Encouraging email security.
Sun May 18 05:29:02 2003
Content-Type: text/plain; charset=us-ascii
> Absolutely! (The only thing I'd venture to correct in
> the above post is the 'interest' part: they *have* the
> interest, but it's - for the vast majority - simply to
> hard to do...)
I hope you're right about the interest part.
> From my observation of "real users", the hardest part is
> not at all remembering (and typing) the password/phrase,
> it's the understanding of the concept of web-of-trust,
Definitelly, I only have a partial understanding myself.
> Large proportion of e-mail users communicate mostly
> in their own "small-world" communities and they have
> absolutely no problem whatsoever exchanging, authenticating,
> revoking, etc. their public keys. It is also most likely
> that communication with fellow members of such communities
> will need to be protected (as opposed to the communication
> with strangers). I would thus suggest that a simplified
> GPG version (GPG-lite?) should be constructed and deployed,
> where the system does not even attempt to assist (let alone
> control) the dissemanation, authentication and revocation
> of public keys. The security of such system would remain
> as strong as the "real thing", provided that the key is
> exchanged in person (its finger verified over phone,
> printed on a business card etc. etc.). Also, while at it,
> I would strongly suggest "one-key-one-file" (text, base64
> encoded) instead of the opaque and hard to understand
> and deal with "keyrings".
How about we just drop the concept of web-of-trust entirely?
Ofcourse, it'll still exist. I mean, make it so that people can use GPG=20
without ever hearing the concept.
We can make OpenPGP really simple by having people only swap key IDs, and=
making it look similar to Instant Messaging. Just as people casually ask=
"what's your IM?", they could ask "what's your PGP?". To that, your=20
friend would give you the key ID. They don't even need to know that the=20
ID is only an identifyier for the actual key.
If impersonation is not a huge problem, the fact that you are getting the=
key ID from someone you know will be authentication enough.
When you go home, just type-in the "PGP" your friend gave you, and you're=
done. From then on, whenever you email that address the mail will be=20
encrypted. We can improve authentication while making it look "cool":
When you type the Key ID the software automatically shows you the JPEG=20
photo of the owner.
To further facilitate key exchange, the mail client could:
- Always send signed messages.
- Have a button to download the key ID whenever it gets a signed
This will cause a natural tendency for the GPG usage to rise.
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
-----END PGP SIGNATURE-----