1996-06-04 - PGP’s ubiquity (was Re: NRC Session Hiss)

Header Data

From: Bruce Baugh <bruce@aracnet.com>
To: cypherpunks@toad.com
Message Hash: d3db8dec878c9fcd69ea1cdedfb3f99cdc74007b4cd04ed1d16624adc9fcc2a8
Message ID: <2.2.32.19960603182730.006afff8@mail.aracnet.com>
Reply To: N/A
UTC Datetime: 1996-06-04 00:06:58 UTC
Raw Date: Tue, 4 Jun 1996 08:06:58 +0800

Raw message

From: Bruce Baugh <bruce@aracnet.com>
Date: Tue, 4 Jun 1996 08:06:58 +0800
To: cypherpunks@toad.com
Subject: PGP's ubiquity (was Re: NRC Session Hiss)
Message-ID: <2.2.32.19960603182730.006afff8@mail.aracnet.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:15 PM 6/2/96 -0700, Lucky Green wrote:

>That PGP is ubiquitous is subject to discussion. PGP is widely available, 
>but that doesn't mean that it is widely used. What percentage of email is 
>PGP encrypted? Less than half a percent?

Much, much less than that. I get about five hundred messages a day. On the
average day, none of them are PGP-encrypted. On the average _week_, none of
them are PGP-encrypted. And by virtue of having a PGP key signed and on the
servers, I'm better prepared to send and receive such mail than at least
99.9% of the net.population.

>PGP was a failure in the mass market, regardless how popular it may be
>with some subscribers of this list. 

True, and important. 

In one sense it doesn't matter how good a security system is if a manageable
set of people are the only ones using it. There are only a few thousand IDs
in the key servers, and vast majority of those, I'd guess, are like me in
not using PGP routinely. But even if we were, the institutions of the State
have experience in the long-term surveillance of groups quite a bit larger
than us.

This is where I think some forms of cyber-elitism fail. So I've got access
to darned good tools. The State has numbers and resources, and memes about
how the masses do right when they acquiesce, on its side. 

We are not, I think, particularly secure in an environment where the very
fact of using secure tools stands out from the herd. But what the herd needs
are good tools with good simple front ends, and a) those who design the
tools generally don't care about the herd and so do nothing to get outside
the crypto ghetto and b) those in a position to design the front ends
generally have more immediately rewarding things to do or don't know about
the tools themselves.

Five years ago I was quite optimistic about strong security as an important
element in bringing about the post-statist society I desire. Now I'm
pessimistic. I just don't see signs of the stuff spreading sufficiently. And
while S/MIME has interesting features (based on what I've read so far), the
default 40-bit setup is basically no protection at all. And I know just how
hard it is to get people comfortable using non-default features.

--
Bruce Baugh
bruce@aracnet.com
http://www.aracnet.com/~bruce






Thread