Re: Agenda, security, and monitoring

On Sun, Feb 2, 2014 at 10:54 AM, Scott Brim 
<scott(_dot_)brim(_at_)gmail(_dot_)com> wrote:

> Even if it's easy to use (and I'm grateful for enigmail and other
> tools), PGP still has the problem of trust dilution.
We can change the trust model.

The PGP model does not meet enterprise needs. If I am sending a mail to an
IETF mailing list it is from me. But if my bank manager is sending me an
email it is coming from the bank not me. So there is a requirement for a
hierarchical trust model to support hierarchical organizations.

The S/MIME model requires trusted third parties but does not give them an
opportunity to add a lot of value unless the network of secure mail users
is a lot larger than it is.


PGP and S/MIME both present a false dichotomy between two trust models when
we actually need both. And saying that it is possible to kinda-sorta use
one to support the use of the other really doesn't fly. Its trying to use a
screwdriver as a hammer.

-- 
Website: http://hallambaker.com/