Now that I've set it up and have been using it, I like the idea of having secure mail but don't like the "Begin PGP signed message..." gunk text it places in the email. In the interest of wider adoption, I think that mail programs should:

1. Support PGP by default
2. Hide the PGP text in the message (like they hide header data) and display a little PGP icon that you can click to verify the message

David -- the gunk is still being used because Outlook has a particularly stupid bug. If you use the newer, standard "MIME format" for PGP-signed messages -- which *is* basically what you describe in most newer mail apps -- Outlook doesn't display them by default; the user has to click on what appears to be an attachment. urgh. stupid Outlook.

I agree that PGP is cool, and deserves wider use. But I think the fundamental problem is that people just don't get the point of using PGP; they're effectively happy enough with normal email as it is.

I dunno, maybe we need a whole batch of new PGP plugins, and a user education campaign like the Firefox "take back the web" one...

I'm interested in this too... but why should I pay for PGP if GPG is available? Is there a significant difference?

Two things:

1. Robert, you can use GPG no problem.
2. I forgot to link my public key here. Will do that as soon as I get to the computer I signed it on.

> maybe we need a whole batch of new PGP plugins, and a user education campaign like the Firefox "take back the web" one...

Why couldn't Google just build it into Gmail by default? They could build key creation into the signup process and just enable it for all users. Apple could do the same thing with Mail and Mozilla with Thunderbird.

Would Google store your private key on their servers? That sounds shaddy, no matter how trust worthy Google is. I suppose Google could have copied Hushmail's model, though perhaps there are patent issues or some similar problems.

Public-key cryptography is a solution to a problem no one knows they have. Till that changes I don't see it being adopted.