What email encryption is actually in use?

Tim May tcmay at got.net
Sat Nov 2 21:37:11 PST 2002 

On Saturday, November 2, 2002, at 08:01  PM, Tyler Durden wrote:

> "Prior to that, the encrypted email I've sent in the past year or so 
> has almost always failed, because of version incompatibilities,"
>
> While in Telecom I was auditing optical transport gear, and we adopted 
> the practice of encrypting all of our audit reports to vendors. Of 
> course, the chance of there being an eavesdropper (uh...other than 
> NSA, that is) was a plank energy above zero, but it gave the vendors 
> the imporession we really cared a lot about their intellectual 
> property (if we determined a problem with their equipment, and if that 
> info ever leaked, it could have a major impact on them).

When I was at Intel we sent our designs for microprocessors to European 
branches and/or partners. One set of designs sent to MATRA/Harris, a 
partner in the 80C86, was stolen in transit. (The box of tapes arrived 
in Paris, but the tapes had been replaced by the suitable weight of 
bricks.)

The moral: 99.9999x % of traffic is of little interest to thieves or 
eavesdroppers. But some fraction is.

And it often isn't appreciated until after a theft or eavesdrop in 
which category the traffic lies. (Equivalent to people not thinking 
about backups until it's too late.)

Having said this, I, too, rarely encrypt. It should get easier, now 
that PGP 8 is well-integrated into the Mail program I use in OS X. 
(Years ago PGP stopped working in my mailer, and I had to encrypt and 
decrypt manually.)

It is odd that we mostly think crypto should be easy and painless. The 
military, with a real need for crypto, has full-time code clerks on 
ships and at bases, even out on the battlefield. And they have "code 
shacks" and "cipher rooms" and all sorts of procedure and rigamarole 
about envelopes, couriers, locks on doors, combo locks on safes, need 
to know, etc.

PK crypto has made a lot of things a lot easier, but expecting it all 
to work with a click of a button is naive. Of course, most of us don't 
actually have secrets which make protocols and efforts justifiable. 
There's the rub.

--Tim May

More information about the cypherpunks-legacy mailing list