E-Mail Encryption: Why Isn't Everyone Doing It?

Anthony E. Greene agreene@pobox.com
Wed Oct 23 17:34:02 2002 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 23-Oct-2002/11:29 +0200, Simon Josefsson <jas@extundo.com> wrote:
>carl w spitzer <cwsiv_home1@juno.com> writes:
>
>> While an estimated 900 million people use e-mail, few take advantage of
>> encryption.
>> http://www.NewsFactor.com/perl/story/18860.html
>> NewsFactor.com, Aug. 5, 2002
>
>Why isn't everyone doing phone encryption?  Why isn't everyone
>encrypting their personal postal mail?  Just because something is
>technically possible doesn't mean everyone should use it.

People generally put personal mail in envelopes. They should do the same
with email. There are some things that could make it easier:

 - Built-in support for the big two encryption schemes (OpenPGP, S/MIME)
   in all mail clients.

 - Automatic generation or import of keys during mail client setup.

 - Establishment of non-commercial CAs that issue cost-free certs that
   are accepted by most encryption implementations in their default
   configuration. Govt agencies could issue certs along with other
   identity documents.

 - Message is automatically encrypted if all recipients are able and
   willing to process encrypted mail.

 - Mail client encrypts replies to encrypted messages.

 - Mail client can cache decryption password if allowed by user. This
   allows auto-decrypt when recipient attempts to view the message.

 - Different authentication token (password) for signature and decryption
   keys. This allows mail clients to cache decryption keys without making
   signature keys vulnerable.


As long as people have to take extra steps to protect their email, it
won't happen.

Tony
- -- 
Anthony E. Greene <mailto:agreene@pobox.com>
OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26  C484 A42A 60DD 6C94 239D
AOL/Yahoo Chat: TonyG05      HomePage: <http://www.pobox.com/~agreene/>
Linux: the choice of a GNU Generation. <http://www.linux.org/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Anthony E. Greene 0x6C94239D <agreene@pobox.com>

iD8DBQE9tsF/pCpg3WyUI50RAvR9AJ9ArqCSArYot2CPfRTSJHzrAEsA3QCbBxdX
w6+f7MLSAvh6/DsIZjajJRk=
=YI5r
-----END PGP SIGNATURE-----