Mailing List Archive

Dear GNUPG developers,

We have GOT TO make things simpler.

1/ I do have some years of experience with GnuPG. Especially with
convincing people to use it. It is not easy. But I do it because it is
in my interest to be able to communicate privately.
2/ My latest experience is with a person who sent me his entire keypair
per email. I had asked him to send me his public key only. I had
instructed him how to prepare that file ("export public key, do NOT
export the secret half of the keypair. Ensure this by ticking the right
boxes. If you use GPA do it like this, if you use Kleopatra, follow
those menu trails, if you use GPG Tools I do not know."). The person who
made the horror of sending his secret key over email is properly educated.
3/ Please do appreciate that the persons who we are convincing and
instructing are not particularly interested in privacy. They need simple
approaches.

4/ Here is my proposal:
4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not
Enigmail, although it offers the same, but it offers too much for
beginners. Email integration comes after people have a basic
understanding. Please do appreciate if people only want to be able to
prepare encrypted documents for sending them as attachments.
4.2/ Ensure that, when generating a keypair, GnuPG creates one directory
"Secretkeys", and one directory "Publickeys". Make GnuPG to store the
public part and the secret part separately in those directories. If
GnuPG needs also keypairs in a single file, store that under Secretkeys.
4.3/ Get rid of the confusing menu/Exportkeys/ vs menu/Exportsecretkey. etc.
4.5/ Get rid of the options to NOT publish keys on keyservers. Just work
the opt-in alternative: If you want to publish to keyservers, make that
a separate action that requires some effort.

Best regards,

Roland

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 9/30/19 4:58 AM, Roland Siemons wrote:
> Dear GNUPG developers,
>
> We have GOT TO make things simpler.
<snip>
> 3/ Please do appreciate that the persons who we are convincing and
> instructing are not particularly interested in privacy. They need simple
> approaches.

ProtonMail or Tutanota. Both ensure far more privacy and security than
Gmail. Both offer free accounts and smartphone apps. If you need to
communicate privately with someone, have them get an account.

> 4/ Here is my proposal:
> 4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not
> Enigmail, although it offers the same, but it offers too much for
> beginners. Email integration comes after people have a basic
> understanding. Please do appreciate if people only want to be able to
> prepare encrypted documents for sending them as attachments.
<snip>

Few people not particularly interested in privacy are going to adopt a
solution requiring selecting, cutting, encrypting and pasting text. If
they already use Thunderbird, Enigmail is an easy enough to learn. The
real stumbling block is that most people don't do email using
Thunderbird or any MUA.

Jeff

Roland Siemons wrote:

> Dear GNUPG developers,
>
> We have GOT TO make things simpler.
>
> 1/ I do have some years of experience with GnuPG. Especially with
> convincing people to use it. It is not easy. But I do it because it is
> in my interest to be able to communicate privately.
> 2/ My latest experience is with a person who sent me his entire keypair
> per email. I had asked him to send me his public key only. I had
> instructed him how to prepare that file ("export public key, do NOT
> export the secret half of the keypair. Ensure this by ticking the right
> boxes. If you use GPA do it like this, if you use Kleopatra, follow
> those menu trails, if you use GPG Tools I do not know."). The person who
> made the horror of sending his secret key over email is properly educated.
> 3/ Please do appreciate that the persons who we are convincing and
> instructing are not particularly interested in privacy. They need simple
> approaches.

Maybe you can convince your friends to use Mailvelope or the new AutoCrypt
from Vincent (who brought us Hagrid). Both are OpenPGP apps, and no longer
require GnuPG and therefore should it make easier for your friends to use.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas via Gnupg-users wrote:

> Roland Siemons wrote:
>
> > Dear GNUPG developers,
> >
> > We have GOT TO make things simpler.
> >
> > 1/ I do have some years of experience with GnuPG. Especially with
> > convincing people to use it. It is not easy. But I do it because it is
> > in my interest to be able to communicate privately.
> > 2/ My latest experience is with a person who sent me his entire keypair
> > per email. I had asked him to send me his public key only. I had
> > instructed him how to prepare that file ("export public key, do NOT
> > export the secret half of the keypair. Ensure this by ticking the right
> > boxes. If you use GPA do it like this, if you use Kleopatra, follow
> > those menu trails, if you use GPG Tools I do not know."). The person who
> > made the horror of sending his secret key over email is properly educated.
> > 3/ Please do appreciate that the persons who we are convincing and
> > instructing are not particularly interested in privacy. They need simple
> > approaches.
>
> Maybe you can convince your friends to use Mailvelope or the new AutoCrypt
> from Vincent (who brought us Hagrid). Both are OpenPGP apps, and no longer
> require GnuPG and therefore should it make easier for your friends to use.
>
> Regards
> Stefan
>

Forgot the links, sorry ...

Mailvelope:

https://www.mailvelope.com/en/

Key server for Mailvelope:

https://keys.mailvelope.com/

Autocrypt for Thunderbird:

<https://addons.thunderbird.net/en-US/thunderbird/addon/autocrypt/>

Regards
Stefan







--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Few people not particularly interested in privacy are going to adopt a
> solution requiring selecting, cutting, encrypting and pasting text. If
> they already use Thunderbird, Enigmail is an easy enough to learn. The
> real stumbling block is that most people don't do email using
> Thunderbird or any MUA.
>

I use Thunderbird 70.0b2 and have used it for years. However it is a
major pain to implement digital signage and encryption. A pain.

