[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Transparent Email



   From: Alex Strasheim <[email protected]>

re: signature checking at the toad.com server

   It seems to me that such a rule would stifle discussion and encourage 
   people to store their keys on insecure accounts.

Good!  That means they'll have generated a key.

One of the problems with cryptography generally is a prevailing
attitude that crypto isn't worth using unless it provides security as
complete as it can offer.  I reject this attitude.  Partial security
is better than no security.  Protection against some threats is better
than no protection.  Storing a key on a public machine is OK, just
fine, hunky-dory, just so long as it doesn't induce false beliefs
about a lack of protection from sysadmins and other roots.

   The real solution is to try to build tools which will make it so easy to 
   use crypto that there's simply no reason not to do it.

Sure.  No argument.

I will disagree, however, with a conclusion that insists that these
tools have to be the first to be built.  Partial progress is desirable.
Or to put it the words of the old homily:

Don't let the best become the enemy of the good.

Eric