E-Mail Encryption: Why Isn't Everyone Doing It?

Shawn K. Quinn skquinn@speakeasy.net
Thu Oct 24 17:54:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday October 24 2002 01:24, Anthony E. Greene wrote:
> On 23-Oct-2002/17:48 +0100, Graham <graham.todd@ntlworld.com> wrote:
> >Surely its not beyond the expertise of those who produce such a
> >brilliant program an GnuPG to provide a GUI interface through which
> > ALL commands can be given and which (in Linux anyway) can be used
> > as a stand alone program to encrypt or sign emails even in MUAs
> > without GPG integration?
>
> Have you taken a look at the GnuPG manual lately? GnuPG can do lots
> of things that PGP cannot do. There is no way to reproduce all those
> options in a GUI and still have an easy to use interface. In the last
> 24 hours two options were added in reponse to a user with a lost
> public key. If that kind of responsiveness had to be put on hold
> because it would take too long to put it into an GUI, then GnuPG
> would not be as good as it is.

I feel there does need to be some GUI version of GnuPG that is not just=20
a front end to the CLI version. As much as I dislike it having only a=20
CLI program will probably hinder widespread adaptability of at least=20
our flavor of OpenPGP-compatible encryption.

> In any case, the features you are referring to will not be used by
> 90%+ of users. They will not care about trust values or key
> management. They won't know anything about their keyrings and won't
> care. Nor should they.

They should not care about trust values or key management? Really? Why=20
not? You mean they should trust a key randomly placed on the net by=20
some schmuck? That defeats the security of the whole system, leaving=20
one wide open to things like man in the middle attacks!

> This stuff does not need a good interface. It needs to drop out of=20
> sight. It needs to become as transparent and automatic as SSL.

No, it doesn't. It needs to be there so the users can tell the software=20
who they trust.

> People don't care about the interface for managing SSL keys and certs

Maybe most don't, because the CAs are supposed to be people the average=20
user can trust. In fact, if one does not trust a particular CA it is=20
rather painful to configure the software not to trust it; this is what=20
I consider to be a design flaw in the SSL system. This is why one can=20
go to a particular CA and get a certificate for Microsoft Corp. and =20
sooner or later catch someone napping who actually gives one.

> and they shouldn't have to care about the interface for managing
> OpenPGP keys and certs.=20

The trust model is completely different. OpenPGP is based on=20
user-defined trust, i.e., telling the software which keys you feel are=20
trustworthy. The users *should* have to care, because most of the=20
security provided by the system comes from the trust database.

- --=20
Shawn K. Quinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)

iD8DBQE9uBdqQVXDBVmaIp0RAtlTAJ0X41TY8nbt+JMhvTwl+ElvLS2RBgCfRWnx
EVBdT+Ih+ZCfRONqLAIw8ro=3D
=3DJ3nW
-----END PGP SIGNATURE-----