On Wed, 21 Dec 1994 bshantz@spry.com wrote:
It is my own personal opinion that in order for crypto to truly become mainframe, the software manufacturers of internet connectivity packages must integrate crypto into the applications. Look at the past threads here on Cypherpunks..."How do I write a script to put PGP into ELM?" "PGP DLL modularity" etc.
That's true to some extent. I'd love to be able to have every message I want signed and encrypted from PINE automagically. I could implement this by requiring keystrokes at the editor level. But that isn't the entire issue... On the issue of signing, there is another question. Do I really want to sign every message? I don't like signing my written name anywhere I don't have to. And whenever I do, I am careful to look at all the potential consequences. Signatures imply I am agreeing to some kind of contract. Perhaps I prefer my email unsigned, to give me a level of disputability. If my email was a business contract, then I'd be enthusiastic about signing it. But for a post to a political newsgroup, for instance, perhaps I don't want to make sure everybody can cryptographically assure themselves it comes from me. This leaves me open to potential forgery, but email forgery is well known and understood. Finally is physical security of keys. If I am going to sign anything, I want that key to be under control of only me. It is difficult for someone like me who uses workstations to keep a key only on floppy, especially as I find myself on different workstations, many diskless, all the time. -Thomas