

Matt Blaze on Applied Cryptography, 15 years later - alterego
http://www.crypto.com/blog/afterword/

======
dublinclontarf
You know, I have GPG, a public key that's on a key server, I also have it
attached to all my emails, for about the last two years. And I have yet to
receive a single encrypted email, even from techies.

I want to use it but that means someone else has to be using it also.

On a related note, I was chatting to a friend the other week, and he was using
Off The Record(it's encryption of IM), now I had gone to the trouble to
install it on my machine but he was using Adium and it came default, he didn't
even know he was using it. Good job Adium.

Cryptography has failed.

~~~
tptacek
You mean, except for every time you've ever visited an SSL-protected website?

~~~
dublinclontarf
Have you not been keeping up on the whole SSL web of trust breaking down
recently?

~~~
tptacek
Hold on. Let me go check the Hacker News archives at SearchYC to see what the
last story was that could have convinced you that the SSL "web of trust"
(note: SSL doesn't have a "web of trust") has broken down. Gimme a sec...

... ok, back. So, what you're saying is:

* Mozilla shipping a stale RSA-owned certificate shows that SSL has "broken down", _and/or_

* Kurt Seifreid allegedly managing to get RapidSSL to issue a cert for "a webmail provider" by signing up for the account "ssladmin" shows that SSL has "broken down".

Gotcha. Have you considered asking the banks, retail brokerages, and trading
exchanges to stop relying on SSL, because it's so clearly broken?

I'm sorry for the sarcastic response, but this faux controversy gets tiring.

~~~
DenisM
_this faux controversy gets tiring_

Just be glad you're not in vaccination business. ;-)

------
d4ft
On a human note, I'm taking a class with Blaze this semester. A surprisingly
good and interesting teacher, and a genuinely bright guy. He oozes
cryptography (he wore a shirt with RSA algorithm on it last week) and clearly
cares about spreading the knowledge. His work on the voting machines is also
really interesting and would suggest anyone curious, take a quick google for
more info.

