[OT] CLI for noobies: The keys to GnuPG
Clinton MacDonald
yellowdog-general@lists.terrasoftsolutions.com
Thu Jul 1 07:59:01 2004
Albrecht:
(I feel a rant coming on -- feel free to move on to the next message if
you feel this is off topic.)
Albrecht DreĆ wrote:
> Am 30.06.04 13:50 schrieb(en) Clinton MacDonald:
>> While only a few of us have any real need for strong encryption,
>> [...]
>
> This is correct if you think only of mega-confidential stuff in
> companies. But the privacy of private communication -phone calls,
> letters, and, yes!, e-mails- is protected by law in most countries.
You are right, of course! I was oversimplifying in my earlier e-mail. We
can all use strong encryption in our daily lives, and most of us do --
every time we log into a secure Web site to make a transaction, we are
using strong -- and seamless -- encryption. Most users of the Internet
are probably unaware of the complex electronic negotiations that go on
during those transactions.
And if Web browsers can do strong encryption without making the user
know about keychains and 256-bit encryption algorithms, why can't
e-mail? There are plenty of reasons a law-abiding citizen would want to
encrypt e-mail -- sending financial information to companies, for
instance. Businesses should probably *require* encryption on sensitive
e-mails... but they don't, because it is too hard. Finally, digital
signing of documents can be useful to us all for creating electronic
"paper trails."
I remember setting up GPG for Apple's Mail.app on my Mac OS X box, once.
I wanted the ability to authenticate my e-mails with a digital
signature. The process took about 1-1/2 to 2 hours, and I had to visit
three or four sites to gather all the instructions and pieces. Even
then, the installation required several trips to the command line and
registration with a third party for every single individual in my
address book. Having set up encryptions, I played with it for a day or
two then abandoned it. Every time I sent an e-mail, the encryption
plug-in threw up a dialog box asking whether I really wanted to send the
e-mail, whether I really wanted to sign it, and whether I remembered my
rather long passphrase. I turned it off.
Four things need to happen before encryption/signing for e-mail becomes
universal:
[1] one standard encryption scheme must be agreed to by the appropriate
governing bodies (such as has happened with secure Web transactions)
[2] a third party must be entrusted with keys for escrow (apparently,
this is a major stumbling block for businesses)
[3] all the "major" e-mail clients (for some definition of "major") must
adopt the standard more or less at the same time
[4] the implementation would have to be as seamless as that in every Web
browser, where we need not even know we are interacting with a secure
site unless we look at the little padlock icon -- no command line!
Unfortunately, by "major" e-mail client ([3]), we are probably talking
about Microsoft Outlook here (although Apple's Mail.app could be a dark
horse in this race). More unfortunately, if Outlook were the first
client to take the leap, the "trusted" third party ([2]) would probably
be Microsoft -- whom very few people actually trust (they failed with
their Hailstorm initiative for this very reason).
The Mozilla folks might be able to do this, either in Mozilla or in
Thunderbird, their break-out e-mail client. They already have security
built into the browser component. Apple could add encryption to Mail.app
and "test drive" it with the Macintosh user base (as they did with the
iTunes Music Store). However, I don't imagine that enough Apple
customers have requested encryption to make a business case for this. Sigh.
ITConversations had an interview with Philip Zimmerman, the "father" of
PGP encryption technology:
<http://www.itconversations.com/shows/detail116.html>
In the interview, Zimmerman admitted that he rarely uses encryption or
digital signing anymore -- it is not widely enough adopted, and it adds
an additional step to sending every e-mail. Sigh.
> So, encrypting your mail is also a demonstration that you know your
> rights, and that you are willing to defend them. Even if the contents
> is just a "Hello" to your mom. Just my 0.01...
For me to send an encrypted "Hello" to my Mom would be a major breakthrough!
Thanks for listening to my rant, folks!
Best wishes,
Clint
--
Dr. Clinton C. MacDonald | <mailto:clint DOT macdonald AT sbcglobal DOT net>