Government subsidies: our last, best hope for Cryptanarchy?

[Peter Gutmann]

"Lucky Green" <shamrock at cypherpunks.to> writes, and I add my $0.02:

>The fact of the matter is that the usage of PGP by businesses, the sole
>significant source of NAI PGP revenue, had long passed its peek. How many
>business do you know that rolled out PGP in the last year?

It's also become increasingly difficult for crypto-enthusiasts within a company
to convince mgt. that a new project should use PGP.  A year or two back you
could still, with a bit of persuasion, convince a company to go with PGP rather
than S/MIME or SSL or whatever (and "whatever" is, with frightening frequency,
IPsec, of which more below).  This is now almost impossible to do, because PGP
is seen as having very little industry support, which terrifies management.

>However, a closer inspection of the PGP interoperability problems, which have
>been at one of the issues coming up in just about every single discussion I've
>had with anybody about PGP over the last year, shows that the interop problems
>are not between current versions by multiple vendors, but between versions, in
>some cases by the same vendor, that were released over time.

The major reason for this is the incessant need of the PGP standards
contributors to keep tweaking the spec for every little issue which comes down
the track, constantly breaking compatibility with the current code base.
Unfortunately given that someone is going to come up with some novel problem
which PGP doesn't quite address at the moment but which can be fixed with a
minor update, every six months or so, it's quite possible that the standard
will never settle down until someone gets around to shooting the engineers and
backing out the last dozen or so compatibility-breaking tweaks and updates.

>Even the most casual user of software tends to be familiar with and acceptant
>of the need for occasional software upgrades.

Only if it's broken, and that's the "problem" with PGP: It ain't broken.  I can
take my 10-year-old copy of PGP 2.6.x and be no less secure with it than with
the very latest NAI release.  The only reason most people ever dumped ssh 1.x
was because of very widely-publicised exploits, and even then for many users it
took the widespread use of ssh rootkits to get them to go to 2.x.  PGP hasn't
had that problem.  Like the Energizer bunny, it just keeps on going.  Look at
the Disastry PGP releases with source code going back 10 years, it's like
taking a trip back in time.  Except for the gratuitous changes in packet
formats and whatnot and a few new algorithms, you could use it to process
current messages (it's one of the first of my standard suite of PGP versions to
try).  In fact since good ol' 2.x will interoperate with any other 2.x-vintage
version out there but post-2.x stuff is nothing but interop trouble, there's a
strong incentive *not* to upgrade.

>The reluctance to upgrade to a newer version of PGP does not appear to be
>driven by a refusal or inability to upgrade software in general. This
>reluctance to upgrade appears PGP specific.

It's not PGP specific.  It's because it ain't broken, and going to a newer
version is frequently more painful (due to interop problems) than staying with
what works.

>Now perhaps there may be the rare case of a PGP user that is still running PGP
>2.x on the same DOS box, using the same mailer and the same text editor as
>they did 5 years ago.

As a matter of fact I keep an old DOS box stashed away for emergencies.  No
matter how bad things get, you can always bring up DOS on whatever random
hardware you can scrape together from various corners, fire up a terminal
emulator, and get online.

>The same Cypherpunk expressed a hope that absent NAI's PGP, the German
>government group currently funding GPG might be more inclined to fund UI work
>for Windows. Perhaps they would. Assuming for a moment they will, would this
>lead to a better PGP Windows UI than NAI's PGP offered? NAI's PGP UI is pretty
>darn good. Looking at the sorry state of UI's currently offered for GPG, even
>with government funding, I suspect that it will be a long time indeed before
>we will see a GPG UI that will compare positively to the current NAI PGP UI.

That's always been the problem with crypto software.  Crypto is cool and fun to
do.  It is (compared to the UI) relatively easy to implement given a decent
toolkit with a good selection of algorithms and whatnot (just to show I'm not
blowing smoke, it took me around two weeks to add OpenPGP as a target format
for cryptlib enveloping).  OTOH UI work is painful and boring and not even
remotely sexy.  It'd take me forever to put a UI at the level of Outlook (which
is what the masses would expect) onto cryptlib, and even if I knew anything
about Windows GUIs you couldn't pay me enough to do it.  There are however a
few products which have managed this, eg The Bat,
http://www.ritlabs.com/securebat/index.html, so it's not impossible.  Sure,
it's not Outlook, but it's an impressive piece of work for one person.

>I bet a good percentage of the readers of this list that still require to be
>engaged in a form of employment nowadays access their company network via some
>form of VPN. Up by orders of magnitude from a few years ago.

Frequently because of management misunderstanding... no, let's be honest, total
cluelessness, though.  "You got a security problem?  No worries, just install a
VPN.  Sign here please".  VPNs are being sold as the solution to everything
from viruses to premature baldness, and occasionally even because of concerns
about outsiders grabbing sensitive data off external networks, although the
latter seems to be the exception rather than the rule.  Either the complete
lack of addressing (or even considering) the threat model before deployment, or
the fact that everyone including the tea lady are regarded as requiring access
once it's deployed, mean it's just an expensive collection of electronic worry
beads once installed.

>This afternoon, I installed the "Britney Spears SmartFlash Kit" on my Windows
>XP test box. For $29.95 plus shipping and handling, you too can own a Britney
>SmartFlash Kit, which includes a USB smartcard reader, a Gemplus smartcard
>(both the reader and card are graced with pictures of Britney), and a CD with
>Gemplus GemSafe smartcard crypto driver software

These things are great, for $29.95 and a little isopropyl alcohol (or acrylic
spray paint) you get a nice GemPC430 card reader and drivers (they're normally
$60-70).  The card is just a dumb memory card though, so you still need to get
a GPK8K alongside the reader.

Peter.