[3142] in cryptography@c2.net mail archive
Re: Top Pentagon official declares no one has a right to secrecy.
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Tue Aug 4 23:23:49 1998
To: nobody@nsm.htp.org
cc: cryptography@c2.net
Date: Tue, 04 Aug 1998 23:14:39 -0400
From: Steve Bellovin <smb@research.att.com>
In message <19980805002912.18272.qmail@nsm.htp.org>, nobody@nsm.htp.org writes:
> >>>>> Nelson Minar <nelson@media.mit.edu> writes:
>
> > People don't use PGP casually. It's not that it's too hard to set
> > up, it's just too much trouble to bother with.
>
> Few of us routinely sign postings to public fora, as the rationale for
> doing so is rather thin; this is certainly no reflection on PGP's ease
> of use (or lack thereof).
I rarely use PGP for routine mail because of the difficulty -- not the
difficulty of using PGP, but of using it on an adequately-secured
platform. My ordinary mail host does not meet my standards, even when
I use ssh to connect to it (which I do, routinely).
This problem -- protecting both the private key and the mail after
decryption -- is a fundamental one, which most "easy to use" solutions
(i.e, GUIs on Windows 95) utterly fail to solve -- and can't solve,
without a much more secure underlying operating system, and a user
community willing to give up some convenience for security.
My own thoughts on encrypting email are in http://www.research.att.com/~smb/securemail.html
