E-Mail Encryption: Why Isn't Everyone Doing It?
Anthony E. Greene
Wed Oct 23 17:34:02 2002
-----BEGIN PGP SIGNED MESSAGE-----
On 23-Oct-2002/11:29 +0200, Simon Josefsson <firstname.lastname@example.org> wrote:
>carl w spitzer <email@example.com> writes:
>> While an estimated 900 million people use e-mail, few take advantage of
>> NewsFactor.com, Aug. 5, 2002
>Why isn't everyone doing phone encryption? Why isn't everyone
>encrypting their personal postal mail? Just because something is
>technically possible doesn't mean everyone should use it.
People generally put personal mail in envelopes. They should do the same
with email. There are some things that could make it easier:
- Built-in support for the big two encryption schemes (OpenPGP, S/MIME)
in all mail clients.
- Automatic generation or import of keys during mail client setup.
- Establishment of non-commercial CAs that issue cost-free certs that
are accepted by most encryption implementations in their default
configuration. Govt agencies could issue certs along with other
- Message is automatically encrypted if all recipients are able and
willing to process encrypted mail.
- Mail client encrypts replies to encrypted messages.
- Mail client can cache decryption password if allowed by user. This
allows auto-decrypt when recipient attempts to view the message.
- Different authentication token (password) for signature and decryption
keys. This allows mail clients to cache decryption keys without making
signature keys vulnerable.
As long as people have to take extra steps to protect their email, it
Anthony E. Greene <mailto:firstname.lastname@example.org>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <email@example.com>
-----END PGP SIGNATURE-----