cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-01-27 - Re: PGP in Eudora and other mail programs

Header Data

From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
To: cypherpunks@toad.com
Message Hash: a694bc7a734526121fbdcf5497085b8ac374d87ca9c7c0c77056a7a76170ca50
Message ID: <2.2.32.19960125200317.00753dc8@opus.SanDiegoCA.ATTGIS.com>
Reply To: N/A
UTC Datetime: 1996-01-27 14:37:53 UTC
Raw Date: Sat, 27 Jan 1996 22:37:53 +0800

Raw message

From: Chris Claborne <Chris.Claborne@SanDiegoCA.ATTGIS.com>
Date: Sat, 27 Jan 1996 22:37:53 +0800
To: cypherpunks@toad.com
Subject: Re: PGP in Eudora and other mail programs
Message-ID: <2.2.32.19960125200317.00753dc8@opus.SanDiegoCA.ATTGIS.com>
MIME-Version: 1.0
Content-Type: text/plain


At 11:54 AM 1/25/96 -0800, you wrote:
>At 2:13 PM 1/25/96, Clay Olbon II wrote:
>
>>Seriously, this just illustrates the idiocy of banning "hooks" in software.
>>How does one define a "hook"?  Just providing source code could be defined
>>as providing a hook, since a good programmer could then modify it to do
>>crypto.  Also, how about the various kits and tools used to integrate pgp
>>with pine, eudora, etc -- are these not "hooks"?
>
>And yet how many of these programs actually can transparently
>(automatically, push-button, etc.) support PGP? I've been a user of Eudora
>for several years, and have pressed for PGP hooks. The company, Qualcomm,
>once told me it was on their list of things to do, but....
>
>A few years later, still no PGP-in-Eudora. One would think that this would
>be a powerful way of distinguishing their product from other mail packages.
>
>(I understand from this list that Eudora for Windows is now doing this much
>more automatically, that someone has a PGP-in-Eudora package. I don't think
>it was from Qualcomm, but I could be wrong. As a Macintosh version user,
>I'm hoping this comes to the Mac version as well.)

   I think what is going to happen is that Qualcomm will choose S/MIME
instead of PGP, since they are one of the companies listed as jumping on the
band wagon.  

   S/MIME scares me since I believe it to (normally) use weak encryption.
It is gaining in popularity and hype and might be just the product to lull
mass amounts of users into using weak crypto (read government readable).
Microsoft, Banyan, ConnectSoft, Frontier Technologies, Network Computing
Devices, FTP Software, Wollongong, SecureWare Lotus, and others are on the
band wagon as well. 

   From section 2.2 of the S/MIME Implementation Guide published by RSA
   "... U.S. software manufactures have been compelled to incorporate an
   "exportable" content encryption algorithm in order to create a widely
   exportable versions of their product.  "

   "... For outgoing messages, RC2 CBC at 40 bits is the recommended default.
   stronger content encryption is strongly recommended where there is some
   mechanism to indicate that the intended recipient(s) can support it.

   Even though S/MIME allows for any bulk encryption scheme to be used, all
I ever see advertised is DES.  Most companies, including Qualcomm who depend
on government agencies to give them licenses (like FCC dudes), will bend
like a reed in the wind when under pressure.  Follow the money.

                                        ...  __o
                                       ..   -\<,
Chris.Claborne@SanDiegoCA.ATTGIS.Com   ...(*)/(*).          CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint =  A8 FA 55 92 23 20 72 69  52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.

Thread