So, you're suggesting that a viable end-to-end encryption system for email should require the use of voice authorization?
I'm well aware of PKI and asymmetric key crypto. As for reading up on it:
Another potential security vulnerability in using asymmetric keys is the possibility of a "man-in-the-middle" attack, in which the communication of public keys is intercepted by a third party (the "man in the middle") and then modified to provide different public keys instead. Encrypted messages and responses must also be intercepted, decrypted, and re-encrypted by the attacker using the correct public keys for different communication segments, in all instances, so as to avoid suspicion. This attack may seem to be difficult to implement in practice, but it is not impossible when using insecure media (e.g. public networks, such as the Internet or wireless forms of communications) – for example, a malicious staff member at Alice or Bob's Internet Service Provider (ISP) might find it quite easy to carry out. In the earlier postal analogy, Alice would have to have a way to make sure that the lock on the returned packet really belongs to Bob before she removes her lock and sends the packet back. Otherwise, the lock could have been put on the packet by a corrupt postal worker pretending to be Bob, so as to fool Alice.
One approach to prevent such attacks involves the use of a certificate authority, a trusted third party responsible for verifying the identity of a user of the system. This authority issues a tamper-resistant, non-spoofable digital certificate for the participants. Such certificates are signed data blocks stating that this public key belongs to that person, company, or other entity. This approach also has its weaknesses – for example, the certificate authority issuing the certificate must be trusted to have properly checked the identity of the key-holder, must ensure the correctness of the public key when it issues a certificate, and must have made arrangements with all participants to check all their certificates before protected communications can begin. Web browsers, for instance, are supplied with a long list of "self-signed identity certificates" from PKI providers – these are used to check the bona fides of the certificate authority and then, in a second step, the certificates of potential communicators. An attacker who could subvert any single one of those certificate authorities into issuing a certificate for a bogus public key could then mount a "man-in-the-middle" attack as easily as if the certificate scheme were not used at all. Despite its theoretical and potential problems, this approach is widely used. Examples include SSL and its successor, TLS, which are commonly used to provide security for web browsers, for example, so that they might be used to securely send credit card details to an online store.
Wait, what's that? You're still susceptible to MITM when using CA's?
1. The sender creates a message.
2. The sending software generates a hash code of the message.
3. The sending software generates a signature from the hash code
using the sender's private key.
4. The binary signature is attached to the message.
5. The receiving software keeps a copy of the message signature.
6. The receiving software generates a new hash code for the
received message and verifies it using the message's signature.
If the verification is successful, the message is accepted as
authentic.
This still seems susceptible to an MITM attack.
Also, we need keys for 'sh', 'ch', 'gh', 'ing', 'ion', 'tion', 'etc', etc. This could become unwieldly, so we should probably just adopt a system of characters that covers all of the possible phonetic variations. To save time, we could have multiple characters for the same sound, which would imply certain meanings based on context.
We'd probably end up with thousands of different characters; hopefully the people who make most of our components would be able to adapt.
Shouldn't be long; the story is
Imagine a Beowulf cluster of those running Linux, all naked and petrified, just like Natalie Portman.
He is merely wrong by law, not by morality.
I was merely pointing out that his morality is not above question, and the conclusion that 'therefore he is a hero' is likewise flawed.
Now then, back to the NSA. And quit trying to derail this conversation. The NSA is in violation of the US Constitution.
Actually, you're the one trying to derail the conversation. If you'd taken a second to read this thread, you'll notice that the initial comment I replied to stated:
He is merely wrong by law, not by morality
The sub-discussion I was involved in is clearly about whether or not Snowden had a moral right to do what he did. My view is that while he was working for the NSA/Booz Allen, he was furthering their goals, and once he knew it was wrong, should have divorced himself from their employ. If his goal in continuing to work for them was only to gather evidence, the pay he collected should be considered dirty money and donated. The fact is he knew of their behavior, continued to work for them, took their money and kept it for himself, and then went public.
Or, more succinctly - he had no problem taking their money and continuing to work for them after he knew what they were doing was immoral.
Also who gives a shit about "moral high ground"?
The guy who posted this comment, for one. If you'd bothered to read the comments to which I'd responded, you might have noticed that you were the one hijacking the conversation, not me.
I don't think "A transcendent being of pure energy requiring neither food nor shelter" was among the poll options.
So he should've gotten another job. But continuing to do the work for which he was paid, for an agency he knew to be corrupt makes him complicit. He was perfectly happy to take dirty money, and he's got no moral high ground on which to stand.
Fast, cheap, good: pick two.