Re: pgp signing in van], Dave Crocker
Next by Thread:  Re: What real users think [was: Re: pgp signing in van], Brian E Carpenter
Indexes:  [Date] [Thread] [Top] [All Lists]