Encouraging email security.

Yenot yenot@sec.to
Wed May 21 14:19:34 2003

Hash: SHA1

On Sunday 18 May 2003 08:06 am, David Picon Alvarez wrote:
> I don't think it's a question of UI any more, I
> think it's a question of needs and threat models. If you don't need
> something and it carries a cost you're not likely to use it.
> Perhaps the only way to get people to use encryption is to have a
> so-called "zero-UI solution" but even so, unless it would come
> incorporated in the MUA, I don't see people bothering to install
> it.

That's the wrong attitude. Cost is the problem -- clever UI is the 
solution! The lower the cost of encryption (workload and monetary 
costs), the more people will use it.  I've followed PGP for many 
years, and I'm more optimistic about it now than ever before.  Secure 
e-mail *can* be reborn.

The reason: A new class of *free*, full featured, e-mail clients with 
fully integrated OpenPGP support *has* appeared.  These OpenPGP 
enabled clients do not require expensive S/MIME certificates and 
their implementations are interoperable.  (Certificate cost being the 
dead-birth of S/MIME and interoperability being a major holdback for 
both S/MIME and OpenPGP in the past.)

If we can lower the cost of key distribution and authentication via 
innovative software design, rebirth of OpenPGP *can* happen.  Thanks 
to KMail and the latest commercial PGP, I am sending more encrypted 
e-mail than ever before! 

I'm borderline paranoid.  I've had my e-mail read numerous times and 
I've read others mail (by orders from superiors no less). Even for a 
user like myself, OpenPGP was nothing but a toy until KMail came to 
my rescue.  For me, KMail removed the pain of encrypted e-mail. But 
even now the cost is too high, we need to lower it further.

 - Yenot
Version: GnuPG v1.2.2 (GNU/Linux)