[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crypto APIs Considered Harmful



At 11:06 6/3/96, Timothy C. May wrote:

>So long as ASCII (or Unicode, increasingly) message blocks can be handled
>by a variety of editors, mailers, news programs, browsers, etc., it will be
>impossible to stop users from using crypto on these blocks.

I agree. But it really doesn't matter. The goal of the governments is not
to stop people that are willing to operate a crypto program on blocks of
text. That goal would be impossible to achieve. The goal of the governments
is to ensure that once Joe Sixpack clicks "Encrypt Mail" in Netscape or MS
Mail, the resulting cyphertext can still be read, though not by Joe
himself. It is *because* PGP operated on blocks of text and did not provide
a decent API that Joe (and even Tim May) are still not encrypting the bulk
of their email.

PGP isn't being used, because it lacks the API. S/MIME doesn't lack the API
and is therefore being supported by all the major players.

>But if crypto is tied to specific browsers, mailers, etc., this gives the
>NSA and ITAR office a way to impose limits.

Crypto should not be tied to specific browsers and mailers. Nor should it
be tied to a specific program such as PGP. That's why hooks and APIs are
crucial to gaining market acceptance.

[...]
>Obvious points. But in light of all the recent moves to limit deployment of
>crypto by limiting the "crypto API" approaches, it's useful to remember
>that for most applications, the message payload is perfectly suited for
>carrying digital signatures, encrypted blocks, etc.
>
>They can't stop the messages, can they?

Of course not. Nor do they want to. A little leakage around the edges is
fine, as long as the masses don't adopt strong crypto. And that is a given,
thanks to PGP's lack of modularity.

I am not just slamming PGP. It is not the only CP "friendly" software that
was implemented in an outdated, application-centric way. This was fine some
four years ago, when people were still using DA/Font Mover to install fonts
on their Mac, but it isn't today.

Today's realities of software development and customer expectations require
that secondary functionality (in this example, sending and receiving mail
is the primary functionality) such as encryption, message encoding, etc.
are completely transparent and fully integrate in the software that
provides the primary functionality. How many of you are still using
UUencode (the stand-alone program) when emailing someone a binary file? How
many of you are using the "Attach File" button in your mailer? How many
more people are sending binary files via email now that you can click
"Attach File" than did back when you had to use UUencode? I rest my case.


Disclaimer: My opinions are my own, not those of my employer.

-- Lucky Green <mailto:[email protected]>
   PGP encrypted mail preferred.