[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Laziness?



Timothy C. May writes:
 > As for Nathan Loofbourrow's charge that this must mean I am lazy
 > and/or software-challenged, I suggest he try writing more posts for
 > this list and/or writing code. 

I'll address the last first: I meant to imply neither. I don't think
encrypting traffic from cypherpunks tomorrow would have the desired
effect. However, I'll gladly work towards the day when such a change
can be transparent to its readers.

 > I connect to the Net from my home Mac IIci or PowerBook 170 over a
 > 14.4 modem line to Netcom, an Internet service provider many of you
 > are familiar with. Once on Netcome, I have access to a wide range of
 > standard UNIX tools. However, I do NOT run PGP on these machines!

 > Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or
 > even "MailSafe" in rare circumstances) on my *home* machine, after first
 > downloading the mail with "Eudora 2.0," a nice off-line mail reader.
 > It still takes several steps, as most of you can imagine. 

 > I don't plan to start using PGP on insecure machines, even with a
 > shortened "UNIX-grade" key. Especially not for a mailing list, where
 > encryption is pointless (except to increase encrypted traffic a
 > bit).

I would like to see greater independence from the list. With the help
of anonymous mailing and forwarding services, and with the use of a
secure machine, I may be able to read and respond to the list without
ever betraying my participation. Why announce to the world that I read
cypherpunks if I don't have to?

 > Downloading and then decrypting 100 or more messages a day is not a
 > viable option, and such a move would cause me to unsubscribe from the
 > list rather quickly. (To clarify this: I read the list with "elm,"
 > when I am on Netcom doing other things as well, like reading NetNews,
 > and am thus able to delete about half of all messages before
 > eventually--every few days, typically--dowloading the whole batch.
 > Encrypted traffic would make this screening and immediate response
 > much more difficult.)

Your particular connectivity and the ease of reading mail on-line seem
to have conspired to make decryption (as well as offline reading and
archiving!) quite onerous. If you lack a secure, connected machine at
the office, and have no IP (or UUCP!) service at home, I think you're
at a strong disadvantage towards reading any encrypted traffic at all.
Is there no means for you to automate offline mail reading?

The user with a 300 baud modem and a VT100 terminal at home should not
expect to be practicing secure encryption. Any better-equipped user
has the hardware needed to encrypt and decrypt securely -- they just
haven't written the software.

 > If Nathan is running PGP on a multi-user system, such as campus
 > machines at Ohio State, he is likely deluding himself about actual
 > security. Others at the site may already have his private key and
 > passphrase captured. If he is running PGP on his own private machine,
 > with good Net connectivity, congratulations. Most of us--I think it's
 > safe to say--don't have these options. Many are reading from
 > university accounts, from commercial services like CompuServe, and
 > even from multiple services (depending on location). Not running PGP
 > on each and every message doesn't mean we're lazy--it means we've got
 > better things to do with our time.

Point taken; but if you receive unencrypted mail on a multi-user
system, you're likely deluding yourself about its security as well. I
am motivated to provide the list to anyone that wants it without
advertising your subscription (and its traffic) to your service
provider. Anonymous posting, meet anonymous subscribers.

I can think of several reasons why cypherpunks would not be the only
list for which encrypted traffic might be desired.

 > Sorry to sound harsh, but calling us lazy and software-challenged is
 > not addressing the real issues.

"Indeed."

I hadn't intended this to be taken as name calling. Really.

nathan