A recent diary entry got me thinking a little more about getting crypto in more places. I've been a fan of crypto for some time, but I've never gotten far enough into it to consider myself a real crypto nut. I sign all my emails and encrypt things to the two or three people I know who can read them. I'd like to see crypto more widely deployed.
Advogato has an old article titled Casual PKI and making e-mail encryption easy. It discusses the need to make encryption easier for casual users. Two projects in their infancy aim to do this: Passive Privacy System (PPS) and Herbivore. They appear to be "the same thing but different". Each makes the basic assumption that the user's computer is secure (i.e., there are no passphrases). While this is a dangerous assumption, it is the assumption made by millions of users who check "remember my password" in their email clients already.
One other idea I found interesting is that of the "robot CA" which only verifies that a particular email address goes with a particular key. Creating such a beast seems easy: take a key, find the email address(es) in it, sign it, and mail it there. If it doesn't make it, the email address wasn't valid.
I think it would be useful to have this sort of casual encryption deployed widely to foil passive listeners. It would be icing on the cake if these measures integrated nicely with the more paranoid users doing more secure encryption today.
Votes: 87