Slashdot Mirror
Moxie Marlinspike: GPG Has Run Its Course
An anonymous reader writes: Security researcher Moxie Marlinspike has an interesting post about the state of GPG-encrypted communications. After using GPG for much of its lifetime, he says he now dreads getting a GPG-encrypted email in his inbox. "Instead of developing opinionated software with a simple interface, GPG was written to be as powerful and flexible as possible. It's up to the user whether the underlying cipher is SERPENT or IDEA or TwoFish. The GnuPG man page is over sixteen thousand words long; for comparison, the novel Fahrenheit 451 is only 40k words. Worse, it turns out that nobody else found all this stuff to be fascinating. Even though GPG has been around for almost 20 years, there are only ~50,000 keys in the "strong set," and less than 4 million keys have ever been published to the SKS keyserver pool ever. By today's standards, that's a shockingly small user base for a month of activity, much less 20 years." Marlinspike concludes, "I think of GPG as a glorious experiment that has run its course. ... GPG isn't the thing that's going to take us to ubiquitous end to end encryption, and if it were, it'd be kind of a shame to finally get there with 1990's cryptography."
Ending up as an unemployable martyr because I can't board a place is not something I can afford.
They're even stopping you riding fish now! That's harsh
I suspect some of the cruft is due to its PGP heritage, but really, all the options aren't the problem. The length of the manpage, neither. Here you have a decently documented piece of software and you complain about the volume? Psah. No, that really isn't the issue. Nor is the ability to have multiple algorithms, as the state of the art keeps on advancing and so you need to replace algorithms now and then.*
The issue is that the interface, the way it packs up crypto for ease of use, is something only a crypto-nerd could love. The basic principles aren't hard to explain to an intelligent lay(wo)man, but understanding how the web of trust works, nevermind make intelligent decisions that make sense, that even crypto-using nerds usually don't manage. And that's just the model; the implementation is clunky to the point that even programs employ intermediate libraries that then barely work for this or that ill-conceived reason.** And then there's the interface as ment for humans. Again, it's nerd-only.
That nerd-only-ness is an obstacle to uptake, and that again is a problem. We desperately need crypto in email, but what bank even publishes GPG and S/MIME keys for securing email? I know of one, and it's a central bank so mere mortals cannot open accounts.
So for a long time GPG has only been supported by a single person, props to him, who evidently doesn't know much about usable user interfaces, not even CLI ones. Yet I'm not blaming just him for it, either. Look at openssl: Again a bit of crypto software that turns out to be pretty damn important, and there's only a few boobs holding down the fort. That is actually poorer documented and even clunkier to use. The code, starting from the APIs, isn't so hot either. No wonder it came crashing down spectacularly. But that too is a problem.
So we have a couple real problems, yet this security expert managed to pin only non-problems. And that itself is again a problem.
* One thing that is a problem is the headers inserted on top of the message that really ought to've been encoded in the signature, since they belong there and moreover there's no real need to put them anywhere else. In fact, the current practice causes transport problems making the format more brittle than it needs to be.
** Work out why gpgme doesn't work so well on 64-bit windows, especially where the individual programs may or may not actually be fully 64bit. It literally doesn't work because some maintainer disabled the workaround that made it work because that somehow "does not make sense" to him.
I've used GPG since... I don't even know, for a very long time. However, since I communicate a lot internationally, and I don't know (and I don't want to know) about every country's regulations regarding encryption, I gave up sending encrypted e-mails at the very beginning, but I still always sign my mails. I never even thought about how many people use or don't use GPG, it's just been there, ever so useful - and I think that's good so. I think "run its course" is harsh though. Why? Because one Moxie Marlinspike says so? Bollocks. If it's useful - and it is -, it's good to have it.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
...what do the other characters from Harry Potter think?
systemd is Roko's Basilisk.
It's a bad sign when those who care about security lose interest. The NSA is doing their part to eradicate secure crypto. Law enforcement agencies are commonly breaking the law to fish for potential criminals. The only protection available is what's written by people who are not subject to influence from the NSA. That's increasingly meaning open source or non-US-based companies.
Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.
