From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 10 Jan 96 13:01:40 PST
To: Ted Garrett <teddygee@visi.net>
Subject: Re: Is this true...
In-Reply-To: <2.2.32.19960110202813.006bb954@visi.net>
Message-ID: <Pine.ULT.3.91.960110125059.13238J-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Wed, 10 Jan 1996, Ted Garrett wrote:

> Being new to crypto subjects, I guess I'm pretty gullable about how much one
> should use encryption in general.  I remember reading somewhere that it
> would probably be best for the 'world as a whole' if everyone used
> encryption whenever possible so that when you DO send encrypted messages
> that actually contain information you want kept secret, it doesn't stick out
> like a sore thumb.
> 
> To that end, I should imagine that once I have a person's pgp key, they may
> well never see another cleartext message from me again!

The liability of that is a little inconvenience, which can lead to
laziness and insecurity. 

I usually read mail on a highly visible multiuser UNIX system of which I
am not the sysadmin and that has been broken into several times. If you
send me encrypted mail, then I either need to keep my key, type my
passphrase, etc. on this insecure system, or download the mail to a PC or
Mac, which isn't always possible. 

Most sessions of mine to this host are encrypted in kerberos or ssh, but 
not all.

Sending unencrypted mail is rather like sending a postcard. But postcards 
are fine a lot of the time. 

Being too cavalier about the use of PGP is rather like putting multiple
deadbolts on the front door to your house, but accidentally dropping 
copies of your house keys wherever you go.

-rich