NPR : E-Mail Encryption Rare in Everyday Use

Ed Gerck wrote:
> Ben Laurie wrote:
>> Ed Gerck wrote:
>>> This IS one of the sticky points  If
postal mail would work this way,
>>> you'd have to ask me to send you an envelope
before you can send me
>>> mail.
>>> This is counter-intuitive to users.
>>
>> We have keyservers for this (my chosen technology
was PGP). If you liken
>> their use to looking up an address in an address
book, this isn't hard
>> for users to grasp.
> 
> Well, the observation (as I hear the NPR piece) is that
it HAS been hard
> to grasp.
> 
> Further, the comparison with "looking up an
address in an address book" is
> also not even close to the level of hassle that users
need to go through
> with
> PGP (and PKI). Please google "Why Johnny Can't
Encrypt: A Usability
> Evaluation
> of PGP 5.0" and comments in the Usability section
of
> <http://email-security.net/papers/pki-pgp-ibe.htm/>

I don't use PGP - for email encryption I use enigmail, and
getting
missing keys is as hard as pressing the "get missing
keys" button.

>>> Your next questions could well be how do you
know my key is really
>>> mine...
>>> how do you know it was not revoked ...all of
which are additional sticky
>>> points.
>>
>> For revocation, keyservers again. 
> 
> Last time I looked, a lot of PGP keys in keyservers are
useless because
> users
> (most often) simply forgot their passphrase...

I guess I don't send people like that much encrypted email.

>> If I cared whether it was really yours
>> (I don't), then I'd check the signatures, or
verify the fingerprint
>> out-of-band.
> 
> Out-of-band is good. But, again, the hassle factor...

Most of my encryption is done simply because its a good
thing to do. If
the wrong guy is reading it I'll find out in the end. For
the few where
I really care I'm prepared to go through that hassle.

>>> In the postal mail world, how'd you know the
envelope is really from
>>> me or
>>> that it is secure?
>>
>> I don't.
> 
> Yes, but since you don't need to ask for one... no
problem. You just use
> your
> own envelope to send postal mail to me.

Really? I just write "Ed Gerck" on an envelope
and it gets to you? I
doubt it. Presumably I have to do all sorts of hard and
user-unfriendly
things to find out and verify your address.

> The PKI problem is that it runs
> backwards
> to normal mail flow -- you need to ask me for my
envelope before you can
> send me a
> secure message. IBE doesn't have this problem, even
though it has key
> escrow.

If you handled your keys properly I would not need to ask
you for anything.

-- 
http://www.apache-
ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he
can go if he
doesn't mind who gets the credit." - Robert Woodruff

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

Ben Laurie wrote:
> I don't use PGP - for email encryption I use enigmail,
and getting
> missing keys is as hard as pressing the "get
missing keys" button.

Missing keys that do not exist or do not work (user forgot
passphrase or
revoked) are still missing keys, no? Considering how few
users use PGP,
we must assume that nearly all users have no keys.

> Most of my encryption is done simply because its a good
thing to do. If
> the wrong guy is reading it I'll find out in the end.
For the few where
> I really care I'm prepared to go through that hassle.

After 15 years of PGP and PKI evolution, users still say
it's just not working.
The problem seems to be the methods, not the
implementations. Notwithstanding
people that do "the good thing".

> Really? I just write "Ed Gerck" on an
envelope and it gets to you? I
> doubt it. Presumably I have to do all sorts of hard and
user-unfriendly
> things to find out and verify your address.

Perhaps I wasn't clear -- with postal mail you just write
my name and address
in YOUR envelope and it gets to me. With PGP and PKI you
have to ask for MY
"envelope" first; further, MY public-key creates
the secure envelope that you
now need to trust with YOUR secret...

> If you handled your keys properly I would not need to
ask you for anything. 