Dennis



_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Am 30.09.2019 um 21:32 schrieb Dennis Clarke:
> I use Thunderbird 70.0b2 and have used it for years. However it is a
> major pain to implement digital signage and encryption. A pain.


I use enigmail and the signing and encrypting runs very smooth with
thunderbird.

Regards Bernhard

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

With all due respect... NO.
It is not wise to impede on the power-users who use GPG due to the availability of the various configurations that brought us here in the first place.


On 9/30/19 9:43 AM, Roland Siemons wrote:[snip]
> 4/ Here is my proposal:
> 4.1/ Stimulate that people use a GUI like GPA or Kleopatra. Not Enigmail, although it offers the same, but it offers too much for beginners. Email integration comes after people have a basic understanding. Please do appreciate if people only want to be able to prepare encrypted documents for sending them as attachments.
This is not an issue with GnuPG. GnuPG is a back-end utility that front-end applications (like GUIs) interface to. Go to your vendor of choice that interfaces with GPG and complain to them about the complexity their interface. As far as GPG goes, it does exactly what it's supposed to. It's a command-line utility. Its raw interface is not supposed to be exposed to the kind of user you're expecting.

> 4.2/ Ensure that, when generating a keypair, GnuPG creates one directory "Secretkeys", and one directory "Publickeys". Make GnuPG to store the public part and the secret part separately in those directories. If GnuPG needs also keypairs in a single file, store that under Secretkeys.Keys are stored in a keyring database. You're not supposed to export them by copying files over in this way. You use the command-line utility to import or export your public keys.
For instance, the following command exports all of your signed public keys in PGP format:
gpg -a --export
...or you can export a specific key by suffixing that last command with the key (or name or email some other identifier) that you want to export. Exporting private keys is done the same way. Exporting the trust database can be done this way as well, albeit with different options.
> 4.5/ Get rid of the options to NOT publish keys on keyservers. Just work the opt-in alternative: If you want to publish to keyservers, make that a separate action that requires some effort.AFAIK, distributing keys to keyservers already takes a separate action. Unless there's some other command I'm not aware about, the only way I see to distribute keys to some keyserver is with the following command:
gpg --send-keys $KEY_IDENTIFIER
-----BEGIN PGP SIGNATURE-----

iLcEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZPnWAAKCRDo8fj9gx4T
0/YtAgEBKgPN/9Ua2odPSPn2K7g1Qnc2XovMnDWE30reqNT4/cYCQmnVuwjMspqs
w5dA7SSIj/fSm9NJptn5dS7y70NoIgIEDJ2+QDNj/4PpUSkkIr3zHpI+y4yIanLP
UxWL8YI5mHUAfGAZ05O8HwwDUm+Z+q4joxVjBjP8pNASTklHrf4U32A=
=Oi8M
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 02/10/2019 00:55, Tony Lane via Gnupg-users wrote:
> This is not an issue with GnuPG. GnuPG is a back-end utility that front-end applications (like GUIs) interface to. Go to your vendor of choice that interfaces with GPG and complain (...)

And this is precisely why GnuPG failed.
Cheers,
Chris

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/2/19 4:15 PM, Chris Narkiewicz via Gnupg-users wrote:
> On 02/10/2019 00:55, Tony Lane via Gnupg-users wrote:
>> This is not an issue with GnuPG. GnuPG is a back-end utility that front-end applications (like GUIs) interface to. Go to your vendor of choice that interfaces with GPG and complain (...)
>
> And this is precisely why GnuPG failed.
> Cheers,
> Chris


If a user needs a masters degree and twenty years of experience to use a
tool then the tool will only ever be used by such people. Common sense.



--
Dennis Clarke
RISC-V/SPARC/PPC/ARM/CISC
UNIX and Linux spoken
GreyBeard and suspenders optional

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Dennis Clarke wrote:

> On 10/2/19 4:15 PM, Chris Narkiewicz via Gnupg-users wrote:
> > On 02/10/2019 00:55, Tony Lane via Gnupg-users wrote:
> >> This is not an issue with GnuPG. GnuPG is a back-end utility that
> >> front-end applications (like GUIs) interface to. Go to your vendor of
> >> choice that interfaces with GPG and complain (...)
> >
> > And this is precisely why GnuPG failed.
> > Cheers,
> > Chris
>
>
> If a user needs a masters degree and twenty years of experience to use a
> tool then the tool will only ever be used by such people. Common sense.

And this is probably the reason why digital signatures from GnuPG were never
been adopted (for business related things) in the EU and elsewere.

A good example for easy creation of digital signatures I came across today.

This service is free of charge. One only needs a card reader and his / her
ID-card. plus the free Open eCard software.

https://pilots.futuretrust.eu/sigs

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/3/19 5:53 PM, Stefan Claas via Gnupg-users wrote:
> And this is probably the reason why digital signatures from GnuPG were never
> been adopted (for business related things) in the EU and elsewere.

I don't know about the EU, but I can name at least 20 fortune-500 businesses that use GPG, including Facebook (yes, even they use GPG, see for yourself).
And those are just the ones -I- know of. And this isn't even counting government. As far as security goes, you cannot beat GnuPG. You do not have to submit your secret online or to some shady third party.
In fact, there's an entire industry dedicated to the sorts of services GnuPG provides, you might've heard of one - Yubikey.

