Tim May wrote:
For example, receiving or sending text with PGP (of an early-enough vintage, or one which has been vetted extensively). Using clipboards, for example.
This works for text, sending and receiving, and has the advantage that the crypto program is orthogonal to the browser, mail client, whatever.
It works best for text, not so well for browsing, temporary connections, etc. (Though the basic idea is still valid, just much more complex to make work.)
Most important "encrypted messages" fit this model of a browser/mailer transmitting _generalized text_, with a crypto program then turning this generalized text into something else.
Regrettably, and as I predicted at several Cypherpunks meetings in '93 or so, the effect of "integrating crypto into apps" is to make analysis of the algorithms and possible trapdoors much more problematic.
(I argued in '93-94 that the then-mania for "integrating crypto into PINE and Eudora" was misdirected, for reasons related to the above points.)
Both Eudora, and (IIRC) pine *DO* use external applications for encryption/decryption/verification--or at least use "plugins" (in the case of Eudora) where the cryto functions are isolated.
This has nothing whatsoever to do with "everyone rolling their own." Quite the opposite, in fact.
-- A quote from Petro's Archives: ********************************************** Sometimes it is said that man can not be trusted with the government of himself. Can he, then, be trusted with the government of others? Or have we found angels in the forms of kings to govern him? Let history answer this question. -- Thomas Jefferson, 1st Inaugural