Mr. May:
>Frankly, the PGP community veered off the track toward crapola about
>standards, escrow, etc., instead of concentrating on the core
>issues. PGP as text is a solved problem. The rest of the story is to
>ensure that pass phrases and keys are not black-bagged.
>
>Forget fancy GUIs, forget standards...concentrate on the real threat model.
What is the real threat model?
Everybody has different worries. I'm not a bookie, I don't do
work for the mob, I don't spend more than I earn. My biggest threat
is (1) financial (stolen credit card numbers, or other form of
credential fraud) (2) Political--that comments here and other places
get me the list of "People To Take Care Of Later".
The first threat can be dealt with by "cheap" crypto deployed
everywhere--to co-opt one of RAH's phrases--a "Geodesicly encrypted
network. In a network where every single stinking bit on the wire is
encrypted at as many layers as possible, even with "10 cent" crypto
will virtually eliminate (by making it more expensive) many of the
low level financial threats. Yes, big banks and large financial
institutions need stronger crypto, but they can multiple-encrypt,
write their own protocols etc.).
The second threat would be made much harder by the encrypt
everything all the time type of network, if I weren't so thick headed
as to insist on using my Real Name. This is presumably what the "PGP
Community" veered off towards. Unfortunately, they've done a
half-assed job so far.
--
A quote from Petro's Archives:
**********************************************
"Despite almost every experience I've ever had with federal
authority, I keep imagining its competence."
John Perry Barlow