-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZbEKAAKCRDo8fj9gx4T
05qBAgY94RW3iWAsqAp1epy44ArbPCRkU56kq9VihTKqQls/TMDx2FTx28LpafC5
qaUZhvABKoW9/5a2wN0m0av3aaB+bgIJAaCwT2qBU5OYpvxyaDX+RZwQ7GDd1/LT
3B8cJeQhCcDigoO4OazoMd1CgD6F1e63Y+NKeWfnLUlC3mvYcMnc2FQh
=abwF
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Tony Lane via Gnupg-users wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 10/3/19 5:53 PM, Stefan Claas via Gnupg-users wrote:
> > And this is probably the reason why digital signatures from GnuPG were never
> > been adopted (for business related things) in the EU and elsewere.
>
> I don't know about the EU, but I can name at least 20 fortune-500 businesses
> that use GPG, including Facebook (yes, even they use GPG, see for yourself).
> And those are just the ones -I- know of. And this isn't even counting
> government. As far as security goes, you cannot beat GnuPG. You do not have
> to submit your secret online or to some shady third party. In fact, there's
> an entire industry dedicated to the sorts of services GnuPG provides, you
> might've heard of one - Yubikey.

And do those 20 companies business with their customers were GnuPG
signatures are legally binding, like real signatures on letters?

That for example is the case with eIDAS conform digital signatures
here in Europe.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/4/19 3:35 AM, Stefan Claas wrote:
> And do those 20 companies business with their customers were GnuPG
> signatures are legally binding, like real signatures on letters?

_At least_ 20 fortune 500 businesses _that I know of_. Mind you, I'm not even counting governments.
And yes, it is recognized by the US government at the very least. See https://lists.gnupg.org/pipermail/gnupg-users/2018-September/060987.html and https://app.leg.wa.gov/RCW/default.aspx?cite=42.45.130


> That for example is the case with eIDAS conform digital signatures
> here in Europe.

Digital signatures are, in general, legally binding.
If for instance a government official who's known to use PGP signatures signs off on a treasonous act, that signature can be used against him or her in court of law.
But it can also be used for contracts.
e-signature is a legal concept used to capture a person’s intent to be legally bound by the terms of an agreement or contract.
While a digital signature is a mathematical algorithm. A cryptographic technology used to make data tamper evident, digitally sign of documents.
Even the "newer" signatures that are the Elliptic Curves are recognized as per FIPS-186-4, see:
https://www.federalregister.gov/documents/2015/10/20/2015-26539/federal-information-processing-standard-fips-186-4-digital-signature-standard-request-for-comments#h-9
and notably https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf
-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZd8fgAKCRDo8fj9gx4T
02ZvAgjW4j3F1vJna5KRq2po8xW6qmds0u8wUIJNDnQ46nBecy7nxTVyRNgMqdTq
kG19RhDdWvQZ850hmeAK6KJiYUAR+gIJAQ7YSL91Ncopuj8Eeamlh/KBpHfsrCS9
KT/7ZaFhKusw8fOz5XjvQxTksxeJrDsAYvIyufjdu837ri+qEqXWMWSd
=Lx49
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Tony Lane wrote:

> Digital signatures are, in general, legally binding.

In the EU qualified digital signatures (QES) are legally binding
and I strongly doubt that in the U.S. with it's ESIGN Act the same
holds true for GnuPG home installations.

I guess a proper Google search will show it us. :-)

Otherwise the commercially available PGP or free GnuPG would have been
mentioned in the news as a low cost eSig solution long time ago, right?

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Stefan Claas via Gnupg-users wrote:

> Tony Lane wrote:
>
> > Digital signatures are, in general, legally binding.
>
> In the EU qualified digital signatures (QES) are legally binding
> and I strongly doubt that in the U.S. with it's ESIGN Act the same
> holds true for GnuPG home installations.
>
> I guess a proper Google search will show it us. :-)

Well, I was wrong. It seems that the U.S. ESIGN Act is pretty relaxed
and does not need such strong requirements like in the EU.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> On 10/4/19 3:35 AM, Stefan Claas wrote:
>> And do those 20 companies business with their customers were GnuPG
>> signatures are legally binding, like real signatures on letters?
>
> _At least_ 20 fortune 500 businesses _that I know of_. Mind you, I'm
not even counting governments.

20? Wow. There are 8 billion people on this planet, most of them don't
work at 20 companies from Fortune 500.

WhatsApp build crypto system that is successfully adopted by billions of
users without technical knowledge.

Our views on what can be considered a successful adoption are strongly
misaligned.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/5/19 2:11 AM, Chris Narkiewicz via Gnupg-users wrote:
> 20? Wow. There are 8 billion people on this planet, most of them don't
> work at 20 companies from Fortune 500.

Most don't even work on software to begin with. What's your point?

> WhatsApp build crypto system that is successfully adopted by billions of
> users without technical knowledge.

Did you really set the bar _that_ low? Forgetting for a moment that Whatsapp is proprietary
and there's no way to actually audit the code... We already know that governments
have been pushing https://archive.is/suDJS for ways to decrypt it directly
and that they can in fact read messages via a central authority/server
https://archive.is/2TXqU when the receiving user of a message is offline.

If you consider deliberately breaking E2E encryption by design a "success" then
yes, our views _strongly_ differ on not just what's successful, but also what's acceptable.

But go ahead, please rationalize why "ease-of-use" is more important than actual security
for power-users such as myself and those who absolutely won't compromise on true E2EE.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Tony Lane via Gnupg-users wrote:

> But go ahead, please rationalize why "ease-of-use" is more important than
> actual security for power-users such as myself and those who absolutely won't
> compromise on true E2EE.

Not to rain your parade, but I follow the topic encryption since the mid '80s
and can say nowadays that GnuPG has failed to become an email encryption
product for the masses, which IIRC was the initial goal of Mr Zimmermann's PGP
back in the early ninetees.

Instead GnuPG became the ultimate tool for PGPGs[1].

Try the following experiment, as power user: Explain to your loved ones,
friends and co-workers GnuPG usage (with all its surrounding stuff like
installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
learning resource and then show them as modern alternative Mailvelope
or the new Autocrypt from Vincent ...

Once done consider again why in modern software design ease of use is an
important factor, if you like to reach out to the masses and want to
convince people to use software based on the OpenPGP protocol.

[1] Pretty Good Privacy Geek

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Dear List,

I explained a problem.
I proposed a step forward towards a solution.
There were 17 responses.

So far, those responses either:
- advised to no longer use GnuPG, or
- denied or downplayed the problem (although I demonstrated the
existence of the problem), or
- argued against those who denied or downplayed the problem.

No single response touched upon my proposal. This is very disappointing.

Developers, please consider my proposition, and tell me what you like or
dislike about it.

Sincerely,

Roland


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Fri, 4 Oct 2019 21:28, Stefan Claas said:

> Well, I was wrong. It seems that the U.S. ESIGN Act is pretty relaxed
> and does not need such strong requirements like in the EU.

The EU neither. Even the Qualifizierte Elektronische Signatur,
introduced in Germany ages ago, is not anymore a requirement for the
majority of transactions. In fact the Einfache Elektronische Signatur
(i.e. your name below a email) is often sufficient. It is the same as
with handwritten signatures - if it comes to a litigation the court
decides and evaluates the entire circumstances. Having a government
issued token (e.g. a qualified electronic signature) puts more trust
into the validity of the signature but still allows the signer to
repudiate the signature just by telling that the token was lost and the
PIN was on an attached post-it.

Recall that for VAT purposes (the major revenue source of almost
countries) no signature on digital invoices is required. A EU decision
once overturned the German requirement for a government issued qualified
signature on invoices and thus was the tombstone for the qualified
electronic signature (modulo that some companies try to keep them alive
as their business model but that, along with their questionable legal
hack, is a different story).

It is a perfectly okay to allow a Fortgeschrittene Elektronische
Signatur (advanced electronic sigature, i.e. S/MIME or OpenPGP) to
replace a handwritten signature if that has been stated in contracts or
constitutional documents or their bylaws. This prima facie evidence is
nearly always sufficient unless notarial documents are anyway required.

There is a lot of literature on that topic which can easily be found and
studied. It is is not the topic of this technical mailing list, though.


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Sent from my iPad

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, 5 Oct 2019 12:15, Stefan Claas said:

> installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
> learning resource and then show them as modern alternative Mailvelope

And don't forget to point them to all the HOWTOS and RFCs required to to
use and admin a MUA, sendmail, and the net configuration to name just a
few. The point here is that you falsely compare a system tool with an
end user visible interface.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

On 10/5/19 6:15 AM, Stefan Claas via Gnupg-users wrote:
> Tony Lane via Gnupg-users wrote:
>
>> But go ahead, please rationalize why "ease-of-use" is more important than
>> actual security for power-users such as myself and those who absolutely won't
>> compromise on true E2EE.
>
> Not to rain your parade, but I follow the topic encryption since the mid '80s
> and can say nowadays that GnuPG has failed to become an email encryption
> product for the masses, which IIRC was the initial goal of Mr Zimmermann's PGP
> back in the early ninetees.

The original poster, perhaps unintentionally, stated the real reason the
masses have not adopted PGP, "Please do appreciate that the persons who
we are convincing and instructing are not particularly interested in
privacy." That's it in a nutshell. The masses are not particularly
interested in privacy. If they were, they'd abandon Gmail and Yahoo and
all the other providers who make no excuse for the fact their economic
model depends on users being not particularly interested in privacy.

I have used GnuPG since it was first released and PGP2 and PGP5 before
that. I read "Why Johnny Can't Encrypt" 20 years ago. I didn't believe
it then and don't believe it now because in my experience any
sufficiently motivated, reasonably intelligent person who wants to use
these tools can learn to do so expending less time and effort than it
takes to master the latest video game.

> Instead GnuPG became the ultimate tool for PGPGs[1].

Sure it is. As Mr. Lane explained, its supposed to be. But that
doesn't mean that it can't be used by non-PGPGs. You don't have to
understand every command and option to use GnuPG effectively. A handful
will suffice for file or email encryption.

> Try the following experiment, as power user: Explain to your loved ones,
> friends and co-workers GnuPG usage (with all its surrounding stuff like
> installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
> learning resource and then show them as modern alternative Mailvelope
> or the new Autocrypt from Vincent ...

I agree that there are easier-to-learn encryption solutions than GnuPG.
Mailvelope, FlowCrypt, ProtonMail, Mailfence and Tutanota come
immediately to mind. Any is adequate for the privacy needs of the
masses. Unfortunately, the masses haven't swarmed to them any more than
to PGP or GnuPG. The masses think they have nothing to hide. They
aren't at all concerned about privacy.

