[cryptography] can the German government read PGP and ssh traffic?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Jun 10 12:25:22 EDT 2012


Thierry Moreau <thierry.moreau at connotech.com> writes:

>Would you extend the association to PGP usage? 

Magical thinking works independently of technology, so I'm sure there's a lot
of it in the PGP world as well :-).

>Would you extend the association to Lotus Notes as another PKC user community
>(http://en.wikipedia.org/wiki/Lotus_Notes#Security)?

Notes is another matter entirely, it's never been subject to any independent 
analysis or scrutiny, so there could be holes in there big enough to drive a 
truck through (and from what I've both seen of other PKI implementations, and 
of Notes in general, I'm pretty sure they'll be there).  I'm not sure that an 
application that can barely be trusted to get a piece of mail from A to B 
correctly should be trusted to get its PKI right.  But then that's another 
debate entirely.

In both cases though you need to look at it from the point of view of "is the 
mechanism being employed appropriate for what's being secured" rather than "we 
use PKCs, all security problems are solved".

Peter.



More information about the cryptography mailing list