[Enigmail] Good news, everyone!

Thu Feb 14 22:30:36 PST 2008

> Michael Kane wrote:
>> I've recently become very interested in email encryption, and I'd like
>> to talk to like-minded people about how to make it easier for
>> grandmothers to use.
>
> Lost cause, unfortunately.  I don't say that lightly.  For almost two
> decades I waved the banner, but I finally have to admit defeat.
>
> Email encryption is _hard_.  It's hard to think about, it's hard to talk
> about, and for newbies it's often genuinely _impossible_ to
> differentiate people who know what they're talking about from people who
> should be ignored at all costs.  E.g.:
>
> 	"In the beginning nobody used long keys because they took so
> 	 long to encrypt and sign messages.  Now we have much faster
> 	 computers, and there's no reason not to use the best keys
> 	 possible: 4096-bit RSA."
>
> 	"Bit for bit, Elgamal and its family offer better strength
> 	 than RSA."
>
> 	"Remember that all algorithms can be brute forced--it's only
> 	 a question of whether you can afford the computers required."
>
> 	"Sign every email that you send, regardless of to whom you're
> 	 sending it.  That way if anyone ever forges your message,
> 	 you can say 'I sign all my messages.  If it wasn't signed,
> 	 then it wasn't me.'"
>
> If you were to ask people who considered themselves savvy on the subject
> of email encryption, pretty much everyone would agree all four of these
> statements are pretty much true.  The problem is they're all false.  All
> of them.  True responses would be:
>
> 	"The absence of reasons not do something is not, itself, a
> 	 reason to do it."
>
> 	"This is wild conjecture."
>
> 	"This is ignorant of even the basics of information-theoretic
>           security."
>
> 	"No information is conveyed by the absence of a good signature."
>
> But ask a newbie to evaluate each false claim and compare it against the
> true claim, and very few of them would be able to figure out who's
> telling the truth and who's lying.  This is how I think the conversation
> with the newbie would turn out:
>
> "He says Elgamal is bit-for-bit better, you say that's wild
> conjecture--he says he read it on alt.security.pgp, and you're talking
> the Springer-Verlag Lecture Notes in Computer Science series--what the
> hell are these things?!  I just want my email to be safe and secure!"
>
> There is so much misinformation out there about email crypto that it is
> utterly implausible it could be an CIA plot.  The CIA is good at
> muddying the waters, but this is the Ganges River during monsoon season.
>
> There's good news, of course--analytical thinking and logic will help
> clear the waters, leaving only some of the deep depths enshrouded in
> murk.  But that requires the user to know the rules of logic and be
> willing to apply them to analytical thought.  In our modern society,
> most people would rather drink hemlock than think critically and
> rationally about a subject.
>
> I doubt that it is possible to teach email encryption to a general
> public that has at best an eighth-grade understanding of mathematics.
> And for that reason, I'm no longer an advocate of making email
> encryption simple enough for people's grandmothers.  Won't happen.  Lost
> cause.  Pure quixotry.
>
> I'm an advocate of making email encryption simple enough for someone
> who's taken two semesters of college math.
>
> Believe it or not, if we could do that it would be a massive, /massive/
> step forward in the usability of email encryption.  And that's exactly
> what I hope we can do with Enigmail.
>

Haha. I absolutely loved this rant. Thanks!

Regards