Would you consider PGP more than a low-effort?  It would be zero effort if
we weren't concerned about the privacy of our own secret keys, thus keeping
them encrypted behind passwords.  

Maybe an extra-low-effort system would consist of a simply speaking a
keyword into a microphone, and using voiceprint authentication to decrypt
the secret keys.  Fortunately almost all computers have the ability to read
in decent quality audio.  Sending to particular people is no effort - the
public key aquisition can be automated.

Its interesting to think of the change in load on list servers.  Would you
encrypt to the list server, who then decrypts and re-encrypts for each
client, or would there be a collaborative key for the list that everybody
had the secret to and could decrypt?  More probably we would just
cleartext-sign the messages for source authentication, for backwards
compatibility, I suspect.

Either way, it can be zero-effort for the people generating the e-mail,
outside of authenticating your personal secret key, though accepting the
e-mail has the same effort problems.

I would be signing my messages pgp, if I could, but I haven't gotten ahold
of PGP 7 yet... and the earlier versions don't work on 2000.


-----Original Message-----
From: Michael T. Babcock [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 31, 2000 9:06 AM
Subject: Re: Open letter

And unfortunately, zero-effort security is, with current technology, an
Swipe-card key systems that do the authentication would be low-effort.
scanning cameras built into your monitor to do authentication would be low
as well.  Until then, people have to decide if its worth their effort or


> Key management is a non-zero effort, installation is a non-zero effort,
> cost is a non-zero effort and actual usage is a non-zero effort.
> Total transparency is what I define as "easy to use" in the context
> of the average email user (who probably has an email address at AOL).
> I'm afraid anything less won't get there.

Reply via email to