[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Laziness?
Timothy C. May writes:
> As for Nathan Loofbourrow's charge that this must mean I am lazy
> and/or software-challenged, I suggest he try writing more posts for
> this list and/or writing code.
I'll address the last first: I meant to imply neither. I don't think
encrypting traffic from cypherpunks tomorrow would have the desired
effect. However, I'll gladly work towards the day when such a change
can be transparent to its readers.
> I connect to the Net from my home Mac IIci or PowerBook 170 over a
> 14.4 modem line to Netcom, an Internet service provider many of you
> are familiar with. Once on Netcome, I have access to a wide range of
> standard UNIX tools. However, I do NOT run PGP on these machines!
> Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or
> even "MailSafe" in rare circumstances) on my *home* machine, after first
> downloading the mail with "Eudora 2.0," a nice off-line mail reader.
> It still takes several steps, as most of you can imagine.
> I don't plan to start using PGP on insecure machines, even with a
> shortened "UNIX-grade" key. Especially not for a mailing list, where
> encryption is pointless (except to increase encrypted traffic a
> bit).
I would like to see greater independence from the list. With the help
of anonymous mailing and forwarding services, and with the use of a
secure machine, I may be able to read and respond to the list without
ever betraying my participation. Why announce to the world that I read
cypherpunks if I don't have to?
> Downloading and then decrypting 100 or more messages a day is not a
> viable option, and such a move would cause me to unsubscribe from the
> list rather quickly. (To clarify this: I read the list with "elm,"
> when I am on Netcom doing other things as well, like reading NetNews,
> and am thus able to delete about half of all messages before
> eventually--every few days, typically--dowloading the whole batch.
> Encrypted traffic would make this screening and immediate response
> much more difficult.)
Your particular connectivity and the ease of reading mail on-line seem
to have conspired to make decryption (as well as offline reading and
archiving!) quite onerous. If you lack a secure, connected machine at
the office, and have no IP (or UUCP!) service at home, I think you're
at a strong disadvantage towards reading any encrypted traffic at all.
Is there no means for you to automate offline mail reading?
The user with a 300 baud modem and a VT100 terminal at home should not
expect to be practicing secure encryption. Any better-equipped user
has the hardware needed to encrypt and decrypt securely -- they just
haven't written the software.
> If Nathan is running PGP on a multi-user system, such as campus
> machines at Ohio State, he is likely deluding himself about actual
> security. Others at the site may already have his private key and
> passphrase captured. If he is running PGP on his own private machine,
> with good Net connectivity, congratulations. Most of us--I think it's
> safe to say--don't have these options. Many are reading from
> university accounts, from commercial services like CompuServe, and
> even from multiple services (depending on location). Not running PGP
> on each and every message doesn't mean we're lazy--it means we've got
> better things to do with our time.
Point taken; but if you receive unencrypted mail on a multi-user
system, you're likely deluding yourself about its security as well. I
am motivated to provide the list to anyone that wants it without
advertising your subscription (and its traffic) to your service
provider. Anonymous posting, meet anonymous subscribers.
I can think of several reasons why cypherpunks would not be the only
list for which encrypted traffic might be desired.
> Sorry to sound harsh, but calling us lazy and software-challenged is
> not addressing the real issues.
"Indeed."
I hadn't intended this to be taken as name calling. Really.
nathan