[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using PGP on Insecure Machines

To: [email protected]
Subject: Re: Using PGP on Insecure Machines
From: [email protected]
Date: Thu, 25 Aug 94 18:30:31 BST
Reply-To: [email protected]
Sender: [email protected]

James Hightower writes:

> Which brings me to the question; "What ARE people using, and what are
> they GOING to use?" Can anyone point me to a survey of the most used

> Consumer will be using so that we can be there with strong, usable
  ^^^^^^^^
    Who?

> crypto when he gets there.
                      ^^^^^
                      Where?

Or less tersely, which users of messaging are you interested in providing
crypto for? 

Apart from the Defence sector, there seem to be three main 
communities:

1 "Formal" inter-business electronic messaging using commercial
  value-added networks (VANs) - which are perceived as secure - and
  associated user agent software (which varies greatly). About fifty
  thousand North American companies are "there" already (for EDI,
  and at a cost). Leakage (due to high VAN costs) of formal
  messaging business from VANs onto the insecure Internet is not yet
  significant - although CommerceNet will doubtless fix that.

2 Intra-organisation nessaging based on LAN or corporate workflow and
  email systems. This has built both bottom-up and downwards (e.g. from
  PROFS or equivalent). The prevalent software is diverse, proprietary and
  volume. I don't have total market figures to hand, but as an example, the
  11JUL94 Government Computer News ranks MS Mail (Windows 3), cc:Mail
  (Windows), cc:Mail(DOS), MS Mail (PC Networks), and WordPerfect Office
  as the most preferred e-mail packages amongst Federal users. I would
  expect a similar list in most commercial email-enabled organisations
  (with the addition of Lotus Notes). Varying security facilities are 
  bundled within these packages already.

3 The "informal messaging" sector (including most Internet traffic).
  The associated software is more diverse and "open", but its users
  have a marginal and/or occasional need for end-to-end / message-transfer
  security.

Note: for both 1 and 2, an "insecure machine" (i.e.: with administrative 
intrusion potential into an individual's messaging security) is more likely
a requirement than a problem for medium/large corporations - as management
supervision and control over information assets need to be possible.

--

Tim May writes:

> I had assumed the poll was of *us*, which is both a manageable poll to
> take, and a useful one.

What would be done with the results?

---

James A. Donald says:

> High Tech industry has considerable experience with surveys of
> consumers for nonexistent products.
> 
> Such surveys are useless at best, and dangerous at worst.

On the other hand, how else do you find out whether a sufficiently
serious market exists to warrant investment in developing / productising
a technology ?

- pvm

Prev by Date: Re: Nuclear Weapons Material
Next by Date: Re: Is pay-per authentication possible absent trust?
Prev by thread: Re: Is pay-per authentication possible absent trust?
Next by thread: Re: Using PGP on Insecure Machines
Index(es):
- Date
- Thread