Encouraging email security.

David Picon Alvarez eleuteri@myrealbox.com
Sun May 18 06:13:03 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quoting from an e-mail I got from a real user(tm):
"but what is there to be encrypted? fine if we were doing something
critical"

This is the most often encountered reaction to digital signatures I get from
my friends, some of which are quite computer-literate yet not willing to go
through the trouble of encrypting and signing e-mail. Simply, I think it's
time to admit people in general don't care whether an obscure sysadmin
somewhere can read their mail. Most people sign acceptable use policies that
give sysadmins powers to monitor all of their traffic, and yet it is also
true that most often sysadmins seemt to be either honest or careful. The
OpenPGP threat model is not appropriate for most people, and expecting to
make people fit into it is not very productive. I used to think along the
same lines, but now I just think it's useless to try to convince people to
use crypto. Today's interfaces (gpgrelay for example) are incredibly easy to
use, and their is PGP which AFAIK has a polished UI. I don't think it's a
question of UI any more, I think it's a question of needs and threat models.
If you don't need something and it carries a cost you're not likely to use
it. Perhaps the only way to get people to use encryption is to have a
so-called "zero-UI solution" but even so, unless it would come incorporated
in the MUA, I don't see people bothering to install it.

- --David.

-----BEGIN PGP SIGNATURE-----
Comment: This message is digitally signed and can be verified for authenticity.

iQIVAwUBPscHZKYOp7uFKb/EAQJGDg/9GE8yDvMVU4cqikip+Ytdwq/mvDV7QX+d
+jNmhZDpkFGxuFmNlrQR7E6xbCrZ6DXU1YrHpF3rRMic2rnk36Z8B0Ygaj1iXJYk
w+A0BZWl3j1Jc8l7eZ+MxC6Dnb7+8D6kr/Ut0ma1aEH9wnNV9Dftnskq7vN3H/T/
IP08NI8KVbyMgY10j9tVBwdAdCicwCKijXyAdTr2PAgnZfssafgXdVp8mPRB9gLX
ZRNCc1SnBuwVw/6WJGok/VmRRut9hp/kOiLPN8JQxqm9QgbADKQ/SeAIaYfbLsWA
+A/aCbO/etuR3gy4OIDX2YjLDMzMiA2JjkErhDV4ChQOH9tVKzYjwGjsdvVbgOlg
mCaQ99tlHRBXyTalJ1k9vzcMY7LXVN+FFCa2OKrETKFRqJDaUek2/SLsbUFSSrPb
16C2xtm8EMPiW17X+bzkFX10e3Gfvvs1s4wigGZLYrFXPb7zNRtI9ogeOtH5fAUz
hUhpy12+miqB/hIIuKLP8hDAY0zYf1Mw/KMv/LdQmSMK8g9i4aFcsoY7tBp85kGw
zdhmlavhSrQBfNgPYdKsNw07VrhkE3QRyw2nkQgim9DfRNnKRuudupQ0XIsUkKoo
GY2MytHgSXoPhbNm1Vy9Mej4clhdmODt4wkWiZtxs+msRvcr1XJUHGec8Vmf70UH
EmE6PYgH34g=
=DODh
-----END PGP SIGNATURE-----