Luke B writes "According to news.com Yahoo! will be offering users encrypted e-mail. This comes through the support of Zixit (www.zixit.com). Head to C|Net for the full scoop." Interesting.
Danger of Using Mail Providers
by
pbryan
·
· Score: 4
I'm not sure what kind of cryptographic technology is being employed natively, but they appear to support S/MIME, PGP and their own (proprietary?) cryptographic protocols.
The danger of using mail service providers like Yahoo! is that you must trust that your mail is being stored securely, and that their staff is honest and trustworthy. I'm afraid that's just too much for me.
Now, third-party service providers are going to be trusted with secure communication? I'm going to entrust my S/MIME or PGP private key to some company - a company that can be easily armtwisted by government or corporate interests?
It seems to me putting all of the eggs (in this case, messages and private keys) in one basket is far from prudent. Depending on how popular this service becomes, it has the potential to be the target of numerous cracker attacks.
Also, there's not much point in using encryption any stronger than what your browser is using to communicate with the service provider. Because, after all, the chain is only as strong as its weakest link. So, if you're using 40-bit RSA, why have stronger encryption used in encrypting the message for delivery?
While this service may be useful to help those who want to keep local packet sniffers at bay, I wouldn't seriously trust my private keys to anyone but myself, using software that has undergone countless peer reviews and gives me the option to compile it - not depend on someone's binary distribution.
I'm not paranoid, everyone is just out to get me!:)
The one thing they might have going for them is ease of use. Today, the most significant obstacle to the wide use of cryptographic technology seems to be its difficulty of use. If they solved this problem, they might incur some mindshare...
--
My car gets 40 rods to the hogshead, and that's the way I likes it!
Slashdot Mirror
I'm not sure what kind of cryptographic technology is being employed natively, but they appear to support S/MIME, PGP and their own (proprietary?) cryptographic protocols.
:)
The danger of using mail service providers like Yahoo! is that you must trust that your mail is being stored securely, and that their staff is honest and trustworthy. I'm afraid that's just too much for me.
Now, third-party service providers are going to be trusted with secure communication? I'm going to entrust my S/MIME or PGP private key to some company - a company that can be easily armtwisted by government or corporate interests?
It seems to me putting all of the eggs (in this case, messages and private keys) in one basket is far from prudent. Depending on how popular this service becomes, it has the potential to be the target of numerous cracker attacks.
Also, there's not much point in using encryption any stronger than what your browser is using to communicate with the service provider. Because, after all, the chain is only as strong as its weakest link. So, if you're using 40-bit RSA, why have stronger encryption used in encrypting the message for delivery?
While this service may be useful to help those who want to keep local packet sniffers at bay, I wouldn't seriously trust my private keys to anyone but myself, using software that has undergone countless peer reviews and gives me the option to compile it - not depend on someone's binary distribution.
I'm not paranoid, everyone is just out to get me!
The one thing they might have going for them is ease of use. Today, the most significant obstacle to the wide use of cryptographic technology seems to be its difficulty of use. If they solved this problem, they might incur some mindshare...
My car gets 40 rods to the hogshead, and that's the way I likes it!