I said,
>Note that it is trivial(*) to construct a self-decrypting
>archive and mail it in the form of an attachment. The
>recipient will merely have to know the passphrase. If
>transit confidentiality is your aim and old versions
>of documents are irrelevant once the ink is dry on the
>proverbial bond paper, this is quite workable and involves
>no WoT at all, just POTS.
Steve said,
>No! We've discussed this point many times before -- what if the
>attacker sends a Trojan horse executable?
David said,
>If you have a secure channel to exchange a passphrase in,
>you have no need for PK.
Correct to both critics. I can, indeed, dictate the 40 page
contract that is to be signed tomorrow afternoon over my STU3
telephone, if indeed both parties have one. I can rely on
facsimile which is what J. Random Company's legal counsel
would otherwise likely do. I can tell people never to accept
an executable mailed to them from anywhere, which will get
laughed at by all the people in the business world who mail
each other so many attachments that it can be truly said
that e-mail attachments are the poor man's distributed file
system. All true. There is, indeed, nearly no security if
one is really and truly serious.
What I had hoped to convey was that there was a certain amount
of "good" in getting the kinds of documents real businesses
exchange under time pressure all day every day to be encrypted
at a level of effort that approximates what they would be
doing anyway. If the recipient needs no local environment
pre-conditions other than the genes to call me up when he
gets an attachment that says I demand a passphrase, I think
it is in fact fair to say that a cost-effective improvement
has been snatched from the jaws of defeat. Maybe, just maybe,
if I can train them to think that unencrypted = anomalous
we can take a step that matters, like locally installing some
software whose miserable usability is proportional to its
endorsement by the local security guy.
There is nearly nothing I can do to prevent you from stealing
my car if you want it way bad, but I sure as hell can make
stealing my neighbor's car more attractive than stealing mine.
That is risk management.
--dan
