Re: Agenda, security, and monitoring

* John C Klensin wrote:
> Perhaps I'm missing something, but it seems to me that, if one
> is willing to rely sufficiently on the email system to say "this
> will get to the intended person (or at least mailbox), and, if
> it does, the person who opens it will either have the relevant
> key to be able to read it or not and, if they don't that is ok",
> then all that is needed is a self-signed key (or self-signed
> X.509 cert).
You do not need keys or certificates in that scenario.

> Again, with either PGP or S/MIME (and X.509) with a self-signed
> cert or key, authentication is not needed to start using
> encryption, only a (perhaps implicit) belief on the part of the
> sender that, if the recipient can advertise a public key, it
> probably has the private one and that the key-advertiser is not
> the proverbial entity-in-the-middle.
Without entities in the middle, encryption is unnecessary.
-- 
Björn Höhrmann · mailto:bjoern(_at_)hoehrmann(_dot_)de · 
http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/