Lincoln Yeoh <lyeoh@pop.jaring.my> writes:
> My point is if you really need encryption, then your data should be
> encrypted too, otherwise it seems a waste of time or more a "feel
> good" thing.
I would disagree. I think there is a level of security where it's not
a catastrophe if someone sniffs and reconstructs your traffic, but
it's fairly important that such a person not be able to authenticate
as you. Most of my personal email (and, I assert, most people's)
falls into this category. Encrypted challenge/response addresses this
need quite well.
Naturally, if you're working at a level where intercepted traffic *is*
catastrophic, you should be doing end-to-end encryption and all that
good stuff.
-Doug
--
The rain man gave me two cures; he said jump right in,
The first was Texas medicine--the second was just railroad gin,
And like a fool I mixed them, and it strangled up my mind,
Now people just get uglier, and I got no sense of time... --Dylan