> [1] Pretty Good Privacy Geek

Jeff

Werner Koch wrote:

> On Sat, 5 Oct 2019 12:15, Stefan Claas said:
>
> > installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
> > learning resource and then show them as modern alternative Mailvelope
>
> And don't forget to point them to all the HOWTOS and RFCs required to to
> use and admin a MUA, sendmail, and the net configuration to name just a
> few. The point here is that you falsely compare a system tool with an
> end user visible interface.

Well, it has to do with the fact that I started with MacPGP in the mid '90s
which was GUI based and no Linux system tool.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Jeff Allen via Gnupg-users wrote:

> I agree that there are easier-to-learn encryption solutions than GnuPG.
> Mailvelope, FlowCrypt, ProtonMail, Mailfence and Tutanota come
> immediately to mind. Any is adequate for the privacy needs of the
> masses. Unfortunately, the masses haven't swarmed to them any more than
> to PGP or GnuPG. The masses think they have nothing to hide. They
> aren't at all concerned about privacy.

We should also ask ourselves why for example a required minimum set
from the OpenPGP protocol is not natively supported by major apps,
like MUAs and Web browsers or on OS level like GnuPG in Linux but
not in macOS or Windows?

Everybody speaks https or smtps and probably S/MIME but what about
OpenPGP?

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Everybody speaks https or smtps and probably S/MIME but what about
> OpenPGP?

S/MIME adoption has far exceeded OpenPGP's in the world of email for a
simple reason:

You can make a whole ton of money as an S/MIME CA.

OpenPGP was designed such as to, as far as possible, cut centralized
trusted introducers out of the equation. Of course, those centralized
trusted introducers are also the groups with the greatest ability to
influence market decisions. ("While you're buying new SSL certs for
your business, have you thought about email security? We offer S/MIME
certs for affordable prices...")

S/MIME prevailed over OpenPGP not for technical decisions, but economic
ones. Given this is a technical mailing list, we should probably just
give a grudging nod in the direction of Adam Smith and his Invisible
Hand and move on to more technically-oriented lines of discussion.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Our views on what can be considered a successful adoption are strongly
> misaligned.

OpenPGP was never meant to be about email. It was never meant to be
about instant messaging. It was never meant to be about any of that.
It was meant to be a toolbox people could use to help solve a wide
variety of communications security problems, and in that respect it's
been astonishingly successful.

For example, pretty much every Linux installation on the planet uses
GnuPG to verify downloaded packages. Every single time you update your
Linux box, you're calling GnuPG to verify your supply chain.

If you want to say "OpenPGP hasn't been successful in this specific
niche," well, that may or may not be true, dunno, but we can at least
discuss it. But if you say "OpenPGP hasn't been successfully adopted,"
there you're just wrong: there are lots of niches it's been successfully
adopted. They're just ones you're either unaware of or deem unimportant.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Not to rain your parade, but I follow the topic encryption since the mid '80s
> and can say nowadays that GnuPG has failed to become an email encryption
> product for the masses, which IIRC was the initial goal of Mr Zimmermann's PGP
> back in the early ninetees.

It was not to be an email encryption tool. It was to be a *file*
encryption tool.

This is all that RFC1991 has to say about email:

"This radix-64 conversion ... is used to protect binary messages during
transmission over non-binary channels, such as Internet Email."

That's it. The only other mention of "email" in the entire document is
to list email addresses for Derek Atkins, Bill Stallings, and Phil
Zimmermann.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Robert J. Hansen wrote:

> > Not to rain your parade, but I follow the topic encryption since the mid
> > '80s and can say nowadays that GnuPG has failed to become an email
> > encryption product for the masses, which IIRC was the initial goal of Mr
> > Zimmermann's PGP back in the early ninetees.
>
> It was not to be an email encryption tool. It was to be a *file*
> encryption tool.
>
> This is all that RFC1991 has to say about email:
>
> "This radix-64 conversion ... is used to protect binary messages during
> transmission over non-binary channels, such as Internet Email."
>
> That's it. The only other mention of "email" in the entire document is
> to list email addresses for Derek Atkins, Bill Stallings, and Phil
> Zimmermann.

Well, I only remember learning about PGP back then in Usenet and everybody
used it for email communications or with Cypherpunk Remailers and seldom for
file encryption.

Anyways then one question arises ... if it's design goal was only meaned for
file encryption why then pub keys with email addresses, names and a WoT back
then plus shortly later key servers and the stories about Alice, Bob, Eve and
Mallory?

Wasn't for example Mallory not always interested in Alice's and Bob's email
communications?

<https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html>

I no longer have the original MIT booklet from Mr Zimmermann, to check in
there.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

> Well, I only remember learning about PGP back then in Usenet and everybody
> used it for email communications or with Cypherpunk Remailers and seldom for
> file encryption.

No, they were using it for file encryption. They were using email as a
file transport protocol. That's what inline PGP is: you take a blob of
data, do crypto, base64 it, drop it in email. At the other end you pull
it out and undo the process. But the inline PGP payload is in
*absolutely no way* integrated into the email message. That had to wait
until the PGP/MIME RFCs -- that was when OpenPGP became an email protocol.

> Anyways then one question arises ... if it's design goal was only meaned for
> file encryption why then pub keys with email addresses, names and a WoT back
> then plus shortly later key servers and the stories about Alice, Bob, Eve and
> Mallory?

