[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PGP in Eudora and other mail programs
At 11:54 AM 1/25/96 -0800, you wrote:
>At 2:13 PM 1/25/96, Clay Olbon II wrote:
>
>>Seriously, this just illustrates the idiocy of banning "hooks" in software.
>>How does one define a "hook"? Just providing source code could be defined
>>as providing a hook, since a good programmer could then modify it to do
>>crypto. Also, how about the various kits and tools used to integrate pgp
>>with pine, eudora, etc -- are these not "hooks"?
>
>And yet how many of these programs actually can transparently
>(automatically, push-button, etc.) support PGP? I've been a user of Eudora
>for several years, and have pressed for PGP hooks. The company, Qualcomm,
>once told me it was on their list of things to do, but....
>
>A few years later, still no PGP-in-Eudora. One would think that this would
>be a powerful way of distinguishing their product from other mail packages.
>
>(I understand from this list that Eudora for Windows is now doing this much
>more automatically, that someone has a PGP-in-Eudora package. I don't think
>it was from Qualcomm, but I could be wrong. As a Macintosh version user,
>I'm hoping this comes to the Mac version as well.)
I think what is going to happen is that Qualcomm will choose S/MIME
instead of PGP, since they are one of the companies listed as jumping on the
band wagon.
S/MIME scares me since I believe it to (normally) use weak encryption.
It is gaining in popularity and hype and might be just the product to lull
mass amounts of users into using weak crypto (read government readable).
Microsoft, Banyan, ConnectSoft, Frontier Technologies, Network Computing
Devices, FTP Software, Wollongong, SecureWare Lotus, and others are on the
band wagon as well.
From section 2.2 of the S/MIME Implementation Guide published by RSA
"... U.S. software manufactures have been compelled to incorporate an
"exportable" content encryption algorithm in order to create a widely
exportable versions of their product. "
"... For outgoing messages, RC2 CBC at 40 bits is the recommended default.
stronger content encryption is strongly recommended where there is some
mechanism to indicate that the intended recipient(s) can support it.
Even though S/MIME allows for any bulk encryption scheme to be used, all
I ever see advertised is DES. Most companies, including Qualcomm who depend
on government agencies to give them licenses (like FCC dudes), will bend
like a reed in the wind when under pressure. Follow the money.
... __o
.. -\<,
[email protected] ...(*)/(*). CI$: 76340.2422
http://bordeaux.sandiegoca.attgis.com/
PGP Pub Key fingerprint = A8 FA 55 92 23 20 72 69 52 AB 64 CC C7 D9 4F CA
Avail on Pub Key server.