Mandatory sig workaround

Thu Dec 1 08:02:10 PST 1994

-----BEGIN PGP SIGNED MESSAGE-----

> From:          tcmay at netcom.com (Timothy C. May)

> Face it, some fraction of people on this list are gearheads, with
> their own Pentiums or Suns sitting on the Net and with lots of
> Unix/Linux tools they like to play with and that they can use to
> compile their premails and procmails and whatnot. More power to them.
> 
> But many of us have "other irons in the fire" and don't plan anytime
> soon to abandon our existing tools (in my case, a PowerMac 7100AV,
> with video digitizers, etc., FrameMaker, Mathematica, SmalltalkAgents,
> etc.) in favor of more PGP-friendly Unix boxes.

Speaking as a "gearhead", I have a few observations...

[Proof of gearhead status: My post is signed.  I'm writing under Windows
with an Ethernet to the world, using Pegasus Mail and PGPClip.  I've got
the mouse movements memorized.  I run Linux at home and administer it at
work, both with their own PGP and other k00l t00lz.  I have encrypted
filesystems on some of my boxes.  I'm working on two personal projects
directly spawned by this debate.  None of my machines are Pentiums,
though; I must only be a junior gearhead. :-]

Considering our wonderful motto, "Cypherpunks write code", I'd say that 
Tim's assessment of the situation is more an indictment than anything 
else.  Why the heck CAN'T Tim sign his posts easily despite his limited 
connectivity?  I grant that it's not anyone's responsibility to take care 
of him for free; however, I can't see advocating hard-to-use crypto as a 
solution to any of the problems given here.  I don't know about the rest, 
but I treat Tim's statement above as a personal challenge.  (Go ahead.  
Just TRY to make me a package so easy to use I'll have no excuse.  Just 
TRY it!)

[Unfortunately, Tim, it's sad that you may not be able to benefit from 
any of my results.  I'm clueless about Mac code and have no way of 
rectifying that; thus, my efforts are limited to Windows...]

ObSigs: Perhaps once the tools are written, Eric's proposals won't seem 
so objectionable.  If signing is just a matter of clicking and typing a 
pass phrase (no matter what your particular environment is like), then 
pushing sigs in this way doesn't seem like such a bad thing.  I don't 
think that encouraging/requiring sigs will encourage net.cops to do 
anything that probably isn't a bad idea anyway, esp. since we don't have 
an Official Cypherpunks Certifying Authority(tm).

> If people feel it would be better for the Cause if I eschewed writing
> on the issues I write aboue in favor of not writing, presenting, etc.,
> and instead becoming a Unix gearhead, able to transparently sign all
> messages, then send your comments to me. 

Well, Tim, I personally don't mind you kicking your responsibility to 
live up to the ol' motto and waste our time with your illuminating 
discourse. :-)

[Before you flame me: The fact that you have reacted so angrily to the
above statement indicates your answer to Tim's question.  Believe me,
the above is satire, and I would agree with you.]

I think there's a place both for the gearheads and the visionaries. Sure,
Tim doesn't contribute any code (generally!); on the other hand, I don't
remember contributing too much in the way of vision (or code, for that
matter :-).  Maybe we should both get ourselves kicked off; after all,
some (Eric comes to mind) have done both...

[Eric here]
> > It certainly would.  My priorities on this are to get myself set up
> > for signing.  Then I need to get a recognizer written, then to hack
> > vacation to use alternate database files, then to get my own personal
> > resource list compiled, then to set my personal nagware.  Only after
> > all that do I intend to alter the list.
> 
> And I intend to do none of this, choosing to focus on other things,
> which is why I object to policies designed to modify behavior in the
> way being discussed in this recent thread.

As an aside, what would be a minimum standard for a usable enough
solution?  [Besides persuading Qualcomm, Microsoft, and the rest to put
a "PGP" button in their mailers.  I'm looking for an incremental step
that can be done without connections.] 

An example of an idea I've had: Supposedly, Pegasus Mail for Windows (a
SMTP/POP3 and MHS/NetWare mailer) will soon have DDE and OLE support. 
I'm thinking of a separate "PGP Shell for Pegasus" program that would
load and do its thing by controlling the mailer through DDE (and maybe
OLE).  It would be a separate app (at least the DDE version would), but
it would at least have the "click and go" kind of ease of use that I've
heard people asking for.  I'm working on a prototype that will do the 
same for Programmer's File Editor, a DDE-aware text editor (its only 
advantage: it's really here, unlike the DDE-aware mailers...).