On the other hand, the 1990s cryptography he mentions would be a huge improvement over many things we have today. Since the 90s, I've wanted the ability to have cryptographically signed financial transactions. Instead of financial institutions and credit reporting agencies using shared secrets, I'd like to have the ability to authenticate with a public key. I'd like to provide my public key in person to my bank so they know I'm authorizing transactions. Instead, they rely on secrets which are available to anyone who's willing to spend a few bucks and maybe break a few laws. Identity theft is so prevalent because we're basically relying on writing (at least a 4000BC technology) for security instead of good crypto. Hell, bad crypto would be an improvement over most of what's being done today.
I hope his opinion isn't representative of more people who have been involved with security and privacy issues, but unfortunately, I think it will resonate with a lot of us.
Blame Google for not implementing it in Gmail -- Then they wouldn't be able to get ad revenue and user metrics from their "free" email service.
Blame MS for not integrating it into Outlook, but why would we expect MS to actually want security in any of their products?
Blame Mozilla for the creaky plugin and cumbersome import/export publish keys interface in Thunderbird, and support for SMIME over GPG by default.
Blame the users mostly for not giving a fuck about encryption.
Personally, I don't give a fuck. Most people don't care about encryption but the ones that do, do. Some take the time to setup GPG with an email client and it actually works quite well despite my complaints about the clunky interfaces.
I can tell you this much: Fuck publishing ANY open source software without signed and verified GPG signatures. You better have a replacement for the "experiment" that's securing the world's biggest open source projects source code, buddy, or you can GTFO for being a sensationalist maroon.
TL;DR: People who need GPG use GPG. Those that don't give a fuck don't give a fuck. Seriously, if the average person can figure out how to use the bullshit set-top box with horrible remote control interfaces, they COULD use GPG if they wanted to, but they don't.
My GnuPG public key is on my web site (www.andycanfield.com). It is not on any "KeyServer"; I don't believe in key servers, that's just another layer that the hackers can break and the NSA can subvert.
I use Thunderbird; the interconnection between that and encryption is clumsy [ e.g. if you haven't got a key for somebody, don't encrypt the message, dummy!]. But it works. As long as it's smarter than Keith Alexander and Vladimir Putin, I'm satisfied. The important thing is that PGP is a ***standard***. Any idiot can come up with something better, but he can't make it a standard, so my correspondant on the other end of the wire can't use it.
Oh, and my e-mail address is on Yandex, which is in Moscow.
Forward secrecy is desirable as we see the NSA hoover up messages then store them until they crack the keys.
Has anybody attempted to bolt forward secrecy on top of SMTP? I would assume that it would need some kind of session key exchange between sender and recipient which would preclude the use of SMTP.
SURELY NOT!!!!!
Yeah. If only there was an easy to use end2end encrypted mobile phone application for voice calls that Moxie had been involved in creating.
https://en.wikipedia.org/wiki/...
it's in my head
The point is that Moxie actually *does* something (has the OP done anything? We don't know).
I don't agree on everything with Moxie, but fact is that he's not sitting on his hands, by a long stretch.
Show us your work. Talking is easy Moxie: PRODUCE SOMETHING USEFUL.
He is just being Marlinspitefull.
I partially agree with Moxie, GPG/PGP as an email encryption standard is never going to reach the "my mother uses it" point of say Skype. That doesn't mean its run its course. I also think it's disingenuous to imply that the number of keys on the public key servers is a useful proxy for utilization rates.
In my company we use GPG every day. Most people who work there have no idea that we do. It's used in sensitive communications at high levels between organizations, e.g. to send documents to auditors. It's also used in a huge number of automated processes to encrypt data during the DB extract process so we can move that data out of the DB network and send it to partners.
We don't send those keys to a public keyshare. That would provide attackers information and we don't do that (ya, security through obscurity sucks if it's your only line of protection. If you're using it to make life just a bit more difficult for an attacker tho, well I'm always for that!)
Now all that having been said, I have great respect for Moxie, and maybe he has the Next Great Thing up his sleeve. I hope to see it at Defcon :).
Min
On the whole, I find that I prefer Slashdot posts to twitter ones because I don't get limited to 140 chars before
I simply asked him -- in a private email -- if there was a signature for Convergence someplace because I didn't see any online.
