Point of view regarding LISA 2002

Adam Shostack adam@homeport.org
Sat Sep 28 18:09:02 2002 

On Sat, Sep 28, 2002 at 05:22:56PM +0200, Alexandre Dulaunoy wrote:
| 
| I have seen that :
| 
| "The Promise of Privacy
| 
| Len Sassaman, Consultant
| 
| More than ten years have passed since the release of the controversial
| encryption program  PGP, which  proclaimed itself "encryption  for the
| masses".  In this  presentation,  I  will discuss  how  PGP and  other
| privacy-enhancing technologies  have failed  in their mission.  I will
| examine   the   different   problems  that   companies,   governments,
| implementers,  and individuals  face  when attempting  to harness  the
| benefits of  privacy-enhancing technologies, using PGP  as the primary
| example of these failures. 
| 
| Among  the  issues:  the  importance of  usability,  reliability,  and
| interoperability,  the  role of  government  interference, and  public
| misconceptions." 
| http://www.usenix.org/events/lisa02/tech/techonefile.html
| 
| Did you know the presentation ? the speaker ? 
| 
| I  don't think  that  GnuPG have  failed  in their  mission. GnuPG  is
| usable,   there   is   more   and  more   user-interface   integration
| with GnuPG/OpenPGP and the use is increasing quite well. (Just see the
| message signing in mailing-list and so on...) 
| 
| What is  your opinion about  that ? or  just another hype  summary for
| a talk ? 

I don't mean to disparage GPG here; it has improved greatly.

However, there remain enourmous usability issues with PGP; much of what was
written in "Why Johnny Can't Encrypt" remains true.

Getting agreement between the different mail formats (mutt's use of
Mime encoding and 'traditional' encoding) remains a problem.

IDEA and CAST remain as problems.

Does your mother use PGP?  Mine sure doesn't, despite being willing to
try, it remains too hard.

Now, are these GPG's fault?  In most cases, no, they're not.  But
they're problems that we need to address to get say, 10% of the email
on the net to be encrypted.  And if thats a goal, then we need to
examine the things that are preventing us from hitting it.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume