The problem is motivational
Over the last year Marcus and me discussed ideas on how to make encryption easier for non-crypto geeks. We prepared a short paper... Interesting. However, the problem of widening email encryption practice is not technical, it is motivational. Broadly speaking, there are those that have nothing to hide (i.e., those that completely lack the motivation - see above, mid-way in the thread) and those that indeed do have something to hide. Those that have something to hide would never, ever place an ISP or webmail operator on their trust chain. After all, they must assume that those that they must protect their communication from can probably secure the cooperation of either or both those parties. On the other hand, I keep wondering: why are we (and we obviously are, witness this paper and the initiative behind it) so motivated to spread the gospel of e-mail encryption among those that completely lack the motivation for it? (This *is not* a rhetorical question). Mark R. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On Thu, 20 Oct 2011 05:30, lists-gnupg...@lina.inka.de said: the lowest efford are discovery via personal web pages like doing XDR or maybe webfinger. Most users wont be able to have special RRs - not even Most users don't have personal web pages. So what now? Well many users have a facebook page - but this would make facebook mandatory and we woold need support from them (at least to guarantee that they don't break any assumptions). Not much different to work with ISPs. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On Wed, 19 Oct 2011 22:10, kloec...@kde.org said: What NEW standard are you talking about? Werner wants to use OpenPGP. and S/MIME! We actually don't care. For certain MUAs it is much simpler to implement something on top of S/MIME than to trying to get OpenPGP support. The actual protocol in use does not matter to the user (only to use experts). Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On Thu, 20 Oct 2011 07:39, makro...@gmail.com said: Interesting. However, the problem of widening email encryption practice is not technical, it is motivational. Right and that is why it encryption must be the default. On the other hand, I keep wondering: why are we (and we obviously are, witness this paper and the initiative behind it) so motivated to spread the gospel of e-mail encryption among those that completely lack the motivation for it? Because we, who care about privacy, are affected by those who don't care. Too much confidential stuff (e.g. medical records) is mailed around in the clear despite that there are strong regulations that this is verboten. Virtually everyone is ignoring these privacy policies because they have no chance to apply them. It is just too hard to get it done. People want fast information and many learned how to use mail. But they can't manage to do all this crypto voodoo - if they at all know how to do it and that there is such a thing. We need to make it easier - even for the facebook crowd. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
Am 20.10.2011 04:16, schrieb Marcus Brinkmann: You are right that it is a challenge to get the support in the providers the lowest efford are discovery via personal web pages like doing XDR or maybe webfinger. Most users wont be able to have special RRs - not even for their own domains (which is also rather seldom). I would use link rel= like openID does. Gruss Bernd ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
Hi, I read this briefly, and I'd actually like to read it over later and maybe contribute some ideas. The lack of people caring about cryptography is quite apparent, and may be solved with some good ideas of making things less annoying / hard to use. I'd be happy to help. On Mon, Oct 17, 2011 at 11:11 AM, Werner Koch w...@gnupg.org wrote: Hi! Over the last year Marcus and me discussed ideas on how to make encryption easier for non-crypto geeks. We explained our plans to several people and finally decided to start a project to develop such a system. Obviously it is based on GnuPG but this is only one component of the whole system. We prepared a short paper; if you are interested you may download it from http://g10code.com/docs/steed-usable-e2ee.pdf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On 10/20/2011 1:39 AM, M.R. wrote: Interesting. However, the problem of widening email encryption practice is not technical, it is motivational. Absolutely agreed. Shirley Gaw, Ed Felten and Patricia Fernandez-Kelly had a wonderful paper a few years ago, Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted Email which covers this subject. It's eye-opening reading, which is why I bring it up as often as I can. :) http://www.cs.princeton.edu/~sgaw/publications/01Feb-Activists-sgaw-CHI2006.pdf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expired keys
On Wed, 19 Oct 2011 16:17:22 +0200 Hauke Laging articulated: Am Mittwoch, 19. Oktober 2011, 16:09:26 schrieb Jerry: I have several keys listed as expired. The key is listed as having only a public part. All attempts at deleting these keys has failed. How do I go about removing them? It would be helpful to know what you have done and what happened. Have you tried that with gpg or a GUI? I have tried using the GUI. What would be the proper way to do it from the CLI? I am afraid of removing the wrong keys? -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
What proportion of consumer-grade ISPs have bothered to implement DNSSEC for serving their customers? I don't think mine does, and they're a big outfit. If I asked, I expect they'd think I was speaking Aldebaranese or something. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgptlqzy4h9zc.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On Thu, Oct 20, 2011 at 05:39:28AM +, M.R. wrote: On the other hand, I keep wondering: why are we (and we obviously are, witness this paper and the initiative behind it) so motivated to spread the gospel of e-mail encryption among those that completely lack the motivation for it? o Philosophical: I just think that communication channels should be encrypted unless someone demonstrates a good reason not to. Perhaps it comes under the heading of not tempting others to sin. :-) o Protective coloration: if email is normally encrypted, this further weakens the already-stupid argument that if you want this much privacy then you must be up to no good. o Weariness of duh moments: some people throw their secrets around like confetti and then get all bent out of shape when this comes back to bite them. Saying, well, you could easily have protected yourself with X if you cared is always unrewarding and always hard to eschew. I'd rather not be tempted. o Taking unenthusiasm personally: we obviously think this stuff is interesting and useful, and it can feel kind of insulting that others don't. o The telephone quandary: if *I* want to communicate securely with you, then I need for *you* to have a compatible secure means of communication. (If I'm the only person with a telephone, whom can I call?) o Cassandra complex: the vague feeling that Something Bad Will Happen And I Didn't Warn Them. That's all I can think of right now. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpw5gM4CyipF.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
BTW I have nothing to hide but like my privacy anyway. Privacy is essential for maintaining personal boundaries, as well as security. (That said, the vast majority of my use of crypto in email is to establish identity, not to protect privacy. I *want* to be positively identifiable in most circumstances.) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpRe5Gr1rxur.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
I suspect that, for many, too hard to do is not as significant a factor as too hard to believe in. Over here, doctors' offices have at last been dragged, kicking and screaming, into the mid 20th century and will at least use FAX to transmit prescriptions to the pharmacy, but mention e-mail and they back away making the sign against the evil eye, because they know it's not secure. The office staff would all die of apoplexy if I told them how I *want* it to work -- not because my notions are insecure, but because they don't understand why those notions *are* secure. (Assuming they are. :-) -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpwl8L89XpQw.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expired keys
Am Donnerstag, 20. Oktober 2011, 15:26:29 schrieb Jerry: I have tried using the GUI. What would be the proper way to do it from the CLI? I am afraid of removing the wrong keys? gpg --delete-key name There is a confirmation in order to avoid removing the wrong ones. But you can give the fingerprint as identifier. This removes public keys only so you can hardly cause real damage. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expired keys
On Thu, 20 Oct 2011 17:00:17 +0200 Hauke Laging articulated: Am Donnerstag, 20. Oktober 2011, 15:26:29 schrieb Jerry: I have tried using the GUI. What would be the proper way to do it from the CLI? I am afraid of removing the wrong keys? gpg --delete-key name There is a confirmation in order to avoid removing the wrong ones. But you can give the fingerprint as identifier. This removes public keys only so you can hardly cause real damage. OK, that will work from the command line. Is there a way to delete all expired keys at once, or do I have to continually enter the key name one at a time. There are a lot of them and I would rather do it in one move if possible. -- Jerry ✌ gnupg.u...@seibercom.net _ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. Kiss your keyboard goodbye! signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On 20/10/11 12:30, Robert J. Hansen wrote: ...Shirley Gaw, Ed Felten and Patricia Fernandez-Kelly had a wonderful paper a few years ago, Secrecy, Flagging, and Paranoia: Adoption Criteria in Encrypted Email... Thanks for the link, interesting reading. The quote from the paper that follows demonstrates, I believe, that the authors follow the dogma of all mail should be encrypted, even if it is of no benefit to the mail sender and reciever, because it is of benfit to others: ...but it was a huge cognitive leap to go from protecting secrets in an individual message to obfuscating secrets using everyone else’s messages... I also believe this dogma is behind Werner's first follow-up to my post: Because we, who care about privacy, are affected by those who don't care. I propose this way of thinking is counterproductive. It will not succeed in any meaningful way, because encryption by default is a completely unrealistic goal in today's environment of multiple mail end-user platforms, plethora of client applications, uncooperative mail service operators and hostile universal surveillance culture, and, last but not least, by the legions of users who resent it because they have nothing to hide. Any solution which marshals mail service operators and ISP's into the trust chain is however recklessly endangering those that might have something to hide, by giving them false sense of security. I therefore propose that this dogma should be re-examined, and if and when abandoned, released energy be directed towards addressing the outstanding issues of those that know they need to protect their communication and are motivated to do so. Mark R. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: The problem is motivational
On 10/20/11 11:34 AM, M.R. wrote: I propose this way of thinking is counterproductive. It will not succeed in any meaningful way, because encryption by default is a completely unrealistic goal... Only he who attempts the absurd is capable of achieving the impossible. -- Miguel de Unamuno He who says a thing cannot be done is expressly forbidden from interfering with one who is doing it. -- Anonymous I'm sympathetic to your position. I think it's an impossible goal and one that will never be realized. That said, I also think it's possible I may be mistaken, and for that reason I'm not going to attempt to persuade smart people to stop attempting the absurd. By all means, you should direct your energies to where you feel they can do the most good -- but we should also respect their decisions about where they feel their energies can do the most good. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Expired keys
On Thu, Oct 20, 2011 at 17:23, Jerry gnupg.u...@seibercom.net wrote: Is there a way to delete all expired keys at once Have a look at gpgkeymgr (http://nudin.github.com/GnuPGP-Tools/), that's probably what you want. Best, Richard ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: STEED - Usable end-to-end encryption