He accused me of being "inflammatory" and stated it was necessary to "take a leap of faith" (i.e. download and run it without verification). This was back in 2012, mind you. He appeared to be oddly anti-PGP back then, too.
Frankly, after that I had no appetite for any more of his, erm, style and forgot about Convergence. Years later, I had to abandon DoNotTrackMe (by a Moxie-run company, Abine) nee 'Blur' for Ghostery instead when the former got an update that kept hogging the CPU. An email to Abine just yielded a response to keep updating Blur, but the problem never went away.
I was saying all this 14 years ago.
FOSS Encryption is a mess. It is basically impossible for a regular user to set up encrypted mail.
I'm an expert, and I never even managed too. (The K-Mail crew basically lying about their GPG-features didn't help back then)
Furthermore, the actual, underlying problem is E-Mail.
That this piece of crap protocol/service could survive for so long totally amazes me. I remember using Fidonet and Crosspoint, back in the 90ies (which actually is a superiour solution to E-Mail) and then learning about E-Mail and thinking "Why is everybody using this and thinking it's great?".
The fact that E-Mail is so shitty is the sole reason Facebook has north of a billion users - for the simple reason that Facebook actually is a *better* user experience than E-Mail. Think about that for a moment.
Bottom line:
E-Mail needs a complete redo/replacement with hard asymetric encryption and zero-fuss key handling and exchange built in as a core specification. Top-notch FOSS clients for all major platforms included. That this whole field is in such a sad and sorry state is to the largest part the fault of us, the FOSS community.
We suffer more in our imagination than in reality. - Seneca
Most ordinary users I know actually like the idea of encryption. They just can't use it because no one has created a highly opinionated encryption API that is intended to be plugged into browsers, email applications, office suites, etc. and is dead simple to use. This is something that an open source desktop like KDE should take on as a proof of concept. I'm sure there's plenty of code in GPG that could be extracted, turned into a tight little module and then wrapped with really slick C or C++ APIs with really friendly dialogs in Qt or GTK.
This isn't entirely a mystery. For a technology to be widely adopted, it needs to be easy for everyone and provide demonstrable benefits. OR, it needs to provide benefits for a business who already has your custom. And there we begin to see the problem. There are two massive disincentives:
- Crypto doesn't play well with webmail
- Encrypted email can't be scanned for advert keywords
So you will never see the likes of Google or Microsoft championing this. Apple - just maybe, as they would rather promote devices, and I gather they actually DO have decent end to end crypto on iMessage and so on. But even then, it's VERY hard to do in a way that customers would actually appreciate. No-one wants to get email working 95% of the time. It needs to be 100%. If you can't read 5% of your email, you're in trouble. Or you can't read email on the 5% of time that you need to access from a borrowed PC.
It seems to me that the keys to making this work are:
- Concentrate on signing before crypto. Get banks to sign email. Have different security levels; get to a stage where by default, only signed email will download embedded images, make links clickable without a warning, etc..
- Find a way to make it work with webmail. Can we do this with JS? Or do we need browser support? End to end crypto It would require a way for a part of a page to be sandboxed, accept a secret to decrypt your keys, and not allow the plaintext info out. End to end signing is a little easier. This might also include retrieving the private keys from a distinct cloud service.
- Solve the centralized trust issue. Probably derive a format from S/MINE rather than GPG for email, but critically, signing of certs needs a community trust system so you can see who trusts who, and people can get their identities signed by people they know.
Finally, if that's widely deployed for signing then people can begin to encrypt with a hope of the other end being able to decrypt.
Yes, I've used Redphone. No strange setup process needed for the calls to be secure. That's what we're discussing, right?
The first time you start up RedPhone, the app prompts you to register your phone number by tapping a button. And then you're done; that's it. RedPhone doesn't ask for passwords, logins, or even for users to create an account. The app is designed with privacy in mind, so it requires as little from you as it can.
http://www.pcmag.com/article2/...
it's in my head
I wanted to post something on the Facebook pages about my town: A Facebook search which would bring up a couple of pages, I'd go to those pages, which would show a couple of associated pages. I'd click on join for each one and wait.
Then I went to the phone-book: Type in the town and a selection criteria; all the names appear, with a large percentage showing email addresses. I could immediately push my post to a large percentage of my target audience.
