1994-12-21 - Re: GUI: PGP vs novices

Header Data

From: bshantz@spry.com
To: cypherpunks@toad.com
Message Hash: a5205e91f519a650e865d5f1d296db220df6f022f1d8d019fa40a1e54823b602
Message ID: <199412211837.KAA09590@homer.spry.com>
Reply To: N/A
UTC Datetime: 1994-12-21 18:37:18 UTC
Raw Date: Wed, 21 Dec 94 10:37:18 PST

Raw message

From: bshantz@spry.com
Date: Wed, 21 Dec 94 10:37:18 PST
To: cypherpunks@toad.com
Subject: Re: GUI: PGP vs novices
Message-ID: <199412211837.KAA09590@homer.spry.com>
MIME-Version: 1.0
Content-Type: text/plain


Thomas Grant Edwards Writes:
>PGP has made me more crypto aware, but at this point neither I nor most of
>the crypto aware people I personally know feel there is a need to either
>encrypt or sign messages on a regular basis.  

It is my own personal opinion that in order for crypto to truly become 
mainframe, the software manufacturers of internet connectivity packages must 
integrate crypto into the applications.  Look at the past threads here on 
Cypherpunks..."How do I write a script to put PGP into ELM?"  "PGP DLL 
modularity" etc.

In order to bring crypto to the masses, we have got to convince people that it 
is necessary.  We also must make it "second nature".  It sure is nice to have 
a menu option or a toolbar button that will encrypt plaintext automatically.  
Key management and some of the "high tech"  (I know, for us it's nothing, but 
for my dad who just bought a computer and doesn't understand the difference 
between click, double click, and drag, crypto is a really high tech thing just 
in itself.) things of crypto should not be directly handled by the user.  
(Optional of course.  On a privacy level, the user should have full control.  
But give the user a break...if the software is secure..as such...so is the 
user's privacy.)

You will notice that this message is not signed.  That's because in order to 
sign it, I would need to save my message, hop out to a DOS box, PGP encrypt 
it, hop back to my mail program and insert the encrypted mail as a text file.  
That's enough to discourage the average user.  This is pretty much what Tim 
May was talking about when he discussed why he doesn't sign his messages.  
It's not that he couldn't... it's just not practical for him.  It's not really 
practical for me either, but I do it when I feel it's necessary.

The only way to make crypto practical is to basicalloy hide the technical side 
from the user and make it easy.  

That's my two cents.

>>>>>>>>>>>>>>>>>>>>>INTERNETWORKING THE DESKTOP<<<<<<<<<<<<<<<<<<<<<<<
Brad Shantz                      bshantz@spry.com
Senior Software Engineer
SPRY Inc.                        Direct #:     (206)-442-8251
316 Occidental Ave. S.           Main #:       (206)-447-0300
Suite 316                        Fax #:        (206)-447-9008
Seattle, WA 98104                WWW URL: http://WWW.SPRY.COM
----------------------------------------------------------------------
PGP Public Key at:    http://www-swiss.ai.mit.edu/~bal/pks-toplev.html
Or email:             pgp-public-keys@pgp.ai.mit.edu Subj: GET bshantz
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<






Thread