-----BEGIN PGP SIGNED MESSAGE----- Deletia...
Most people, including one of (the?) leading thinker(s) of the group on the net that most supports cryptography believe that the added security and privacy that cryptography provides are not worth typing a few commands or clicking a few buttons. I myself rarely, if ever, sign my post. If WE don't even use crypto ourselves, who do you think else uses it and who do you think will therfore care if the government chooses to outlaw it?
I've noticed this and always thought it quite strange.
We don't have a motivation to use crypto. We all realize that there is really no need to encrypt/sign the vast majority of the stuff we are sending. There may be the occasional message that we will encrypt and we are well aware that we encrypt that message for the very reasons that the powers-that-be want to see encryption outlawed.
Yes there is...I recent got my fanny pulled out of the fire because I sign ALL of my messages. Someone spoofed me on one of my accounts. I never got the full details, but I screamed VERY loudly to the powers "WAS THE MESSAGE SIGNED WITH MY DIGITAL SIGNATURE." The answer was "NO." My reply was "It couldn't be me, because my software automatically signs all of my posts...If I were you I would look at your logs to see who hacked the message." I never heard another word. Granted this wasn't a really big deal, but it does illustrate the power of digital signatures. It got them to at least look at their logs, which probably wouldn't have happened otherwise. (Even though that SHOULD have been the first place they looked.) More deletions...
There are no better tools for integration of crypto today, because there has been no need. The few times you actually need crypto you can punch the commands "by hand".
I'm basically a lazy S.O.B. when I first got my shell account I made sure that my provider had uqwk installed because: a. I wanted to use AUTOPGP to sign all of my messages automatically because I had been burned several times before on forgeries. As more people get burned, the demand for digital signatures will go up. This was my initial motivation for installing PGP. The encryption angle came later. We might learn something from AUTOPGP. Instead of focusing on making every reader compatible with encryption, why not focus on making a semi-universal pre-processor and post-processor for them. Hit the lowest common denominator. Another interesting concept would be for providers to make signatures mandatory. While you wouldn't be forced to sign your messages, you would be responsible for any message bearing your name if your software wasn't set up for signing. Deletion...
We are stuck: No need -> no development of tools -> no spreading of crypto beyond the "hard core" -> no public resitance when crypto becomes illegal.
So how can we prevent crypto from becomming illegal? Just follow the above chain backwards. Create a need. Create mailing lists that require signed messages. Create ftpsites that require signed uploads or whatever. Require the use of crypto. Not to partake in some involuntary interaction with the government (that will happen without out help), but for some voluntary interactions between people on the net. Sending mail to cypherpunks is such a voluntary interaction. Requiring it here just might result in better tools in the long run. Just an idea, if it sounds like garbage, forget about it.
I agree with you Lucky, we have to create a demand. We also have to make it easy enough for people to implement. There is definitely a stigma attached to encryption though. Some of you may remember my post a while back about looking for a place to set up a mailing list, this will demonstrate some of the forces involved. A while back I came up with an idea, "Why not set up a public mailing list to distribute PGP Keys." After mulling it over for a while I decided to do it. I also came up with the idea of subscribing alt.key-dist to it and also subscribing a keyserver to it. One stop shopping...post your key to the list and it makes it to all interested parties. A universal venue for distributing PGP keys. No system administrator involvement needed, instead of having to rely on them carrying alt.key-dist, which isn't on a lot of systems. I went to several providers about setting up the list. (BTW - Thank You L. McCarthy for your efforts!!!) Everything was great until they found out what the list was for. After that "Sorry, we can't do it." or they wanted to charge an exorbitant price for the list. The moral: A lot of system administrators do not want encrypted messages, because they fear that they are responsible for the content. While they won't kill encrypted messages they won't help propagate the technology either. BTW - I'm still LISTLESS. (I couldn't resist the pun) Sam (Who ALWAYS signs his messages) ============================================================================== One was never married, and that's his hell; another is, and that's his plague. - Robert Burton, 1651 ============================================================================== skaplin@skypoint.com | "...vidi vici veni" - Overheard | outside a Roman brothel. PGP encrypted mail is accepted and | preferred. | Change is the only constant in the | Universe..."Four quarters, please." E-mail key@four11.com for PGP Key or | Finger skaplin@mirage.skypoint.com | Smile!! Big brother is watching. ============================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLtsg6gpnimeWAf3FAQH/BwP5AWqVCjtaa7RWjRtImKoTIwoof3FVQVPs Q1BqI/XAte92YWTiJqi06CWHxyL3lojuQSjY5a4d1reepBfydjI3QVypOQZtXyaM MKeXmJJQwqW+oKU1SV0v5DGIVIqZRqT86uxZBTYs0UsdewUtET8MUTY/6CgPhgBQ XCJIO3xxOsY= =CX+D -----END PGP SIGNATURE-----