Facebook may be a better experience (Aside: I disagree) but phone and email provide the superior networking function. Social networking means only that I do less 'pushing' of the message.
Then PGP / GPG solved a lot of this bullshit, starting with generating keys for free but email clients never bothered to give it proper support. Instead they offered up some plugin APIs and unsurprisingly PGP / GPG ended up with half assed implementations too. Even fairly good extensions like Enigmail didn't integrate with the client as closely as they should.
And by this point cloud based email took off and crypto fell by the way side. If you want to use crypto in GMail then you have to cut and paste and clearly it's too much effort.
So I really don't blame GPG here. If the first thing an email did during setup was ENCOURAGE a user to create a key; and by default published that key; and attached the key sig to outgoing emails; and automatically looked up incoming email addresses; and automatically encrypted content when all recipients had their own key; and didn't hobble functionality for any of this (e.g. search still worked). THEN this wouldn't even be a problem. Encryption would have been the default and it would be an irrelevance if it was PGP or GPG was under the covers.
In short, everything except the fact that you're using the system.
That's not the problem with GPG.
The problem with it is that I could never be bothered to use it, not because of privacy (it would be incredibly convenient to send, say, a password required in an emergency via a verifiably-encrypted email) - but because it's such a faff. And it interferes with everything (searching, archiving, re-enveloping etc.). And to do so is all bolt-on-and-bodge-job methods. None of the major email clients offered anything like proper encryption by default.
And as soon as you get into using plugins, most people just won't bother. There are plugins for PFS for all your instant messenger programs, etc. - I had one installed for about 5 years, the only other person I know with one installed has a different, incompatible one. Now I don't use IM much any more anyway, so it's dead in the water.
And all email encryption is a ton of messing about with publishing keys in the right places, and having to verify against those places, etc. It's ugly.
The only place I've seen anything like GPG working is in package signing for third-party software. And there you have to download the package, download the key (either from the same website as the package - WOOP WOOP - or independently crowd-source a verified key), and then check it works. I've only ever bothered for Slackware, for which I believe the ISO images are signed with the official Slackware key.
GPG is just a pain in the butt and not automated at all. It's easier to compose and encrypt the message ENTIRELY OFFLINE and then send the encrypted text, and that shows you what kind of automation is missing, and what kind of trust system is actually in place.
Sure, there are plugins, helpers, hacks, extensions and all sorts. But none of them ever progressed to being "in" the software. Not even software designed to do nothing else but send email.
As an AC, you're a more probable expert on what NSA cock tastes like, so why don't you tell us?
Moxie has been in the trenches breaking drm to free our devices and thus has a good idea of what works & what doesn't.
Much like the "Real programmers" that bemoaned the death of really using the machines when we stopped programming directly in machine code, some will miss PGP, but not anyone who wants encryption to become widespread. PGP is convoluted and a poor base on which to build. We need to move on.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
webmail is ideologically incompatible with the very notion of secure communication that using encryption embodies.
To whit--
A webmail service holds not only the inbox itself, but also holds the contact list, and the presentation code. If one were to integrate encryption as well, then the webmail service would also have to manage keys, both private and public. Handing out BOTH keys is the very essence of insecure, but would be necessary. (The webmail service would need the private key to decrypt messages sent to you, coded with your public key, so it can display them! It would also need your public key if you wanted to read what was in your "sent" folder.) It would also need to hold all the public keys of all your contacts.
That's just one national security letter away from "Oh, sorry, we gave all those keys we had on file to the NSA, and couldnt tell you about it!" and one data breach away from a massive chain of trust catastrophe by identiy thieves (or worse).
Webmail is fundamentally incompatible with the very idea of secure communication of this type. This is something that you simply CANT put "In the cloud", because the main feature of webmail is being able to check it anywhere you can use a web browser. That feature goes away if the service does security correctly, and security goes away if the feature is retained. (To keep the keys outside of the webmail service, the keys would have to be stored on trusted workstations, or on a personal keystore on a portable device, like a USB keyfob-- Not all places with browser access will have provisions for this, and the added complexity will make users pissy. Putting the keys on the webmail server side fixes that problem, but destroys the security model fundamentally.)
http://xkcd.com/1343/
I have determined that my sig is indeterminate.
