Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Encryption Security Your Rights Online

Yahoo! Offers Encrypted Mail 9

Posted by michael from the sub-rosa dept.
Luke B writes "According to news.com Yahoo! will be offering users encrypted e-mail. This comes through the support of Zixit (www.zixit.com). Head to C|Net for the full scoop." Interesting.
This discussion has been archived. No new comments can be posted.

Yahoo! Offers Encrypted Mail More

Yahoo! Offers Encrypted Mail

Comments Filter:

  • Questions to ask. (Score:3)

    by www.sorehands.com ( 142825 ) on Friday August 25, 2000 @10:15AM (#827611) Homepage
    1. Is the data secure on the server?

    2. Who has the keys?

    3. Is it compatible with anything else?

    4. How effective is the encryption?

    The issue of in-transit security is a small one. What if someone hacks into their server to get the mail. To keep your boss (ISP) from reading the email is already there -- SSL. If you are concerned about packet sniffing, large quantities and packet splitting will help hide it (a little bit). What about keystroke monitoring?

    If the keys are not secure, the data is not secure. Now, what if the keys are suppeoned from the provided?

    What about compatibility with pop3 clients and operating systems?

  • Yes, this service will most likely suck, but it could still be a very good thing for encrypted email. Specifically, if this service uses PGP and PGP Key Servers for the mail security (and SSL for the DL security) then it will give people a way to get started using encrypted email without really needing the overhead of setting up PGP. This could make it very easy for the rest of us to send and receve encrypted email. I know nothing passing through this service would really be secure (since Yahoo would have you public key), but it would get people started.. who might then switch to a real secure alternative.

  • Danger of Using Mail Providers (Score:4)

    by pbryan ( 83482 ) <email@pbryan.net> on Friday August 25, 2000 @11:53AM (#827613) Homepage
    I'm not sure what kind of cryptographic technology is being employed natively, but they appear to support S/MIME, PGP and their own (proprietary?) cryptographic protocols.

    The danger of using mail service providers like Yahoo! is that you must trust that your mail is being stored securely, and that their staff is honest and trustworthy. I'm afraid that's just too much for me.

    Now, third-party service providers are going to be trusted with secure communication? I'm going to entrust my S/MIME or PGP private key to some company - a company that can be easily armtwisted by government or corporate interests?

    It seems to me putting all of the eggs (in this case, messages and private keys) in one basket is far from prudent. Depending on how popular this service becomes, it has the potential to be the target of numerous cracker attacks.

    Also, there's not much point in using encryption any stronger than what your browser is using to communicate with the service provider. Because, after all, the chain is only as strong as its weakest link. So, if you're using 40-bit RSA, why have stronger encryption used in encrypting the message for delivery?

    While this service may be useful to help those who want to keep local packet sniffers at bay, I wouldn't seriously trust my private keys to anyone but myself, using software that has undergone countless peer reviews and gives me the option to compile it - not depend on someone's binary distribution.

    I'm not paranoid, everyone is just out to get me! :)

    The one thing they might have going for them is ease of use. Today, the most significant obstacle to the wide use of cryptographic technology seems to be its difficulty of use. If they solved this problem, they might incur some mindshare...

  • Re:Questions to ask. (Score:1)

    by Anonymous Coward
    This service is SSL based. Who cares what happens at the server? If the server is hacked, the message happily plops into plaintext--no matter what--upon arrival.

    If it uses PGP (or any other crypto mechanism), on the server, then it has your private keys saved there. Which is not necessarily a terrible thing, but it means that they have to be much, much more careful--audits, secure ops centers, hardened systems, etc.

    Which I don't see likely. Check out Money Central [msn.com] for more info on the company's erm, rapid-iteration business model. They did the Dallas tolltag system a few years back, then flopped at an SDMI venture last year.
  • .. Is asking for trouble...

    I don't know about you guys, but recently I feel that ANY "commercial" encryption solutions are nothing more than a big joke? if there's a backdoor, it beats the purpose of encryption itself. Worse, it even helps to filter the "garbage" from the useful stuff for anyone who has the power to defeat the encryption scheme with a backdoor (gov? yahoo staff? you name it), because the encrypted data is probably more important than the non-encripted data anyways.

    Hell, might has well write all the message backwards, these people are so good for high-end crapping that they would probably miss the obvious :)

  • Useless they changed it after I read it. they will give you're mail to anyone that ask.
  • I think something is being overlooked here. The purpose of free e-mail accounts is mainly for those who can't get their normal account providers to let them check their e-mail from a) 3rd party software or b) over the web. They are also generally used by those who simply don't have an account otherwise. These types of people would seem to me to be those who don't own a computer but want an e-mail address seeing as how virtually every ISP offers e-mail addresses whether it's a free ISP or not.

    The point I'm getting at is that most of us aren't using our free mail accounts to send anything that is very personal or important. We have other means of getting that information to the appropriate parties that is more secure. I use my Yahoo account for newsletters and as a spam address when I'm not sure what a site might send me. I don't receive anything important from it and I don't use it for anything important. Encrypting my Yahoo mail isn't going to make me feel any better.

    Honestly, what is a person going to gain from going through my Yahoo mails? They're wasting their time. If more people used a common sense approach when dealing with free services such as this one, it wouldn't be an issue.
  • now nobody can read my spam.
  • I use, on occasion, a service at www.ziplip.com which is relatively fat, secure enough for my purposes and allows me to set a password each and every time I send a mail message, which allows me to vary my passwords for the user and subject. It may not seem like a large thing, but I like the way it works, and as I said before, the encryption is sufficient for my purposes.

    -jimmie

Slashdot Top Deals

Truly simple systems... require infinite testing. -- Norman Augustine

Close