[OT] CLI for noobies: The keys to GnuPG
Clinton MacDonald
yellowdog-general@lists.terrasoftsolutions.com
Thu Jul 1 20:00:01 2004
Ray:
Thanks for *trying* to explain more to me about encryption technology
(that you did not succeed is entirely due to my limited understanding).
R. Hirschfeld wrote:
> You can get opportunistic transport-level encryption of email by
> enabling STARTTLS in your MTA.
I don't know what any of this means, but it sounds as if I would have to
be my own ISP for this to be effective. Certainly, I would be unable to
send an encrypted e-mail to my Mom with this technology unless her
e-mail client already had the guts of it enabled. And, what if Mom were
an AOL user?
> For sensitive messages you probably still want end-to-end
> application-level encryption. A recent commercial version of PGP
> ("PGP Universal") is apparently designed to be user-transparent but
> all I know about it is what's in their press release.
I think that the problem with this is that it is commercial (and I am
not trying to start an Open Source versus Commercial Software flame war
here). In this day and age, computer end-users expect their e-mail
clients to be *free*, in the sense that it comes with their system
(Apple's Mail.app or Microsoft Outlook Express), or that it is supplied
by their corporate IT people (Microsoft Outlook). Heck, even AOL's
pitiful mail offering is "free" with the AOL service (I'm not knocking
AOL here -- it's great for the home user set who still want and need the
training wheels). Commercial PGP will not be able to take over the
Internet Universe unless it could be supplied with every e-mail client
on this planet, including Ximian Evolution, Mozilla, Thunderbird, or
Albrecht's Balsa (I think the PGP folks are missing a very large
clue-train here by not releasing their technology as open source, then
earning money on the back-end). Unless I can expect my recipient to have
a cryptographically enabled e-mail client, there is no reason for me to
bother sending it.
For this reason, I believe Albrecht is on the right track: there will
have to be an open standard for encrypted e-mail, just as there is for
attachments, etc. I believe, however, for encrypted and signed e-mail to
become commonplace, it will require a big software developer -- probably
one that is also an operating system developer -- to come up to the
plate on encryption. Microsoft could do it, but unless they do it
*exactly* right, it will be a flop (for example, if the implementation
requires us to trust Microsoft with credit card information, or require
an expensive upgrade of Exchange Server, it will be a failure because
Microsoft has not earned that kind of trust). Apple has a stronger track
record of doing things exactly right, but I would be surprised if they
saw encryption as a priority. Sigh.
Again, it's all just my opinion, unencumbered by the facts!
Best wishes,
Clint
--
Dr. Clinton C. MacDonald | <mailto:clint DOT macdonald AT sbcglobal DOT net>