See above. Email was used as a way to transfer files. But there was
nothing special about using email to transfer files. You could just as
easily replace the Alice, Bob, and Eve stories by saying "Alice is
delivering a 5.25-inch floppy to Bob, but is afraid Eve might get her
hands on it while Alice is distracted at the coffeeshop."

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/5/19 7:19 AM, Werner Koch via Gnupg-users wrote:
> On Sat, 5 Oct 2019 12:15, Stefan Claas said:
>
>> installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
>> learning resource and then show them as modern alternative Mailvelope
>
> And don't forget to point them to all the HOWTOS and RFCs required to to
> use and admin a MUA, sendmail, and the net configuration to name just a
> few. The point here is that you falsely compare a system tool with an
> end user visible interface.

Thank you. This was exactly the point that set me off in my first message.
The standalone GnuPG interface was never meant for those kinds of end-users.
It was meant for power-users, system administrators, developers, and other
folk who know their way around the terminal. If we want, say, an elegant
graphical user interface for your average Joe, then that's a discussion to
be had. But it's not an issue with GnuPG, per say. Applications that
interface to GnuPG are responsible for _that_ burden. You don't go complain
to OpenSSL devs when it's difficult to attain a secure connection to
some website unless it's a technical issue with OpenSSL.
No, you complain to Mozilla (or whoever made your browser of choice) or
to Github admins. OpenSSL (or NSS, whatever your tool of choice) is just
a back-end utility that non-tech-folk who don't know what they're doing
should -never- interface to. And it's not because it's a difficult tool
to use (it is), but because it's not intended for them. Dumbing the
interface down, _especially_ if it compromises its security or our level
of control over it, is a recipe for disaster.

/endrant
-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZkDyAAKCRDo8fj9gx4T
0wd8AgkB71/0Q2AE0QxTQsDLtvCnnuZo2bOGhyhOKeNaJ0FiTcGdxIo+nAyEh+NF
D1DF0wIAkfSywJemPVFP2NaHGm2JPvcCCLLfVZ7ZeYT86BvVnrcnlNFXSGZkNiVC
JXwuTjLNRNsgG/TI+KwtBZmfQmeQ3Cs2XNle63yKHeRw9BRQD+ERo1LR
=KeRH
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 05/10/2019 15:06, Robert J. Hansen wrote:
> OpenPGP was never meant to be about email.

https://www.openpgp.org/ tells a different story.

It would benefit the community if you guys stop bending over backwards,
explaining potential users that their needs are invalid.

Over and out. I really don't want to continue this
fruitless conversation.

Chris

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Sat, 5 Oct 2019 12:30, Robert J. Hansen said:

> *absolutely no way* integrated into the email message. That had to wait
> until the PGP/MIME RFCs -- that was when OpenPGP became an email protocol.

MIME types for PGP inline were used on Unix soon after the introduction
of MIME in 1992 at about the same time PGP started its life. The
original use cases for MSDOS PGP were BBS (e.g. FidoNet) where it does
not make sense to distinguish between mail and files.

RFC-2015 (PGP/MIME) was published in fall 1996 and predates the OpenPGP
specs. I recall that Mutt implemented PGP/MIME even before its
publication.

> See above. Email was used as a way to transfer files. But there was
> nothing special about using email to transfer files. You could just as

Everything is a file on Unix (or well, on Plan-9) ;)


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Jeff Allen via Gnupg-users writes:
> The original poster, perhaps unintentionally, stated the real reason the
> masses have not adopted PGP, "Please do appreciate that the persons who
> we are convincing and instructing are not particularly interested in
> privacy." That's it in a nutshell. The masses are not particularly
> interested in privacy. If they were, they'd abandon Gmail and Yahoo and
> all the other providers who make no excuse for the fact their economic
> model depends on users being not particularly interested in privacy.

Bingo! And as long as the user is not interested in it, and won't learn
how to properly use it, all they will get is the veneer of privacy and
learn the hard way that they really aren't secure. You just can't make
security idiot proof.

There was also mention of "legally binding digital signatures" in
practice. So far, the ones I have seen are nothing more than a web site
that you log into with a username/password, click sign, and it adds a
nice forged signature to the pdf document with an attestation that the
server verified your identity at such and such a time. That's not a
cryptographic signature in any way and only an idiot would consider it
"legally binding". Yet that is exactly how I signed the contract to
purchase my house a little over two years ago.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/7/19 9:32 AM, Phillip Susi wrote:
> Bingo! And as long as the user is not interested in it, and won't learn
> how to properly use it, all they will get is the veneer of privacy and
> learn the hard way that they really aren't secure. You just can't make
> security idiot proof.

I had a realistic uncle who used to say, "You can always design a system
to be fool-proof; but if you do, a damned-fool will come along.


--
.~. Jean-David Beyer
/V\ PGP-Key:166D840A 0C610C8B
/( )\ Shrewsbury, New Jersey
^^-^^ 15:45:01 up 13 days, 21:19, 2 users, load average: 4.39, 4.72, 4.87

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 9/30/19 4:38 PM, Jeff Allen via Gnupg-users wrote:
> On 9/30/19 4:58 AM, Roland Siemons wrote:
>> Dear GNUPG developers,
>>
>> We have GOT TO make things simpler.
> <snip>
>> 3/ Please do appreciate that the persons who we are convincing and
>> instructing are not particularly interested in privacy. They need simple
>> approaches.
>
> ProtonMail or Tutanota. Both ensure far more privacy and security than
> Gmail. Both offer free accounts and smartphone apps. If you need to
> communicate privately with someone, have them get an account.
>

I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
proper OpenPGP (by default) with outside services. Tutanota doesn't
speak OpenPGP at all and completely bound to their own way of doing
"email"(?)[1].

