From: "Perry E. Metzger" <pmetzger@lehman.com>
Date: Thu, 17 Feb 94 14:35:28 PST
To: "Gary Jeffers" <CCGARY@mizzou1.missouri.edu>
Subject: Re: STEALTH OCEANS
In-Reply-To: <9402172103.AA05967@toad.com>
Message-ID: <9402172230.AA13011@andria.lehman.com>
MIME-Version: 1.0
Content-Type: text/plain



"Gary Jeffers" says:
>    Firstly, congratulations to the cypherpunks that are realizing that
> strong civilian crypt needs "stealth". For some time I have thought
> that a crypt file with a crypt header on it was like saying "yes, I
> am in contempt for refusing to give a password" or "yes, I do require
> surveillance". A crypt file should look like random bits.

I have said this before, and I will say it again. "Stealth"
cryptography is a bad idea. Security comes from everyone openly using
cryptography all the time. "Stealth" cryptography ideas both imply
that we are doing something wrong (when there is nothing illegal or
wrong about using cryptography) and make cryptography very
inconvenient to use. If I have a truly stealth system it becomes
difficult for me to decrypt my own mail, especially if I have multiple
keys. I can't use MIME headers to tell people how to do automatic
decryption. I can't encapsulate messages inside my messages with MIME.
I'd go on, but I'm sure I'll get flamed at just for saying this.

.pm