[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Strategies for getting encryption in widespread use QUICKLY
In message Sat, 12 Feb 1994 13:00:55 -0800,
Peter shipley <[email protected]> writes:
> This is why I email this list to encourage the use of MIME email headers
> with a MIME mailer (elm, pine, mh, Zmail etc..) when a person
> receives email, the mailer agent will invoke pgp automaticly
> thus reading encrypted email is a user transparent process.
Clearly MIME is a step in the right direction. And clearly MIME is steg
friendly, who can tell a MIME encoded PGP message from a MIME encoded
GIF file without looking at character frequencies, etc. (You _know_ that
I'm going to lie about the MIME-Content-Type flag :-)
But I haven't yet found a Windows PC client that will work without TCP/IP.
Maybe I haven't looked hard enuff. Since 85% of all computers are shipped
with Windows, "widespread use" means Windows (or Windoze for the cynics).
I also don't know why the network vendors charge so much more for SLIP
and/or PPP, but until IP is as cheap as async, there is a need for lower
technology solutions.
There are also some design questions that have to be addressed on the
human interface side. For example, some folks strongly prefered not to
receive encrypted mail, because they didn't work in an PGP friendly
environment. So you need to have a client that is smart enuff to
automatically encrypt to folks who control machines on the net, and not
encrypt by default to folks using unsecure delivery such as netcom.com's
vt100 based users. And you need a nice way to override the default. Clearly
this information goes in the roledex that you keep with your client
software. I mention it only so that folks realize that the simple
publication of a PGP or RIPEM key does not indicate that a user is ready to
receive all email encrypted.
Solving these problems is exactly why we write code.
Pat
Pat Farrell Grad Student [email protected]
Department of Computer Science George Mason University, Fairfax, VA
Public key availble via finger #include <standard.disclaimer>