Point of view regarding LISA 2002

Len Sassaman rabbi@abditum.com
Wed Oct 2 11:20:02 2002

On Sat, 28 Sep 2002, Alexandre Dulaunoy wrote:

> Did you know the presentation ? the speaker ?

Lots of people on this list know the speaker. I think I'm the only one who
knows the presentation, though there are many people who could give it
just as well.

> I  don't think  that  GnuPG have  failed  in their  mission. GnuPG  is
> usable,   there   is   more   and  more   user-interface   integration
> with GnuPG/OpenPGP and the use is increasing quite well. (Just see the
> message signing in mailing-list and so on...)

You think so?

Try this experiment: Take a laptop with PGP on it and go down to your
local bar, coffee shop, cafe, etc, and attempt to explain what GnuPG is
good for, how it works, and how one uses it in 5 minutes or less to 10
random people who have never heard of PGP, and who are of "average"
computer literacy (i.e., they know how to connect to the Internet and use
email, but don't use Linux/Unix and have never compiled a program in their

How many of them will walk away understanding what you told them? Of
those, how many will become new OpenPGP users? Of those, how many will use
OpenPGP properly in a manner which will actually secure their messages?

(Note: I could just as easily be picking on almost any of the fruits of
the Cypherpunk movement. PGP is the one most attendees of LISA will have
used at some point, so that is the one I have chosen.)

GnuPG is "encryption for the crypto hackers and Linux elite.[1]" I've
never heard a mission statement from Werner, so perhaps GnuPG hasn't
failed in its mission, if this is what it was striving for. It is far from
"encryption for the masses", however, which is what Phil Zimmermann
branded PGP.

That's not to say I don't think it ever can be...

I'm not going to say anymore about this until after LISA. If you're
planning on attending, please feel free to disagree with me in the Q&A
session after my talk.


[1] Arguably not even this. I had to personally walk Eric Raymond through
using gpg to sign my key, since the --interface-was-confusing. Rodney
Thayer (one of the co-authors of the OpenPGP RFC) sends me email full of
four-letter words I didn't know existed from time to time, when he tries
to make GnuPG and PGP play nicely together. Etc.