Protonmail on the other hand is able to speak OpenPGP, they just don't
do it. Not even when you answer to a OpenPGP encrypted email, which will
result in the answer getting send to you in plaintext. And since a reply
contains a copy of the original email at the bottom you also get your
own, previously encrypted mail as answer without encryption.

I had this experience recently when sending emails with their support.
So it's not just a user error, but their UI simply doesn't think about
sending emails properly encrypted to the outside world. Sadly.

And no, making a mail account at each of those providers is no solution.
We have email to explicitly not run into this problem.

[1]: https://tutanota.com/faq/#pgp

--
Signed
Sheogorath

OpenPGP: https://shivering-isles.com/openpgp/0xFCB98C2A3EC6F601.txt

Sheogorath via Gnupg-users:
> I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
> proper OpenPGP (by default) with outside services. Tutanota doesn't
> speak OpenPGP at all and completely bound to their own way of doing
> "email"(?)[1].
>
> Protonmail on the other hand is able to speak OpenPGP, they just don't
> do it. Not even when you answer to a OpenPGP encrypted email, which will
> result in the answer getting send to you in plaintext. And since a reply
> contains a copy of the original email at the bottom you also get your
> own, previously encrypted mail as answer without encryption.
>
> I had this experience recently when sending emails with their support.
> So it's not just a user error, but their UI simply doesn't think about
> sending emails properly encrypted to the outside world. Sadly.

I asked about this in
https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062767.html
if someone with more experience than me wouldn't mind imparting their
knowledge.

--
Caleb Wolf

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Mon, 7 Oct 2019 15:49:35 -0400, Jean-David Beyer via Gnupg-users
stated:

>On 10/7/19 9:32 AM, Phillip Susi wrote:
>> Bingo! And as long as the user is not interested in it, and won't
>> learn how to properly use it, all they will get is the veneer of
>> privacy and learn the hard way that they really aren't secure. You
>> just can't make security idiot proof.
>
>I had a realistic uncle who used to say, "You can always design a
>system to be fool-proof; but if you do, a damned-fool will come along.

Every day, man is making bigger and better fool-proof things, and every
day, nature is making bigger and better fools. So far, I think nature
is winning.

Albert Einstein

--
Jerry

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
> On 9/30/19 4:38 PM, Jeff Allen via Gnupg-users wrote:
>> On 9/30/19 4:58 AM, Roland Siemons wrote:
>>> Dear GNUPG developers,
>>>
>>> We have GOT TO make things simpler.
>> <snip>
>>> 3/ Please do appreciate that the persons who we are convincing and
>>> instructing are not particularly interested in privacy. They need simple
>>> approaches.
>>
>> ProtonMail or Tutanota. Both ensure far more privacy and security than
>> Gmail. Both offer free accounts and smartphone apps. If you need to
>> communicate privately with someone, have them get an account.
>>
>
> I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
> proper OpenPGP (by default) with outside services. Tutanota doesn't
> speak OpenPGP at all and completely bound to their own way of doing
> "email"(?)[1].

So what? If the goal is private communication, ProtonMail and Tutanota
are nearly effortless ways to achieve it. Sign up for a free account
and have at it. Most folks could care less about speaking proper
OpenPGP with outside services. Those who do will use ProtonMail, not
Tutanota.

> Protonmail on the other hand is able to speak OpenPGP, they just don't
> do it. Not even when you answer to a OpenPGP encrypted email, which will
> result in the answer getting send to you in plaintext. And since a reply
> contains a copy of the original email at the bottom you also get your
> own, previously encrypted mail as answer without encryption.

I disagree. No widely used OpenPGP implementation is going to
automatically encrypt replies to encrypted email out of the box. With
ProtonMail you have to import your correspondent's public key and flip
an encryption switch in settings. You have to do that with GnuPG too,
whether you are working from the command line or using
Thunderbird/Enigmail or a GUI front-end.

> I had this experience recently when sending emails with their support.
> So it's not just a user error, but their UI simply doesn't think about
> sending emails properly encrypted to the outside world. Sadly.
>
> And no, making a mail account at each of those providers is no solution.
> We have email to explicitly not run into this problem.

Sure it's a solution. I have accounts at both. Most of my email is not
encrypted because, as the original poster pointed out, most people I
communicate with are not particularly interested in privacy. When a
private discussion _is_ required, I suggest that we have it on one of
those platforms. All my family members have ProtonMail accounts. They
don't use them most of the time. They have Gmail accounts for daily
use. But when we discuss financial matters or anything else we'd rather
not have Google a party to, ProtonMail is the answer. If someone tells
me they have a Tutanota account or are willing to get one, I say "fine!"
and give them my Tutanota address.

