Timothy C. May writes:
As for Nathan Loofbourrow's charge that this must mean I am lazy and/or software-challenged, I suggest he try writing more posts for this list and/or writing code.
I'll address the last first: I meant to imply neither. I don't think encrypting traffic from cypherpunks tomorrow would have the desired effect. However, I'll gladly work towards the day when such a change can be transparent to its readers.
I connect to the Net from my home Mac IIci or PowerBook 170 over a 14.4 modem line to Netcom, an Internet service provider many of you are familiar with. Once on Netcome, I have access to a wide range of standard UNIX tools. However, I do NOT run PGP on these machines!
Rather, I run MacPGP (or PGP on my DOS machines, in emergencies, or even "MailSafe" in rare circumstances) on my *home* machine, after first downloading the mail with "Eudora 2.0," a nice off-line mail reader. It still takes several steps, as most of you can imagine.
I don't plan to start using PGP on insecure machines, even with a shortened "UNIX-grade" key. Especially not for a mailing list, where encryption is pointless (except to increase encrypted traffic a bit).
I would like to see greater independence from the list. With the help of anonymous mailing and forwarding services, and with the use of a secure machine, I may be able to read and respond to the list without ever betraying my participation. Why announce to the world that I read cypherpunks if I don't have to?
Downloading and then decrypting 100 or more messages a day is not a viable option, and such a move would cause me to unsubscribe from the list rather quickly. (To clarify this: I read the list with "elm," when I am on Netcom doing other things as well, like reading NetNews, and am thus able to delete about half of all messages before eventually--every few days, typically--dowloading the whole batch. Encrypted traffic would make this screening and immediate response much more difficult.)
Your particular connectivity and the ease of reading mail on-line seem to have conspired to make decryption (as well as offline reading and archiving!) quite onerous. If you lack a secure, connected machine at the office, and have no IP (or UUCP!) service at home, I think you're at a strong disadvantage towards reading any encrypted traffic at all. Is there no means for you to automate offline mail reading? The user with a 300 baud modem and a VT100 terminal at home should not expect to be practicing secure encryption. Any better-equipped user has the hardware needed to encrypt and decrypt securely -- they just haven't written the software.
If Nathan is running PGP on a multi-user system, such as campus machines at Ohio State, he is likely deluding himself about actual security. Others at the site may already have his private key and passphrase captured. If he is running PGP on his own private machine, with good Net connectivity, congratulations. Most of us--I think it's safe to say--don't have these options. Many are reading from university accounts, from commercial services like CompuServe, and even from multiple services (depending on location). Not running PGP on each and every message doesn't mean we're lazy--it means we've got better things to do with our time.
Point taken; but if you receive unencrypted mail on a multi-user system, you're likely deluding yourself about its security as well. I am motivated to provide the list to anyone that wants it without advertising your subscription (and its traffic) to your service provider. Anonymous posting, meet anonymous subscribers. I can think of several reasons why cypherpunks would not be the only list for which encrypted traffic might be desired.
Sorry to sound harsh, but calling us lazy and software-challenged is not addressing the real issues.
"Indeed." I hadn't intended this to be taken as name calling. Really. nathan