Encouraging email security.

tk tony.kwok@3web.net
Sun May 18 04:18:01 2003


Daniel Carrera wrote:
> I was thinking about how most people have no understanding 
 > or interest in email security.  OpenPGP is hard enough to
 > understand and use...

Absolutely! (The only thing I'd venture to correct in
the above post is the 'interest' part: they *have* the
interest, but it's - for the vast majority - simply to
hard to do...) I'd bet dollars to donuts that therefore
the proportion of encrypted email is actually dropping,
an extremely undesirable trend (for many obvious reasons).
*Something* ought to be done.

 From my observation of "real users", the hardest part is
not at all remembering (and typing) the password/phrase,
it's the understanding of the concept of web-of-trust,
dealing with the wrinkled interface to it and suffereing
constant error conditions that it generates (quick survey
of this list's archive should convince anyone).
Additionally, most "real users" I've seen have real desire
(and thus real motivation!) to keep ther messages from
unauthorized inspection, but they only rearly require
message signatures - i.e., evasdropping is a common
problem, impersonation simply isn't.

Large proportion of e-mail users communicate mostly
in their own "small-world" communities and they have
absolutely no problem whatsoever exchanging, authenticating,
revoking, etc. their public keys. It is also most likely
that communication with fellow members of such communities
will need to be protected (as opposed to the communication
with strangers). I would thus suggest that a simplified
GPG version (GPG-lite?) should be constructed and deployed,
where the system does not even attempt to assist (let alone
control) the dissemanation, authentication and revocation
of public keys. The security of such system would remain
as strong as the "real thing", provided that the key is
exchanged in person (its finger verified over phone,
printed on a business card etc. etc.). Also, while at it,
I would strongly suggest "one-key-one-file" (text, base64
encoded) instead of the opaque and hard to understand
and deal with "keyrings".

As suggested by the original poster, pre-selected,
unchangable ciphers and key-widths are an obvious necessity.

For those who need it (and are prepared to learn how to
properly use it), "full" GPG would alway be there.

(just my .02...)
tk