From: Thomas Grant Edwards <tedwards@src.umd.edu>
Date: Wed, 21 Dec 94 11:54:59 PST
To: bshantz@spry.com
Subject: Re: GUI: PGP vs novices
In-Reply-To: <199412211837.KAA09590@homer.spry.com>
Message-ID: <Pine.SUN.3.91.941221144645.27493A-100000@zydeco.src.umd.edu>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 21 Dec 1994 bshantz@spry.com wrote:

> It is my own personal opinion that in order for crypto to truly become 
> mainframe, the software manufacturers of internet connectivity packages must 
> integrate crypto into the applications.  Look at the past threads here on 
> Cypherpunks..."How do I write a script to put PGP into ELM?"  "PGP DLL 
> modularity" etc.

That's true to some extent.  I'd love to be able to have every message I 
want signed and encrypted from PINE automagically.  I could implement 
this by requiring keystrokes at the editor level.  But that isn't the 
entire issue...

On the issue of signing, there is another question.  Do I really want
to sign every message?  I don't like signing my written name anywhere I
don't have to.  And whenever I do, I am careful to look at all the
potential consequences.  Signatures imply I am agreeing to some kind of
contract.  Perhaps I prefer my email unsigned, to give me a level of
disputability.  If my email was a business contract, then I'd be
enthusiastic about signing it.   But for a post to a political newsgroup, 
for instance, perhaps I don't want to make sure everybody can 
cryptographically assure themselves it comes from me.  This leaves me 
open to potential forgery, but email forgery is well known and understood.

Finally is physical security of keys.  If I am going to sign anything, I 
want that key to be under control of only me.  It is difficult for 
someone like me who uses workstations to keep a key only on floppy, 
especially as I find myself on different workstations, many diskless, all 
the time.

-Thomas