I agree that under-the-hood encryption is becoming more and
more prevalent, and that it generally improves security. Also,
the widespread use of encryption technology helps protect
cryptorights in general as important to the public good.
The fundamental problem with "under-the-hood" is that the user
is not required to have any understanding of the process.
Furthermore encryption technology is often also authentication
technology.
This includes transparently sending S/MIME documents (encrypted
and/or signed) as a default without requiring additional user
intervention. In many places this results in legally binding
documents. Furthermore, anyone with access to a system can
send legally binding e-mail documents on the user's behalf.
Both legally-binding and authentication technology should not
be completely transparent. Even "EULA's" require
user-intervention. Digitally signed messages should require
user-intervention.
--- Lucky Green
I indeed consider passive encryption methods alone to be typically insufficient for some of my personal security needs
and am continuing to utilize encryption that requires me as the user to make that trust decision. But that does not mean that no security benefits are to be had from opportunistic encryption of Internet traffic. ... How does the increased use of strong crypto under-the-hood help Cypherpunks? The answer reminds me of the response another Cypherpunk gave to my posting statistics about the nature of the USENET traffic seen by a major node. I expressed surprise at these rather revealing statistics, musing that there had to be a lesson to be learned from the fact that the bulk of the data is generated in newsgroups that one would not initially consider mainstream. His response was illuminating: "Yes, the lesson is: just look at all that cover traffic".
--Lucky
===== end Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com