Phil Zimmerman and PGP at CNN.com

rick_campbell writes "CNN is carrying an article about Phil Zimmerman and the fact that Network Associates is dropping support for the commercial version of Pretty Good Privacy. The article includes a little bit of Phil's take on the situation, a little history and some discussion of why this happened and what alternatives exist."

Re:As someone who should know better,

[cduffy]

That would be an issue with the IPsec adapter included with NAI's product. It's a separate and disablable component -- and GnuPG has nothing like it, so you need not fear any problems stemming from use of the latter product.

Plugins exist for Outlook integration, FYI.

Uhhh PKI?

[Conare]

Encryption is difficult for average users to grasp, - It's like a secret code.
products aren't all that easy to use - Most email encryption I have seen is implemented as simply depressing a toolbar icon. Is that really that difficult?
and the threats of not protecting e-mail from prying eyes aren't all that easy to explain, Hill said - Hill can't be serious. How about two words? Intellectual property. or how about these two: National Security. Or how about these two: Excessive litigation
Also in an article that supposedly discusses alternatives for encrypting email, PKI isn't even mentioned. What a terrible article.

Another great idea dies

[blankmange]

It seems that NA had a great concept/product on their hands and through whatever passes for sense,let it go. How many applications has this happened to? An individual or small startup has a great idea, or maybe even the elusive 'killer app' and then is quickly bought up or out by a larger corporation. The application is quickly diluted, sent through several revisions that only seem to add complexity/bugs, and then the company drops it, but keeps the 'trademarked' name.... Now we can still get copies of and continue to use PGP, but now we will have to call it something else. Here's to Zimmerman; stick to your guns!

Re:No privacy at all

[jayant_techguy]

Do you know the biggest problem is the end user just doesn't care about E-mail security or won't know how to handle it.
If you are really concerned, there still exist free s/w while do pretty decent job with RSA encryption algorithm. Though mind you they might not integrate into Outlook etc. as PGP did.
The crux is it'll be a long while before encrypted E-mail is the norm of every human. I have to handle mails from 100 different people professionally daily, some containing sensitive information of the sender, but they don't care to encrypt it using PGP or any other tool, and send me their sensitive info. like anything.

Re:The End User Still Doesn't Care

[-tji]

No, the problem is that it is still too difficult to use secure e-mail.

If they select a check box to "Secure E-Mail" when sending e-mail to someone, and the details of how it happened were hidden, people would do it.

But, if it requires you to exchange keys with someone & manually manage the process, only the techies will do it.

It's a tough nut to crack.. To do it right, you need a trusted authority to manage identities & keys. I don't see any sign of this happening.

Human rights groups

[Beryllium+Sphere(tm)]

http://www.cryptorights.org

There are people in countries with really bad governments who are using PGP to communicate.

Re:The End User Still Doesn't Care

[wishus]

There is also a Windows Eudora plugin, though it's still a little buggy. I'm working on it, give me time... ;)

However, with email encryption, there is still the problem of validating keys. Most people don't understand why they have to check fingerprints and sign keys, and they get lost when you try to explain a "man in the middle" attack.