On Saturday 02 November 2002 12:09, Adam Shostack wrote: > An interesting tidbit in the September Information Security Bulletin > is the claim from MessageLabs that only .005% of the mail they saw in > 2002 is encrypted, up from .003% in 2000. > > ... Last month, about > 5% of my email was sent PGP encrypted, about 2% STARTTLS encrypted, > and about 25% SSH encrypted to people on the same mail server, where > POP and IMAP only function via SSH. > > I'd be interested to hear how often email content is protected by any > form of crypto, including IPsec, Starttls, ssh delivery, or PGP or > SMIME. There's probably an interesting paper in going out and > looking at this.
Well, here's a datum for you: in the past four or five months, I have sent exactly no encrypted email. There are several reasons, notably that most of my email correspondents are business types who can't handle encryption even after several lessons and checklists and even when the tools are integrated into the MUA. Prior to that, the encrypted email I've sent in the past year or so has almost always failed, because of version incompatibilities, human error, changes of email address, and what-not. Or because the recipient simply isn't bothering to decrypt mail any more because it's more trouble than it's worth for the low quality of information conveyed. The only business environment I've ever worked in which successfully used encrypted email mandated specific versions of mail client (Outlook, ecch) and PGP (integrated into Outlook), had a jackbooted thug to make sure everyone's keyring was up to date, and had a fairly small (couple dozen), mostly technically proficient, user base. And even there, half the time the encrypted message wasn't sensitive enough to be worth encrypting nor important enough to be worth decrypting. I have signed a few messages in the recent past, but that was probably even less worthwhile than encrypting them. For all I know, not a single one has been verified. -- Steve Furlong Computer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking