Posted Nov 10, 2007 11:57 UTC (Sat) by man_ls
In reply to: Email privacy
Parent article: Email privacy
Underlying all those technical difficulties there is a broader issue: if I want to send you a private email I need your public key, and I need to get it from you. I cannot rely on my ISP to handle public keys (as they handle domain names), since then the trust problems would be the same: ISPs might just be forced to supply their own public keys, then decrypt all messages and encrypt them with the true public key. A simple man-in-the-middle attack which would defeat your scheme.
I don't see how people can exchange public keys easily unless they physically get together. Key signing just makes the issue more complicated.
to post comments)