EFF gun-shy of legally employing PGP (fwd)

[Eric Hughes]

On not using PGP:

>1) It wouldn't have solved the problem, since the majority of people who
>spreead the false press release are not encryption users.

Yes, it would solve the problem.  Not every individual could have
verified the message, but enough people would have, and immediately
enough, that no question would have remained for long about the
forgery.

The epistempology of authorship is of social nature already.  With
cryptography, one can lift authorship of public keys to authorship of
documents, but this is an optimization, not a necessity.  By allowing
those people who do use cryptography to verify authorship, one can
speed the process for the rest.  Not everyone currently uses crypto,
true, but better a partial benefit than none at all.  And the partial
benefit of a signed message is most of the benefit.

>2) PGP is inconvenient to use.

>3) EFF is a Mac shop, but our licensed copy of Viacrypt doesn't run on the
>Mac.

MacRIPEM is both easy to use and runs on a Mac.  There may be other
reasons not to use PEM and PEM-derived systems over PGP, but I do not
think they outweigh, at this time, the public and forthright use of
cryptography by the policy leaders, and I mean not only EFF here.

It is not my place to make internal EFF policy, but I will suggest it,
namely, that all public communications that go out to Usenet and to
public mailing lists be digitally signed by their authors.

Eric