[4454] in cryptography@c2.net mail archive
Re: PGP 6.5/PGPnet Announcement!
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Tue Apr 6 16:44:43 1999
Date: Tue, 06 Apr 1999 13:14:35 -0700
From: Jim Gillogly <jim@acm.org>
To: cryptography@c2.net
Michael Paul Johnson wrote:
>> Of course this is dangerous, but there is a demand for it. Not everyone
>> wants bomb-proof security. ... The real cure, of course, is to so
>> tightly and easily integrate security into email that it is as easy
>> as this to use, but not as risky.
Steven M. Bellovin responded:
> There's bomb-proof security, and there's "security" that itself is a time
> bomb. I fear that self-extracting decryptors are much closer to
> the latter than to the former -- very much closer.
I agree with Steve about this part. These programs are much like
the active email bogosities, which should never be allowed to
operate without the user's informed consent -- and I don't regard
accepting Windows defaults as constituting informed consent. But
supplying weak cryptography to people even with caveats can give
them a fatally false sense of security. If they could tell at a
glance that their communications were weak, they might use them
more safely.
> You encrypt things because you think someone is trying to read
> them: if no one is trying to read a file, why protect it?
However, I disagree strongly with this. If you encrypt only the
most sensitive material and someone is trying to read your mail,
they know exactly which bits to concentrate on. If you encrypt
all your mail routinely, you've increased your opponent's traffic
analysis problem immensely -- especially if there is no external
indication of the relative importance of the messages.
--
Jim Gillogly
Sterday, 15 Astron S.R. 1999, 20:01
12.19.6.1.10, 12 Oc 3 Uayeb, Third Lord of Night
