Financial cryptography is the only cryptography that matters?
Say it ain't so, Lucky, say it ain't so...
;-).
Cheers,
RAH
--- begin forwarded text
Status: U
From: Lucky Green [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Government subsidies: our last, best hope for Cryptanarchy?
Date: Fri, 24 May 2002 01:44:53 -0700
Sender: [EMAIL PROTECTED]
You may be asking yourself: where, oh where, has all the crypto gone?
Where are the BlackNet's? Where is the untraceable Ecash? Where is the
Cryptanarchy that we've been waiting for? For that matter...where is the
crypto?
The staunchest Cypherpunk will by now have noticed that PGP/GPG usage
even amongst list members, once the bellwether indicator of Cypherpunks
crypto adoption success, is in decline.
NAI has pulled PGP off the shelves. Conspiracy theories as to what may
have been driving this business decision abound. The fact of the matter
is that the usage of PGP by businesses, the sole significant source of
NAI PGP revenue, had long passed its peek. How many business do you know
that rolled out PGP in the last year? How many do you know that quietly
stopped using PGP after formally adopting its use with big fanfare a few
years ago? The facts are that there are more of the latter than of the
former. Did NAI receive The Briefing? I don't know. Nor does it really
matter. There wasn't enough money to be made with PGP.
A well-respected Cypherpunk recently expressed hope that if NAI's PGP
were to disappear for good, perhaps compatibility problems amongst
versions of PGP would diminish. A plausible sounding theory, if one were
to assume that the compatibility problems amongst versions of PGP are
between versions produced by different vendors. Presumably, the theory
would go, with only one major supplier left standing, that being GPG
(yes, I am aware there are others), interop problems with other vendors'
implementations would pretty much disappear by definition.
However, a closer inspection of the PGP interoperability problems, which
have been at one of the issues coming up in just about every single
discussion I've had with anybody about PGP over the last year, shows
that the interop problems are not between current versions by multiple
vendors, but between versions, in some cases by the same vendor, that
were released over time. The current version of NAI-PGP will
interoperate just fine with the current version of GPG.
So why is PGP interoperability such a frequently raised issue? And why
does the importance of this topic seem to diminish the further away you
stray from Cypherpunks into the realms of the casual PGP users? The
answer to the second question is straight-forward. Even the most casual
user of software tends to be familiar with and acceptant of the need for
occasional software upgrades. It appears that those that are
experiencing interop problems are those that are insisting on using up
to 5-year old versions of PGP. It is true and should come as no surprise
that those 5-year old versions do indeed have interop problems with
newer versions of PGP.
Some may say: I shouldn't need to keep on upgrading my software to be
able to send encrypted email. Does anybody seriously believe that those
that insist on using 5-year old versions of PGP have not upgraded their
operating systems in those 5 years? Indeed, upgraded more their
operating systems more than once? Or does anybody seriously believe that
those that insist on using old versions of PGP still run the exact same
version of their MUA and text editor as they did 5 years ago? Of course
they don't. If they did, their boxes would long have become unusable due
to the warez traffic taking place on the machines as a result of the
countless remote exploits discovered over these last 5 years.
The reluctance to upgrade to a newer version of PGP does not appear to
be driven by a refusal or inability to upgrade software in general. This
reluctance to upgrade appears PGP specific. Why this is the case I do
not know. (And don't greatly care. I am running the latest version of
NAI PGP and I can make my copy talk to any version of PGP 2.x or
higher).
Now perhaps there may be the rare case of a PGP user that is still
running PGP 2.x on the same DOS box, using the same mailer and the same
text editor as they did 5 years ago. I don't know of any such users, but
that doesn't mean no such users exists within the vastness of the
Internet. What I do know is that those that I am aware of that are
complaining about PGP version interoperability problems do not fall into
the rare category of users who have not upgraded any software at all for
the last 5 years.
Since the existence of multiple PGP software providers has not been the
cause of the interop problems experienced by some, reducing the number
of PGP implementation providers should not be expected to have a
significant impact on the number or severity of PGP interop problems
experienced by the users.
The same Cypherpunk expressed a hope that absent NAI's
