(I've changed the subject line to something much shorter than the 2 lines+ of the previous subject line. And hopefully more germane to my point.) Nathan Loofbourrow writes:
Ah - so provide an unencrypted list for the software-challenged and the merely lazy.
The incentive for using the encrypted list, then? Simple -- 1. Increasing ones personal encrypted-to-unencrypted ratio and 2. The old chestnut -- delay the unencrypted list 24 hours. ... I believe it's traditional to reply "Indeed."
Indeed---NOT! I don't consider myself especially "lazy" when it comes to this list, nor do I consider myself "software-challenged." I connect to the Net from my home Mac IIci or PowerBook 170 over a 14.4 modem line to Netcom, an Internet service provider many of you are familiar with. Once on Netcome, I have access to a wide range of standard UNIX tools. However, I do NOT run PGP on these machines! Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or even "MailSafe" in rare circumstances) on my *home* machine, after first downloading the mail with "Eudora 2.0," a nice off-line mail reader. It still takes several steps, as most of you can imagine. I don't plan to start using PGP on insecure machines, even with a shortened "UNIX-grade" key. Especially not for a mailing list, where encryption is pointless (except to increase encrypted traffic a bit). Downloading and then decrypting 100 or more messages a day is not a viable option, and such a move would cause me to unsubscribe from the list rather quickly. (To clarify this: I read the list with "elm," when I am on Netcom doing other things as well, like reading NetNews, and am thus able to delete about half of all messages before eventually--every few days, typically--dowloading the whole batch. Encrypted traffic would make this screening and immediate response much more difficult.) If Nathan is running PGP on a multi-user system, such as campus machines at Ohio State, he is likely deluding himself about actual security. Others at the site may already have his private key and passphrase captured. If he is running PGP on his own private machine, with good Net connectivity, congratulations. Most of us--I think it's safe to say--don't have these options. Many are reading from university accounts, from commercial services like CompuServe, and even from multiple services (depending on location). Not running PGP on each and every message doesn't mean we're lazy--it means we've got better things to do with our time. As for Nathan Loofbourrow's charge that this must mean I am lazy and/or software-challenged, I suggest he try writing more posts for this list and/or writing code. Sorry to sound harsh, but calling us lazy and software-challenged is not addressing the real issues. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."