Encouraging email security.

tk tony.kwok@3web.net
Sun May 18 22:20:02 2003

>>I do not know how to get around this cultural gap...
> Its not so much a cultural gap, as computer illiteracy.

I believe this to be an extremely important point, as it determines
what (if anything) is worth undertaking. I subscribe to the
"cultural gap" school. Stated simply, those that have no interest
in keeping their mail private now will not change their mind
anytime soon. But there is (from my observation) a significant pool
of those that would like to keep it private, but find it simply to
be beyond practical for them to do so. And it is wrong (if not
outright arogant) to conisider them stupid or lazy. Their
cost/benefit point of ballance is simply not met by the current
crop of public key systems. The solution is not a more automated
force-feeding of the same complex system onto unwilling and
unprepared, the solution is a simpler, easier to use and understand
public key encryption program, targeting an entirely diferent
cost/benefit point of ballance.

In a very rough form, the salient characteristics of such
program would IMHO be:

Only encryption/decryption, no message signing/authentication.

No cipher/key width choice.

No control of public key exchange and authentication.
Public keys are simply computer files, passed around as one
would pass around (for instance) his digital photos.

Medium (instead of computer) resident, no installation,

Cross-platform command-line 'base' and Linux AND Win32
GUI front ends, independent of any mail clients.

No attempt of protection from attacks involving
network-compromised or multi-user computer.

Ascii text only, for both plaintext and ciphertext.

Autonomous operation. (i.e. fully operational without
the need for any network connection or resource
(key directoies/servers etc.)

Functions that a user of such program would be able to
perform would be limited to 4 (four):

1) Generate key-pair.

2) Generate and display human-readable key hash.

3) Encrypt text.

4) Decrypt text.

(and absolutely, ABSOLUTELY, nothing else... :)

PS. Let's also decide to give up on this "false sense
of security" admonition. There is no absolute security anyways,
and if the risks are explained in simple, understandable words
to the user - he or she is the best one to decide on what is
adequate and what is not. For those that need more security,
and are prepared to invest time and effort, there is no
shotrage of good choices. All that this program would
reasonable ensure, is that the messages captured in transit
will not be readable any easier than current-variety GPG
message. If anybody asked me what to do to be more secure,
I would seriously propose to run this same program on an
air-gapped laptop that is never left unattended, before I
would suggest anything else. Networked computer just should
not be trusted...