Hello, this is not GnuPG-specific, not even crypto-specific in the sense that I guess no real change to any crypto tool or standard would be necessary. Technically it's about a new MIME container usage but crypto-related. I hope here are the right people to comment on that. Somehow I prefer getting slammed here over the openpgp working group mailing list...
This idea came from a real experience a few days ago. I am trying to get crypto usage on a large scale to one of Germany's biggest universities (FU Berlin). The CS and math departments organize a small (but official) information event. I give four real courses (inofficial but supported by the dean; http://crypto.spline.de/). As this is mainly about peer pressure for the freshman students I wanted to teach some of the Ph.D. students crypto first. We invited about 30 people, none even reacted. I was told that this effect was less about the offer itself but more about the point that this was "one more email from a stranger to a group of people". I.e. probably not even read by many of them. That was the example, now the idea: With a small change to the PGP/MIME standard this would have been possible: I write the email but do not send it to the intended recipients but to the dean first. He makes a signature (some easy one- click feature maybe with a comment) about the email (or about my signature) and sends it back to me. Then I add his signature to my email and send it to the recipients. Now this happens: The recipients still see an email from a stranger to a group of people but now their mail client tells them that their dean (and maybe even more people) supports this email. Of course, you have noticed that a crypto feature does not work in a mail which shall make people start using crypto but you get the idea. This would be possible without crypto, too, but I guess to easy to abuse for being accepted. I guess it would be enough to replace the signature container by a multipart container with several signatures. Somehow the real sender signature would have to be marked (or rather: the support signatures should be marked as such, either implicitly by being a signature over the sender signature or explicitly by a notation). I don't want to be too optimistic but I guess this could be so useful that it might actually become a reason for the not so small "I have nothing to hide" group to start using crypto. Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users