E-Mail Encryption: Why Isn't Everyone Doing It?

David Picón Álvarez eleuteri@myrealbox.com
Fri Oct 25 11:22:02 2002

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit

Graham wrote a lot of stuff but I'm only quoting some:

> No, lets's get this correct.  The CLI in both Windows and Linux is NOT
> adequate for people to intuitively use it IMO.  PGP has an edequate GUI
> in Windows that could be improved, and both GPGShell and WinPT in
> Windows are fairly adequate GUI front ends for GPG.  They are more or
> less intuitive and GPGShell can allow access to virtually all the
> functions of GPG.  In Linux, there is no GUI to GPG, adequate or
> otherwise.

1) The intuitiveness of a CLI is IMO akin to that of language. Since you're
using abstract symbolic manipulation as opposed to metaphors, confusions are
less common and ambiguity occurs seldom if ever.
Now you may be thinking this is false or irrelevant or both, but just think
about it. With commands, the statements have total precission whereas with
metaphors (GUI-like interfaces are based on metaphors) things are not so
very clear. For a non-critical program, a GUI is perfectly fine since it
operates at higher level and you don't really worry about what happens
below. A silly example is an html generator. However, for security-critical
tools, you want (at least I do) to control the lowest possible level of
operation because a wrong default or something missing in the "advanced
options" GUIs use to have hidden somewhere your security could be

> I don't agree.  There are more PGP users in the Windows environment than
> GPG users because PGP has an approachable program with an intuitive

I don't believe so. There are more PGP users than gnupg users because of
several other reasons, though: pgp is ages older. pgp was the first program
from which the standard itself arose. pgp has been backed by relatively
powerful security companies with a lot of mindshare. And, of course, because
of some peoples paranoia that free software is evil and must be covered in
bugs and trojans.

> GUI.  The number of Windows GPG users is growing...because there is an
> adequate GUI for it and reasonable support for GPGShell in other
> mailing lists and newsgroups.  The problem for me is that neither

Maybe I'm overestimating people but I tend to think that the number of
Windows gpg users is growing because there is a higher degree of security
awareness and because gpg is simply (from a functional standpoint) a better,
more complete peace of software.

> GPGShell or PGP is open source.  The CLI is confusing to people coming
> to Linux from Windows, although you have to learn to live with it. But
> I am not asking for GPG users in Linux to abandon the CLI, I simply
> want an adequate GUI to GPG as well so that it can be used by those
> (like me) who prefer it.

Obviously, everyone has the right to use whatever software they prefer and
in whatever manner. I just think that: 1) spending gnupg's developers time
in a GUI wouldn't be optimum resource allocation. 2) a gui may not be the
best thing from a security standpoint. 3) I don't believe creating a gnupg
gui for unix would increase its user base.

Anyway, I don't want to seem fanatical or something. :-)


Content-Type: application/pgp-signature
Content-Disposition: inline