E-Mail Encryption: Why Isn't Everyone Doing It?

David Picón Álvarez eleuteri@myrealbox.com
Fri Oct 25 11:22:02 2002


--4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi,
Graham wrote a lot of stuff but I'm only quoting some:


> No, lets's get this correct.  The CLI in both Windows and Linux is NOT
> adequate for people to intuitively use it IMO.  PGP has an edequate GUI
> in Windows that could be improved, and both GPGShell and WinPT in
> Windows are fairly adequate GUI front ends for GPG.  They are more or
> less intuitive and GPGShell can allow access to virtually all the
> functions of GPG.  In Linux, there is no GUI to GPG, adequate or
> otherwise.

1) The intuitiveness of a CLI is IMO akin to that of language. Since you're
using abstract symbolic manipulation as opposed to metaphors, confusions are
less common and ambiguity occurs seldom if ever.
Now you may be thinking this is false or irrelevant or both, but just think
about it. With commands, the statements have total precission whereas with
metaphors (GUI-like interfaces are based on metaphors) things are not so
very clear. For a non-critical program, a GUI is perfectly fine since it
operates at higher level and you don't really worry about what happens
below. A silly example is an html generator. However, for security-critical
tools, you want (at least I do) to control the lowest possible level of
operation because a wrong default or something missing in the "advanced
options" GUIs use to have hidden somewhere your security could be
compromised.

> I don't agree.  There are more PGP users in the Windows environment than
> GPG users because PGP has an approachable program with an intuitive


I don't believe so. There are more PGP users than gnupg users because of
several other reasons, though: pgp is ages older. pgp was the first program
from which the standard itself arose. pgp has been backed by relatively
powerful security companies with a lot of mindshare. And, of course, because
of some peoples paranoia that free software is evil and must be covered in
bugs and trojans.


> GUI.  The number of Windows GPG users is growing...because there is an
> adequate GUI for it and reasonable support for GPGShell in other
> mailing lists and newsgroups.  The problem for me is that neither

Maybe I'm overestimating people but I tend to think that the number of
Windows gpg users is growing because there is a higher degree of security
awareness and because gpg is simply (from a functional standpoint) a better,
more complete peace of software.


> GPGShell or PGP is open source.  The CLI is confusing to people coming
> to Linux from Windows, although you have to learn to live with it. But
> I am not asking for GPG users in Linux to abandon the CLI, I simply
> want an adequate GUI to GPG as well so that it can be used by those
> (like me) who prefer it.

Obviously, everyone has the right to use whatever software they prefer and
in whatever manner. I just think that: 1) spending gnupg's developers time
in a GUI wouldn't be optimum resource allocation. 2) a gui may not be the
best thing from a security standpoint. 3) I don't believe creating a gnupg
gui for unix would increase its user base.

Anyway, I don't want to seem fanatical or something. :-)


--David.



--4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iQQXAwUAPbkOQ4Vy4iYQ9LKqFAJCiw/8CvHYprh+Q0q08LNwPqqPdw0TQ7h0Njyv
VRBBVW6hCbd4H8NtTfwndeOARH0NaDA00TJpAMJYg0Wioo4jlyjPNU5h9SbHorbD
NiK3ggKV3x8psFW5bVtGBkkufpZAk5NdEt11KL6azitpfRgCiRmwat5idtCrbcpe
iU8WqCSLgdxs8ubZQlK+FU5CmQG+NraC30ibHMEEkcvFszbprX8KyotKJs4ECsgO
HQ1gvqG4hSMCM5sxo6vgBv4MqkmJ8+EQszPxeDQpryD1M37MSLAC6bKA8oF7qbg1
4UEzWHZD82lr5MtugKsnNyBwNciFiAJTkW5WRI6h5Fvt4u4nUcU1bTrVxyTMbK8p
a94+fSUZ0Zfn7yMtZhkCQ0zwrjnm5qIHx5r/HmMT7k+Nn968sg+U2xZwrywRSKDu
ECg0o4ZwWULJv70+JOU1QOjHYDjjjTWtfwwRi/q/iTB/J58YjNtwkThMluNYNQFr
pNbjJHL+WQ/neUz0XyGIPWafRalitBv2pKMT47jOqs/D2w1H6wkuOVcwsFntpWF6
0ew/rJdNNmFIk/+8gb95fhfOQa+xSsexEhzG6dZli6pBff3Sffo9U6ubSO03g5uc
9zDMipKSpN4Iz58cAqBDJrk2YymD8Dd/Jyua1EDO4TjezESdAeJeSyxAQsPEgvul
GX1Exa30i5sP+QFt10LCBePNhG+kOvRgNXQ0ajWYie/YFkbByZiLh6F8PpU6HdS1
ULugQ4CPCmY9eR4VjdZm6/2S3PJkDUgsAOw0fLYE7k/YGme6DrVakb+mHOjIz6Qu
+ZRJOBIm1aSZXuHV6rCSF3KRALDkanwxN8Jg0MEeOWZ7Ocjp27vwKpXa73J/0nc+
WB48M6v6/T+vymRe3TPnpmJEOvrN9ZIS0rjLFfoPsqIl2XcxraSzViax8py9RVku
ieFelpwFK4jYlB1izGjeU3yMx1opTFFMh8fqDnG0xoULjg47ZT4pKMlYW/e++sy6
I5mtY//Yo7M8rh68AXPMEYaGCLRq7hXku83FaRIe7zuBhyM25qn2PZ97wUEPQEud
si9femS53l0OE4eINMrpCUqpMjQ+cRcVPXvNEanPLHAzvNm0+L9ABop85bAfR0dK
QTPhXo9r9OnhmsZWFIntQJgqM5AcirwCRCsksyNsCDUJ7moW5gunF994phoObZ+W
D/Hg9jFmf4m/E8jvnS2Ip6BJcaA3IfBtgfWN1el/0DM9qGqYrqdnPTeCcguiPZoV
BMPLtxUGy4AmHADkCXNslJxPzkUqk0GvbZWqLkVTp9uCHw+WiKbNEzDCq4hJO4Bs
ZVqQsH1M+gq0onUkUnDXgD/CbZjA88xH6zH2IjvQmFdcTOFzFzTsrITJ
=ME+3
-----END PGP SIGNATURE-----

--4vGkz1fZ.5XiMkIG0nnxfhpcRy8C.PaU--