E-Mail Encryption: Why Isn't Everyone Doing It?

Graham graham.todd@ntlworld.com
Thu Oct 24 09:45:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 24 Oct 2002 7:24 am, Anthony E. Greene wrote:

[snipped]
> Have you taken a look at the GnuPG manual lately? GnuPG can do lots
> of things that PGP cannot do.=20

I have looked at the GPG manual recently, and I agree that GPG is the=20
better program.

>There is no way to reproduce all those
> options in a GUI and still have an easy to use interface. In the last
> 24 hours two options were added in reponse to a user with a lost
> public key. If that kind of responsiveness had to be put on hold
> because it would take too long to put it into an GUI, then GnuPG
> would not be as good as it is.

Well now, why is it that in Windows GPGShell can provide this as soon as=20
a new version of GnuPG comes out?  And it is a complete interface:=20
through it you can directly alter the options, give extra commands, do=20
key management, and encrypt and sign in windows on which you have the=20
focus.  Indeed, the lack of anything similar in Linux made me consider=20
for some time whether I should move over and I am sure that many =20
people migrating to Linux from Windows won't use GPG because it does=20
not have this kind of interface despite being bundled with every distro=20
that I am aware of.

[snipped]

>This stuff should be built into mail software
> the same way SSL is built into browsers. Until it is, it just won't
> be widely used.

That's where we part company.  I also believe that SSL and S/MIME should=20
be available as stand alone packages so that you can use them with=20
MUAs.  GPG should be available as a stand alone package with its own=20
GUI.  Compatibility can be built into MUAs so that they interface with=20
it directly for signing and encryption, but that is the extent to which=20
MUAs should be involved.  By treating GPG as just another library of=20
functions which you access through the MUA is to reduce its power, and=20
anyway commands to GPG are sent through the CLI so it is available=20
separately now.

I am merely arguing that in Linux there should be a full GUI to these=20
functions, as there is in Windows.

As Ryan Malayter said, "There are more ways to help with open source=20
projects than simple programming. In fact, if you were to organize a=20
GUI design document for an easy-to-use front end, I'll bet you could=20
find someone to do the coding."  I'm not so sure about this, and I=20
would not know where to start (except by reference to GPGShell) but I'm=20
willing to give it a try instead of just bitching.

Would anyone interested like to contact me off list?

- --=20

Graham
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: Please sign and encrypt for internet privacy

iD8DBQE9t6bnIwtBZOk1250RAo5gAJ9rfgnIVluPqem0dVCLiPNaKu62tACeI6T0
VKcleYye+hYJw73ZpLyeGJo=3D
=3DeN7j
-----END PGP SIGNATURE-----