On 31/03/12 03:00 AM, Jeffrey I. Schiller wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Nope. If we had won, crypto would be in widespread use today for
email. As it is, enough FUD and confusion was sown to avert that
outcome. Even on geek mailing lists such as this, signatures are
rare.
Sorry, I beg to differ. The average folks in the world today never
heard of the crypto war and certainly were not influenced by it.
A bit like saying that the average iPhone user never heard of GSM and
was certainly not influenced in it :)
Just
about every mail client (accept the one I happen to be using :-) ) has
some form of crypto (usually S/MIME) built in. Yet it isn't being
used.
I have heard a lot of speculation as to why crypto isn't being used by
Joe Average, ranging from its too hard, lack of understanding of key
management (aka Certificates) [its too hard], and just lack of
caring. See http://www.simson.net/ref/2004/chi2005_smime_submitted.pdf
But the crypto wars just isn't a factor.
It's probably more about correlation and hidden causalities.
One of the weapons of the anti-crypto side was over-complexity, desire
for single points of failure, serialisation of steps. Things like
S/MIME exhibit all of those properties, indeed it was so loaded up with
bad engineering, it failed to get off the ground even when geeks try and
run it.
But against the opponents of crypto, it still fulfills a purpose. Its
benefit is to block any further action in this direction. There are
enough people who believe in S/MIME, and these people control enough of
the vendors such that there is no counter-momentum to replace it with
something that works [0].
The crypto wars were about opening up that battlefield so that open
source could start to experiment with lots and lots of alternatives.
The reason we lost the war was because we thought we'd won it. We were
tricked. What actually happened was a high profile weapon - the export
control - was loosened up enough just enough to make many think we'd
won. All the low-profile weapons were left in place.
There is a Foreign Affairs article that describes the same or similar
techniques carried out against South Africa. (I think Ross Anderson dug
this out at some stage and posted about it ... it's probably worth
finding it and re-reading it.)
There is still time to figure out how to get people to use crypto, all
is not yet lost!
Yeah. New applications is the opportunity. We saw this in Skype, when
a new field was not subject to the old domination. We didn't so much
see it with social networks, but there is something of it in there.
iang
[0] fixing s/mime to work is pretty easy - just have the app create &
share self-signed certs when the account is added/created. Add in some
detail, and let it rip. The point is, you will never ever get the past
the vendors.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
