On 27/3/09 00:54, Eddy Nigg wrote:
On 03/27/2009 01:46 AM, Ian G:
The original idea was how to improve Thunderbird's existing abilities
to work with crypto and deliver security.
Could you define security please?
Of course, in many and various ways! For this particular thing, I would
suggest it would be encryption with a reasonable degree of authentication.
That would add encryption to email, which already has a reasonable
degree of authentication, so it would be a substantial benefit.
(Note that I haven't defined security, I've instead defined a security
improvement. There is no absolute definition for security, it is always
context dependent. But we can generally define an improvement in
security, and sometimes we can identify a pareto-secure improvement,
which is an improvement to security without any commensurate drop
elsewhere.)
...as such, Mozilla goes a step fuhrer and tells you correctly "hey, we
can't know if you are connecting to the site you intend to connect to
and we recommend not to connect to the site...it might be somebody
different really".
It doesn't need to say that. Emails are already that way. If it were
to say it, then it would be complicating its own liability position.
S/MIME certificates are at least email control validated, everything
else doesn't make much sense I think. The MITM can happen there too, as
with the web. So what would be the point to encrypt in first place?
Encryption would give more privacy of emails, where otherwise there was
less privacy.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
