[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More private PGP...?



>One of the things I've noticed about PGP is that it makes it pretty
>obvious that you're sending an encrypted message.  [...]  Sending
>encrypted messages may call unwelcome attention to yourself.

First, let me get on record as saying that Hal's "innocent mode" is a
good idea that should be implemented.

But it's not really a good long-term solution from a social point of
view.  Encrypted traffic should become the norm, not the exception.
Flagging that you're sending encrypted traffic should be encouraged.
When questioned about this, people should respond in shocked tones
"What do mean?  Aren't you encrypting _your_ email?" and then proceed
to suppress gentle laughter at them when they say no.

When it's cool to encrypt, only the uncool will be plain.

So, then, more peer pressure!  Consider someone asking you about your
encrypted mail to be an opportunity to start a conversation about
their position on personal privacy.  When your sysadmin asks why your
mail can't be read, tell him you are defending your privacy and ask if
there is any problem with that.  Then, when the sysadmin puts in a
filter for PGP traffic, use innocent mode.

>Another thing that I think is kind of bad about PGP in the context
>of avoiding traffic analysis is that it puts the key ID of the
>destination person in the header.  

Absolutely.  Ditto for signatures.  Both should be able to be
selectively removed.  In any case, it should be possible to have
nothing appear on the outer envelope.

Another feature for PGP would be automatic message padding.  To
properly do a mix you need to quantize the message lengths.  If PGP
were to automatically pad with random data, it would save a lot of
integration work for the mix.  PGP already has a random number
generator, after all.

Eric