On 10/20/2011 10:25 PM, Matthias-Christian Ott wrote: But who are the providers? Except for people who work in computer science, physics or similar fields I don't know people who run their own mail servers or are part of a cooperative. Most other people use a handful of providers who often offer free service in exchange for the loss of privacy or at least some form of semi-targeted advertisement. Do you expect those providers to ruin their business models by implementing this proposal? I wouldn't count on them. Maybe. But the only way to fail for certain is by not trying. There are other business models and market pressures beside those that you are highlighting. It's not easy to predict. Perhaps the providers could also be forced by law not to implement this, because (if I remember correctly) come countries require that they store at least the header information (including subject, which should also be encryted by the system) for traffic analysis. So in the worst case the providers couldn't implement this without breaking the law (I doubt that citizens could use the system without breaking the law in this situation either, but individuals are often more venturous than organisations). STEED is fully compatible with existing mail encryption, so we do not include the headers in the plaintext. I am not an expert, but as far as I know the regulation usually demands to store connection data that is available, it does not ask for data that is not available for whatever reason. I think your interpretation of the regulations in that area is overly pessimistic, but I could be wrong. Maybe you can verify this? What about making everyone their own provider? The efforts in this direction intiated by Eben Moglen that lead to the FreedomBox and other projects seem to go in the right direction. It doesn't seem to me less realistic than requiring cooperation from providers. I think everybody deserves private email communication, not only those who are willing to be their own provider. We don't expect people to carry out their own snail mail letters either, and the business model of the post office does not require spying on the letters. Now, it may be the case that the freedom box is (or will be) a more attractive way for people to do email, and everybody will use it and nobody will use proprietary email service providers. That would be excellent! The FreedomBox project is a very important project, and it deserves our strongest support possible. If it is a better alternative, we still need to convince the FreedomBox project to adopt the STEED proposal (not a single word in the paper would have to change). And I agree that this is an overall more appealing task than trying to convince the proprietary providers. But, we have to go where the users are, and we have to try our best to get the providers cooperation. There is no benefit in ignoring them and their users just for our convenience. If this is too daunting for you, please remember that we do not have to get their active cooperation. If they accept it grudgingly because not following along would be bad business (or illegal), then that's good enough. That requires that we raise the state of the art in the field. Maybe you are still not convinced. Then let me give you an illustrative analogy. (Disclaimer: I am not associated with SawStop or anybody involved, nor have I met anybody involved or used their product). An inventor created a table saw that can prevent injury by stopping the blade as soon as it is touched by human flesh (SawStop). According to the inventory, he could not get the technology to be marketed by the big table saw companies. His claim is that the companies think that by raising the safety measures in the table saw, they would be more liable for table saw accidents, which would make them subject to litigation. Eventually he created his own SawStop product line. Now, after several years, lawmakers and regulators have taken notice and might make sawstop like technology mandatory in table saws. Now, maybe SawStop is bad technology, maybe it's good. But at least something is true: As long as no candidate technology like it exists, the question doesn't even come up. That's the state we are at with email encryption. Everybody who tried has learned that email encryption is not worth the hassle. Everybody who hasn't tried just expects email to be secure and might not even be aware that it is not. It's time to change that equation, don't you think? The good news is that STEED will integrate extremely well in P2P systems. The dependency on a provider in STEED is not integral to the proposal, but just a consequence of people already relying on their providers infrastructure for everything else. If users use different infrastructure, STEED will also work over that infrastructure just as well. Thanks, Marcus ___ Gnupg-users mailing list Gnupg-users@gnupg.org
Re: The problem is motivational
- Message from M.R. makro...@gmail.com on Thu, 20 Oct 2011 15:34:29 + - To: gnupg-users@gnupg.org Subject: Re: The problem is motivational On 20/10/11 12:30, Robert J. Hansen wrote: . . . . . . . . . Because we, who care about privacy, are affected by those who don't care. I propose this way of thinking is counterproductive. And what of the other responses which stated other specific needs to make encryption universal? I especially can appreciate Mark Wood's comment on The telephone quandary. My use of encrypted e-mail is severely limited because so many of those with whom I communicate wouldn't have a clue how to acquire, install, configure, or use encryption. It will not succeed in any meaningful way, because encryption by default is a completely unrealistic goal in today's environment of multiple mail end-user platforms, plethora of client applications, uncooperative mail service operators and hostile universal surveillance culture, and, last but not least, by the legions of users who resent it because they have nothing to hide. Any solution which marshals mail service operators and ISP's into the trust chain is however recklessly endangering those that might have something to hide, by giving them false sense of security. The proposal doesn't preclude those that might have something to hide from seeking other sources of encryption keys. It merely allows far wider use of encryption in general. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users