1994-02-12 - Re: Strategies for getting encryption in widespread use QUICKLY

Header Data

From: “Pat Farrell” <pfarrell@netcom.com>
To: cypherpunks@toad.com
Message Hash: 0bb40219c88132fe6263bfa32af2b244663cb0a9be88c773d0bdd915700c7857
Message ID: <62543.pfarrell@netcom.com>
Reply To: N/A
UTC Datetime: 1994-02-12 22:21:09 UTC
Raw Date: Sat, 12 Feb 94 14:21:09 PST

Raw message

From: "Pat Farrell" <pfarrell@netcom.com>
Date: Sat, 12 Feb 94 14:21:09 PST
To: cypherpunks@toad.com
Subject: Re: Strategies for getting encryption in widespread use QUICKLY
Message-ID: <62543.pfarrell@netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

In message Sat, 12 Feb 1994 13:00:55 -0800,
  Peter shipley <shipley@merde.dis.org>  writes:

> This is why I email this list to encourage the use of MIME email headers
> with a MIME mailer (elm, pine, mh, Zmail etc..) when a person
> receives email, the mailer agent will invoke pgp automaticly
> thus reading encrypted email is a user transparent process.

Clearly MIME is a step in the right direction. And clearly MIME is steg
friendly, who can tell a MIME encoded PGP message from a MIME encoded
GIF file without looking at character frequencies, etc. (You _know_ that
I'm going to lie about the MIME-Content-Type flag :-)

But I haven't yet found a Windows PC client that will work without TCP/IP.
Maybe I haven't looked hard enuff.  Since 85% of all computers are shipped
with Windows, "widespread use" means Windows (or Windoze for the cynics).
I also  don't know why the network  vendors charge so much more for SLIP
and/or PPP, but until IP is as cheap as async, there is a need for lower
technology solutions.

There are also some design questions that have to be addressed on the
human interface side. For example, some folks strongly prefered not to
receive encrypted mail, because they didn't work in an PGP friendly
environment. So you need to have a client that is smart enuff to
automatically encrypt to folks who control machines on the net, and not
encrypt by default to folks using unsecure delivery such as netcom.com's
vt100 based users. And you need a nice way to override the default. Clearly
this information goes in the roledex that you keep with your client
software. I mention it only so that folks realize that the simple
publication of a PGP or RIPEM key does not indicate that a user is ready to
receive all email encrypted.

Solving these problems is exactly why we write code.


Pat Farrell      Grad Student                 pfarrell@gmu.edu
Department of Computer Science    George Mason University, Fairfax, VA
Public key availble via finger          #include <standard.disclaimer>