khafra comments on Procedural knowledge gap: public key encryption - Less Wrong

3 Post author: Solvent 12 January 2012 07:35AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (18)

Comments (18)

You are viewing a single comment's thread. Show more comments above.

Comment author: malthrin 12 January 2012 06:51:20PM 1 point [-]

The main reason is that it requires your recipient to take an extra step. If you send an encrypted email to someone else, and they haven't configured their mail client for encryption, then they won't be able to read it. For most people, that negative outweighs the privacy gain.

Comment author: khafra 12 January 2012 09:39:23PM 1 point [-]

Also, encryption is easy; key management is hard. If your workplace sets up a Public Key Infrastructure on your Exchange server, all you have to do is click "encrypt." But outside of an organization that uses it, you'll need some out-of-band way of exchanging keys with everyone you want to communicate with. And, as fun as key-signing parties are, they can be a little awkward for, say, someone you just met on reddit.

Comment author: malthrin 12 January 2012 10:15:49PM 1 point [-]

Right. Encryption is a lever; it permits you to use the secrecy of a small piece of data (the key) to secure a larger piece of data (the message). The security isn't in the encryption math. It's in the key storage and exchange mechanism.

*I stole this analogy from something I read recently, probably on HN.

Powered by Reddit Powered by Reddit