Re: New Encryption Idea

a.manansala@attbi.com writes:

[...]

> Not a single valid issue was raised. Mostly just comments revealing
> frustration and other curious emotions.

This comment appears to be dubious, with the last couple of sentences
just false.

    However, some people do not realize that their "encrypted" pages
    actually travel unencrypted on various lengths of its
    journey. Most computers do not actually encrypt messages. They
    send them to their ISPs for encryption. They also receive
    information that has been decrypted at the ISP and sent
    unencrypted to their computer.

When I visit a web site over TLS, my computer does the encryption of
things that it sends, and decrypts the data that it receives. My ISP
does none of the encryption. If I use PGP or S/MIME, again my ISP
does none of the encryption or decryption: that's all done on my
computer. (It might be nice to be able to access TLS web sites using
a mobile phone or something by having my ISP doing the cryptography,
but as far as I know they don't offer such a facility.)

The first sentence may well be true. I'd guess some web sites would
actually work by constructing HTTP on some server, then communicating
that (unencrypted) to an external server which feeds it over TLS. (As
Gene Spafford famously put it, "Using encryption on the Internet is
the equivalent of arranging an armored car to deliver credit card
information from someone living in a cardboard box to someone living
on a park bench".)
Received on Thu Sep 29 21:44:30 2005