On Wed, 10 Jan 1996, Ted Garrett wrote:

Being new to crypto subjects, I guess I'm pretty gullable about how much one should use encryption in general. I remember reading somewhere that it would probably be best for the 'world as a whole' if everyone used encryption whenever possible so that when you DO send encrypted messages that actually contain information you want kept secret, it doesn't stick out like a sore thumb.

To that end, I should imagine that once I have a person's pgp key, they may well never see another cleartext message from me again!

The liability of that is a little inconvenience, which can lead to laziness and insecurity. I usually read mail on a highly visible multiuser UNIX system of which I am not the sysadmin and that has been broken into several times. If you send me encrypted mail, then I either need to keep my key, type my passphrase, etc. on this insecure system, or download the mail to a PC or Mac, which isn't always possible. Most sessions of mine to this host are encrypted in kerberos or ssh, but not all. Sending unencrypted mail is rather like sending a postcard. But postcards are fine a lot of the time. Being too cavalier about the use of PGP is rather like putting multiple deadbolts on the front door to your house, but accidentally dropping copies of your house keys wherever you go. -rich