[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Email encryption, was Re: www.dcglug.org.uk

To: DCLUG ML <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
From: Brad Rogers <brad@xxxxxxxxxxxx>
Date: Sun, 28 Apr 2013 20:58:44 +0100
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAIVBMVEW+gzLjxBf36gnOoyP+/AL1OcDRRYu7YVP//wD//wMhFQDufRlFAAACaUlEQVQ4jZ2Rv2/aUBDHj5hKyJOxa4KYahxSiwljQMhTIDSystn0nBmCk+xVqnYELPTCWHVIN//IEL2/smdDaEjSJWdZ1vt+7n3vzgfsrbj7cw/0saSWcCCAANVQkBRFKcskZkC0RSGOIps/hlykg8ifgCjKUZo2IwJctLlYczaATglPuchLW9A0duBeFJI1gYhnVk8AOE9rAufRBtREvrUyFaWta2CWq2HBkiRdaW+Lvxn/BycAViSUWEtYFiRZYJahlwum0gE9Fc00LjG7aTdrTrxMkqQQHxSLMErPIY0MZouwFp14XYwe61GHd4ClaytKCdQIDOMmgRF/sBO4S8+tKMmtzmsnMRTiB5msC7Cw9LJl9bPiptSCA6hCOwUovmOO94M5QKsvgbE5Df+BJedmSeIboPvO8xtmX89vhBXE6hs1Fl1E7L8GWkB6efYShId4FUz8ivcCkL3rnLbxk7sPMvsfw/Bn4Cp7gOzd075qdLpYeQaGPapqNG7UvqxODncgVKgbH+XG1y832vAqeALaLaWjrLpn3sobDBA34BfNao66n7XAX7r0II4zEOrk4jLWKE+PceDPCfgGsFD7jtjDi8V01UYZ6ziSl/iRQWbuqseII3c+u6xjJ6iyxpT2gdfY87UG/U957nV7eIl+b+IQGI8sGWcq/U925qpZazgmnYHXGH+79XTE2SlikOv5sgj4WmBOP6C3ytN908kngIsBqoHkBzieZ/rl0XZiwGrXquSpC3rb92wHPHXczU3qwS49B8VNK+QiP18BeIutPjH2dgZ+3uKVuZeeW+G1KR+xVwH136/FLP4C6NvFeWen/msAAAAASUVORK5CYII=

On Sun, 28 Apr 2013 20:35:07 +0100
Martijn Grooten <sweetwatergeek@xxxxxxxxx> wrote:

Hello Martijn,

>I have to say I am a little sceptical about the scalability of the web
>of trust to every man and his dog. There have been several issues with

I agree.  I don't think PGP was ever designed with that in mind.

>the "web of trust" of certificate authorities to the point where many

The cert authorities don't do web of trust, unless I've missed
something.  They simply sell a 'certificate' to anyone with the money to
pay for it.  You or I could buy one.

>Of course, to communicate securely with your bank, you don't need a
>web of trust - you just need some kind of introduction. Like you going
>to the bank with your passport and a proof of address when you open

The reasons for requiring ID to open a bank account were stated to be to
stop money laundering.  It didn't work.  Money laundering still occurs.
Of course, it's a good idea for the bank to make enquiries about the
identity of the person attempting to open an account in any case.

>the account. In principle email software could also be written to
>seamlessly encrypt/decrypt communication between you and the bank. In

Not just banks, of course.  It starts getting more complex when you Cc
and/or Bcc people at he same time.

>practise, it's probably a lot more secure for the bank to use their
>website - with the usual two-factor authentication most banks provide
>these days - and send an email without a link when there's a reason to
>check the website.

Whilst that's probably true, thee are a few things that imply create the
illusion of security;  The card readers that some banks require you to
use if you wish to transfer money out of your account won't stop anyone
using your card details to make purchases at, say, Amazon.  Another fake
security measure is the 3 digit code on the back of all credit & debit
cards;  Once you give that number to somebody, what guarantee is there
that they haven't copied it, along with all your other card details?
None.

-- 
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
Buy some love at the five and dime
You Have Placed A Chill In My Heart - Eurythmics

Attachment: signature.asc
Description: PGP signature

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

Follow-up: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
- From: Martijn Grooten
Follow-up: [LUG] Certificate authorities was Re: Email encryption, was Re: www.dcglug.org.uk
- From: Simon Waters

References:
- [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Simon Avery
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Brad Rogers
- Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
  - From: Martijn Grooten

Prev by Date: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
Next by Date: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
Previous by thread: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
Next by thread: Re: [LUG] Email encryption, was Re: www.dcglug.org.uk
Index(es):
- Date
- Thread