1994-12-23 - B-PGP: news/requests

Header Data

From: ddt@lsd.com (Dave Del Torto)
To: cypherpunks@toad.com
Message Hash: c74d52bbc961546d5814948813aca12f8208fcad3ae4668d12d48084d7448d99
Message ID: <ab20f8243a021003d40d@[192.187.167.52]>
Reply To: N/A
UTC Datetime: 1994-12-23 23:21:31 UTC
Raw Date: Fri, 23 Dec 94 15:21:31 PST

Raw message

From: ddt@lsd.com (Dave Del Torto)
Date: Fri, 23 Dec 94 15:21:31 PST
To: cypherpunks@toad.com
Subject: B-PGP: news/requests
Message-ID: <ab20f8243a021003d40d@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Note: I'm meta-prefixing this "B-PGP" to indicate the "Beginner-PGP" thread.

At 10:37 am 12/21/94, bshantz@spry.com wrote:
>It is my own personal opinion that in order for crypto to truly become
>mainframe, the software manufacturers of internet connectivity packages must
>integrate crypto into the applications. [elided]

FYI, any of you who haven't heard should be pleased to know that Steve
Dorner is working with Zig Fiedorowicz on integrating ViaCrypt PGP/Mac
functions into Eudora (on the Mac, at least, which is a good starting
point). This is a major step forward, since Eudora is so POPular :) and
this could certainly increase sales of ViaCrypt's s/w as well. In the
meantime, I'm looking at the AppleEvent scripts that have been made public
and will make comments on them soon.

Anyone who's up-to-date on current Mac or Windows version development (Hal
Hildebrandt?) is encouraged to contact me, per Phil's request. I just want
to make sure everyone gets what they need and that the left hand knows what
the right hand is doing, etc. I'll set up an FTP directory "somewhere" for
a central repository if anyone feels it's necessary (location to be
announced elsewhere).

BTW, I'm starting work on a Beginner's PGP-FAQ and would appreciate any
question/answer pairs anyone would care to submit. Please keep them simple:
they are aimed at an AOL-ish user level. The final document should be
extremely non-technical, non-threatening and about three pages long
maximum. In it, I will describe the History of the Entire Cryptographic
World in 4000 words or less. :)  I'm calling the 3-Minute Shakespeare
Troupe next week for pointers on how to accomplish this...

Speaking of AOL, does anyone know anyone on the current Internet
development team there? I used to exchange email with some
internet-oriented guys there back in '90-'91 but I wonder if anyone is in
current contact - I'd like to discuss the possible integration of PGP into
the AOL client software. That would effectively put PGP in a couple of
million users hands PDQ. With all the bidness activity there of late, it
seems to me there's a need that could be filled quite nicely.

>In order to bring crypto to the masses, we have got to convince people that
>it is necessary. We also must make it"second nature". It sure is nice to have
>a menu option or a toolbar button that will encrypt plaintext automatically.
>Key management and some of the "high tech"  (I know, for us it's nothing, but
>for my dad who just bought a computer and doesn't understand the difference
>between click, double click, and drag, crypto is a really high tech thing
>just in itself.)

Notice Brad didn't even mention his MOM yet. I once tried to explain PGP to
my Mom. "That's very nice, dear," was about the breadth of her reaction,
but I still put a box on her desk and set her up with a key, even if she
won't use it yet (ever? hey, she's a mom, Okay?). Now, if it was a real
point-n-click maneuver, it might have a snowballs' chance in hell with her,
but until then...

>things of crypto should not be directly handled by the user.  >(Optional
>of course.  On a privacy level, the user should have full control.

Indeed. I'm hoping the upcoming versions of mainstream PGP (Mac/Win) will
allow for a bit more modularity in the apps. I.e. it would be nice if you
could "plug in" various functions, so that you could build up the app's
features as a user gained more sophistication, but this may be way beyond
the v3.0 scope. More on this idea later, as it more directly relates to
system software extensions than PGP application stuff.

>But give the user a break...if the software is secure..as such...so is the
>user's privacy.)
>
>You will notice that this message is not signed.  That's because in order to
>sign it, I would need to save my message, hop out to a DOS box, PGP encrypt
>it, hop back to my mail program and insert the encrypted mail as a text file.
>That's enough to discourage the average user.  This is pretty much what Tim
>May was talking about when he discussed why he doesn't sign his messages.
>It's not that he couldn't... it's just not practical for him.  It's not
>>really practical for me either, but I do it when I feel it's necessary.
>
>The only way to make crypto practical is to basicalloy hide the technical
>side from the user and make it easy.

Let me describe briefly for you all (and everyone is encouraged to type up
a similarly brief log of what they do on their machines so we have a UI
comparison table) what I deal with when I encrypt a msg on the Mac. Keep in
mind that I have worked very hard to streamline the process as much as
possible, and that this is before installing the AppleEvent scripts. It's
not difficult for me, but for someone without a clue... well, they get two
steps in, stare at the screen and eventually bag it.

type msg body (in Eudora).
select text
copy to Mac clipboard (system)
switch to PGP with macro
Encrypt (or Sign) menu command
[PGP reads the clipboard here, a wonderful improvement thanks to ...Zig?]
enter passphrase
[PGP outputs encrypted text to clipboard, wipes temp file]
macro back to Eudora.
paste clipboard back into msg body

Now, all of this is easily scriptable: I once did it with a long
complicated macro, but it was s l o w, so I bagged that idea - it didn't
even use system level events. I'm hoping the new AE scripts will handle
most of this, but it SHOULD all be done in the application layer by Eudora
with direct calls to PGP in the bg (see above annc re Steve Dorner), which
is the current direction. Let's hope ViaCrypt's new AE support will allow
for this (Zig? hello?).

IMPORTANT: Anyone currently working on an PGP versions is hereby requested
to mail me regarding the coordination of development efforts. Mail Phil
with questions about this.

ALSO: There will/should be a group discussion at the upcoming physical
meeting on the 14th which both Phil and I will be attending. Please bring
your keys/laptops/floppies for signing.

Over and out,

   dave
________________________________________________________________________
Speaking of "term limits," hasn't Rush Limbaugh gotten enough attention?




-----BEGIN PGP SIGNATURE-----
Version: 2.6ui

iQCVAgUBLvtabKHBOF9KrwDlAQFYkAQAiKcjZx5iCzn0CLIBY5/TzVOY8sl7Jclo
v6MSPdNdU3ONTBLtDlI3HbSnq/SqGyJxkgxex7aLaICwB+RUsE2TMnJ2PBXD1W0T
48eqQZT3IhT35gEfV3RQnYllIS4mhEWxzq8KFMPwdCjlNrF794TqZFgBadWZL+LR
4hXhnrTuB5A=
=/bL0
-----END PGP SIGNATURE-----







Thread