My $0.02: If we want to make email encryption viable (ie,
user-level viable)
then we should make sure that people who want to read a
secure communication
should NOT have to do anything before receiving it. Having
to publish my key
creates sender's hassle too ...to find the key.

BTW, users should NOT be trusted to handle keys, much less
to handle them
properly. This is what the users themselves are saying and
exemplifying in
15 years of experiments.

Cheers,
Ed Gerck

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

Ed Gerck wrote:
> Ben Laurie wrote:
>> Really? I just write "Ed Gerck" on an
envelope and it gets to you? I
>> doubt it. Presumably I have to do all sorts of hard
and user-unfriendly
>> things to find out and verify your address.
> 
> Perhaps I wasn't clear -- with postal mail you just
write my name and
> address
> in YOUR envelope and it gets to me. With PGP and PKI
you have to ask for MY
> "envelope" first; further, MY public-key
creates the secure envelope
> that you
> now need to trust with YOUR secret...

I totally don't buy this distinction - in order to write to
you with
postal mail, I first have to ask you for your address.

Apart from content of the blob handed over, the two
transactions are
identical.

>> If you handled your keys properly I would not need
to ask you for
>> anything. 
> 
> My $0.02: If we want to make email encryption viable
(ie, user-level
> viable)
> then we should make sure that people who want to read a
secure
> communication
> should NOT have to do anything before receiving it.
Having to publish my
> key
> creates sender's hassle too ...to find the key.

So you think people can use the post to write to you without
you
publishing your address?

> BTW, users should NOT be trusted to handle keys, much
less to handle them
> properly. This is what the users themselves are saying
and exemplifying in
> 15 years of experiments.

I think users are perfectly capable of handling keys. The
problem they
have is in choosing operating systems that are equal to the
task.

Cheers,

Ben.

-- 
http://www.apache-
ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he
can go if he
doesn't mind who gets the credit." - Robert Woodruff

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

While there is merit in arguing how to simplify the
mechanics of 
using public key encryption for sending and receiving email,
I cannot 
agree with this assertion:

At 10:44 AM -0800 2/24/06, Ed Gerck wrote:
>
>My $0.02: If we want to make email encryption viable
(ie, user-level viable)
>then we should make sure that people who want to read a
secure communication
>should NOT have to do anything before receiving it.
Having to publish my key
>creates sender's hassle too ...to find the key.

If an individual wants to receive telephone calls, he has to
agree to 
publish his phone number.  For many years, we tacitly agreed
that our 
phone numbers would be published.  That a phone number was
public 
information wasn't perceived as a problem.  But as the
number of junk 
calls increases, the number of people who opt out of phone 
directories increases.  Today, more individuals decide that
having a 
public phone number is a problem.

In this regard, public keys are just like cell phone
numbers.  How 
many people know your cell phone number?  How did they get
it?  You 
can't get a cell phone number from directory assistance. 
So if you 
want someone to be able to call you on your cell phone, you
have to 
give them the "key" to your cell phone.  If you
want someone to send 
you encrypted email, you have to give them your public key. 
 It's 
the same thing.

Yet cell phones seem to be viable.

-- 

john noerenberg
  
------------------------------------------------------------
----------
    It took long enough in all conscience for realization to
come that
    the externals of civilization - technology, industry,
commerce, and
    so on - also require a common basis of intellectual
honesty and morality.
   -- Herman Hesse, The Glass Bead Game, 1943
  
------------------------------------------------------------
----------

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com

* Ben Laurie:

> I don't use PGP - for email encryption I use enigmail,
and getting
> missing keys is as hard as pressing the "get
missing keys" button.

A step which has really profound privacy implications.

I couldn't find a PGP key server operator that committed
itself to
keeping logs confidential and deleting them in a timely
manner (but I
didn't look very hard, either).  Of course, since PGP
hasn't
progressed as faster as our computing resources, I'm
nowadays in a
position to run my own key server, but this is hardly a
solution to
that kind of problem.

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe
cryptography" to majordomometzdowd.com