And yet you contine to be bent out of shape about it. Fancy that.
----
I already addressed this. TWICE.
The option is binary. Either the webmail server has the keys, or the messages are decrypted on the client side using keys stored on the client side for presentation.
If the keys are stored on the wemail server, the NSA can demand them.
If the keys are stored on the client, then the main feature of webmail is broken.
They keys have to be stored SOMEPLACE for the messages to be encrypted and decrypted. The primary statement in my postings has been that properly secured encrypted email is not compatible with the use case of webmail. Webmail's use case is "email access that is independant on client platform, as long as a suitable browser is present" As soon as you put the keys on the client side, this goes away, because now the browser has to probe the local filesystem for the key store, or the browser itself has to have the keystore. This has all the problems of Enigmail for Thunderbird, (Or the GPG plugins for any of the other capable mail clients out there.) The keys are stored on a trusted workstation, that you cant just lug around with you-- OR-- if stored on a keyfob, accessing those keys requires extra steps above and beyond just logging in and checking your mail. This breaks the use case for webmail.
Rather than being an argumentative troll, you could explain your position instead of arguing impotently. Instead, you chose to complain about spelling mistakes, confabulate, and hurl ad-hominems.
To return your trite quip, I already knew that this is what you would do. Resorting to arguments about improper grammar, spelling mistakes, or improper word use is the hallmark of somebody with nothing of real substance to contribute, who instead just likes to feel superior. Congratulations.
And, of course, the whole thing is dependent on fixed servers which Moxie claims aren't easily replaced. Just like TextSecure on Android depends on Google's servers to function.
So the advantage over GPG is that the entire communication process can't be abstracted onto any other communication protocol (GPG on email/SMS/paper slips/etc), but depends on rickety infrastructure provided by somebody else. Progress!
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
Agreed. The CLI of gpg is horrible. There are some semi-acceptible GUI variants, not least Enigmail, and a good UI is is definitely going to be required if you are going to get general acceptance.
But the main reasons it continues to not get used are
0) Math* is hard!
1) The rise of webmail
2) Inverse network effects
* encryption being a subset of math.
0) It's hard to explain to people that they need encryption, how it works, what it is. People think email is secure! The "envelope" iconography is very misleading - email is more like a postcard, delivered by a random selection of disreputable postmen.
1) Webmail makes it much harder to do encrypted mail because to make it secure you'd have to install browser plugins. None of the webmail providers want to make one, because it will destroy their revenue stream of monetizing the analysis of your mail traffic.
2) If you want to actually use (G)PG(P) your recipient also has to grok it, install software to use it, and you have to exchange keys. This is a massive hurdle to overcome for all but the most dedicated cryptonerds. Until there is a majority of people who want to use encrypted mail, that will carry on being the case.
There are projects attempting to overcome some of these hurdles ; you have the likes of keybase.io that takes some of the sting out of key exchange (and verification).
But!
Until encryption comes with the communications software you are using out of the box, is enabled by default, interoperates with everything properly, and forces you to configure it to even use it, the vast mass people won't use it. And this is well known by the SIGINT agencies who view people actually using encryption AT ALL as a red flag that they should look closer at.
If it's so easy to use that people will actually _use_ strong encryption (end2end - who cares if there are central servers passing on the encrypted data) then yes - why not?
I fully agree with Moxie - and I'm hoping to get a lot of people to move from Skype to Wire. It might only be end2end encrypted for voice calls - not the text/group chats - but it's a lot _better_ than the alternatives, with a UI that has a chance of getting wide adoption.
More of the world's communication will be secured. That's progress.
it's in my head
Not remotely. He's encouraging good encryption, but calling for some updates (it hasn't significantly changed since the mid-'90s) and a better wrapper. GPG is still largely by geeks, for geeks. I couldn't get my parents to use GPG because they'd dismiss it as too hard, even if one of them is happy to stick it to the man. The suggested minimum settings vary based on where you look and when they were posted.
Example: An RSA key size of 2048 bits is largely considered secure, but NIST recommends 3072 bits for anything that one would want to keep secure into the 2030s. People still often see their e-mail as their private papers and may be concerned over who can read them well past the 2030s. But does that mean they use 3072, or go with the random crypto weblog guy who says to always go with 4096? And why can't I create 8192- or 16384-bit keys like that software claims to over there?
And what to hash to use? Plenty of sites still say MD5, but they were written years ago. Some have updated to SHA1, but others point out weaknesses there. OK, SHA2, then. But then there's SHA256, which must be better, right? (I know SHA256 is a subset of the SHA2 family, but those unfamiliar with crypto will not.)
Until GPG-style crypto becomes relatively automated, it won't be embraced by more than a handful of people. HTTPS is widely used because people don't have to think much about it. This has some downsides for poorly-configured servers and Superfish/Comodo-style backdoors, but browsers and other software help take up the slack by rejecting poor configurations. PGP/GPG were designed to reach near-perfect levels of encryption, but that bar is clearly too high for significant uptake. We should instead be looking for something that encourages end-to-end encryption that is good enough. We can build on if the underlying structure is properly designed, and as people get more accustomed to crypto in their lives, they'll be able to adjust to improvements.
When the majority of communications are relatively well-secured, it makes it far more difficult for a surveillance state to conduct its operations. Perfect security can still be a long-term goal, but we need more realistic goals to encourage uptake in the meantime.
You can never go home again... but I guess you can shop there.
There are two items when people mention PGP:
The OpenPGP format.
The PGP implementation applications, like archaic PGP versions, NetPGP, APG, OpenKeyChain, GNU Privacy Guard, Symantec Encryption Desktop, and a number of others.
As far as I know, all the above have their source code available under various licenses, even the Symantec stuff either has, or used to have, its source available for examination.
I do agree that a revamp in some of the OpenPGP implementation programs is direly needed, because as of now, the most usable implementation (IMHO) is Symantec's version, which is a commercial product.
It might be nice to see about breaking the OpenPGP implementation programs up into to parts -- two library frameworks (one for BSD, and one for GPL v3), and the code that accesses the libraries.
As for the OpenPGP format itself, it does need some incremental improvements:
1: Additional encryption and the ability to chain encryption algorithms. This isn't meant to win a bitsize war, but so that if one algorithm like SERPENT gets broken, there is still AES and Twofish. TrueCrypt implements this.
2: Splitting how much you trust a key versus how much you trust a key's owner to sign, introduce, and validate other people's keys, with both of these values exportable. This way, if you are 100% sure you have a key of a cretin, you can pass that along.
3: Newer compression protocols like LZMA2, bzip2, and others, so that data is further shrunk before encryption.
4: An error correction protocol applied after encryption and signing, with a user selectable amount of ECC applied. This way, a signed OpenPGP file that suffers some damage can likely be repaired, and the signature still be valid.
5: Share splitting. This way, a user can select x out of y pieces be required to recover an OpenPGP packet.
However, all and all, the OpenPGP protocol has stood the test of time when it comes to security. Its main strength is that it is not tied to a communications or messaging protocol, so an OpenPGP packet can be sent on a file on a SD card, via E-mail, AIM, SMS, MMS, posted on a newsgroup or forum, or virtually any other means. There are people who bash OpenPGP, but oftentimes, they have their own solution, and have a vested interest in getting people to leave OpenPGP for a closed system.
OpenPGP fills a crucial need. Not just securing data over communications, but protecting data stashed away. Few encryption protocols can secure both data at rest, and data in motion.
I must be getting old when 6-digit UIDs are long time slashdotters. I for one welcome our newbie overlords.
You want the impossible. You want communications you can trust without having to understand how they happen.
See, there's the rub. Perhaps 10% of the geek community even _think_ they know how this stuff works, of which perhaps another 10% of that group have a reasonably up-to-date knowledge. Which would probably work out to 0.1% of the PC/phone/iThing/tablet-using public.
OTOH, we see people of all intellectual persuasions, most of whom haven't a clue how their cell phone works. But they are successfully using a device which has built-in encryption (which could probably be better, but that's aside the point) for their phone calls, without any significant setup other than buying the phone and providing certain details about themselves. So some level of trusted communications _can_ be provided without everyone becoming a geek, but (as you imply) it does require some kind of industry agreement - and government acceptance - to provide an uncompromised solution. And I think that is essentially impossible as long as we have even a few "bad guys" (for any definition of "bad guy") out there.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/