Jeff

Phillip Susi writes:
>
> Jeff Allen via Gnupg-users writes:
> > The original poster, perhaps unintentionally, stated the real reason the
> > masses have not adopted PGP, "Please do appreciate that the persons who
> > we are convincing and instructing are not particularly interested in
> > privacy." That's it in a nutshell. The masses are not particularly
> > interested in privacy. If they were, they'd abandon Gmail and Yahoo and
> > all the other providers who make no excuse for the fact their economic
> > model depends on users being not particularly interested in privacy.
>
> Bingo! And as long as the user is not interested in it, and won't learn
> how to properly use it, all they will get is the veneer of privacy and
> learn the hard way that they really aren't secure. You just can't make
> security idiot proof...

In my opinion this argument has some similarity to arguments brought
up years ago when safety belt use for car driving was made mandatory
by law. Before that the individual driver deemed the safety belt
just an unneccessary obstacle when getting in and out of the car.
Also using it has no benefits for him as he believed to be a low-risk,
careful driver not crashing anyway.

On the other side on whole-society level a noticable loss of workforce,
tragedies was statistically measured, that could be prevented by
belt use. As with encryption software, even "fool-proof" and easy-to-use
safety belts did not change behaviour, there had to be incentives
in place to trigger adoption ... The main "incentive" introduced
in the end was to be able to use the whole road network without
being annoyed by police asking you for money when you use it.
Therefore the belt-use rate increased quickly ...


So to put that to mail encryption, maybe use this tech-fiction
mind experiment: let's assume, there would be an SMTP response
code to "RCPT: <address at domain>" saying something like
"550 Address rejected, unencrypted message storage not safe, use key [id]".
The only thing the sending SMTP would then need to do is to check,
if the message was already encrypted, if not encrypt it with
the given key, then continue with the secure recipient
call "SRCPT: <address at domain>". The receiving SMTP would
not even need to check if the transmitted message is then really
encrypted, just a well-behaved sender would not maliciously
declare unencrypted data as encrypted.

Why would that be an incentive to get own keys? Because e.g.
your bank, your tax administration, your doctor, your lawer would
refuse to accept unencrypted messages (or to respond to them)
when they deem associated risks of data leakage too high, e.g.
by violating GDPR. So if you as client want to use mail transport
also for these purposes instead of showing up in the office or
installing tons of specialized apps for specifically communicating
with one partner, users would start registering keys, because
they get a benefit from it. As the average dude does not operate
his own SMTP servers, the major mail providers are somehow forced
to provide this functionality with server-stored keys. Still anyone
having motivation to take things further can do local decryption,
even use hardware security modules to avoid key theft.

So in the end safety belt for every one, super-high-quality safety
belts for those, who deem their risks for crashes above average.


I hope I managed to make my point clear. Please do not be picky
if the hypothetical SMTP extension would be the best lever to
provide that incentive for encryption adoption, maybe there are
better ones (or none).

Still I would be interested if my argument seems correct or if
someone can point out serious flaws in it.

hd


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/8/19 9:21 AM, Jeff Allen via Gnupg-users wrote:
> On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
>> Protonmail on the other hand is able to speak OpenPGP, they just don't
>> do it. Not even when you answer to a OpenPGP encrypted email, which will
>> result in the answer getting send to you in plaintext. And since a reply
>> contains a copy of the original email at the bottom you also get your
>> own, previously encrypted mail as answer without encryption.
>
> I disagree. No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box. With
> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

Not quite. Enigmail addon Thunderbird and even GPGMail addon for Apple Mail
encrypt it out of the box if you reply to a recipient who's sent you an an
encrypted email if you already imported their public key. Moreover, the
private key is stored on your local machine so no middleman can read it
without access to your device. AFAIK, protonmail holds your private keys
for you in some server. That doesn't sound very safe to me, and I wouldn't
take that risk. I would argue even Gmail with inline PGP encryption over
Enigmail or GPGMail is more secure than protonmail for this reason alone.

>> And no, making a mail account at each of those providers is no solution.
>> We have email to explicitly not run into this problem.
>
> Sure it's a solution. I have accounts at both. Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy. When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms.

That seems terribly inefficient. Do you intend to maintain accounts on
each of these platforms and take all of the risks of each into account?
You must have a lot more trust than I do, but I digress. I think his whole
point is "We should use e-mail as an insecure transport protocol and do
secure end-to-end encryption on an agnostic encryption module such as GPG".
And it makes sense to do things this way if you want to be secure.
And before you point me to how PM stores your private keys (I've read it),
remember that all of that salting and hash/password storage is done using
business logic they developed, which means anytime there's an update,
hidden or announced, you are running a risk of a backdoor being introduced.
Can you even audit that code? At least with GPG I can not just audit but
also substitute the module with any OpenPGP-compliant library. This gives
me a heck of a lot more freedom (and security) than maintaining a
thousand different accounts on a thousand different platforms.

-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZ1hdwAKCRDo8fj9gx4T
03jGAgdQ5F64jhGM2rYwAJjGW0sD75tE029SMUxSbL2mV90XcL6Rdu94YL6oTpSE
QJWP93dCYmqvX9btuRviFBjuIyBtmAIJASKWeAzEyfrva2ljveBPOru3XsvM5xL4
bHwgTEmycH6nG6JMwBIu5A450OdEIC/83EgRVFXG4NZo67ndhHTGA+KN
=K5la
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/9/2019 Tony Lane <codeguro@gmail.com> wrote:
> On 10/8/19 9:21 AM, Jeff Allen via Gnupg-users wrote:
>> Sure it's a solution. I have accounts at both. Most of my email is not
>> encrypted because, as the original poster pointed out, most people I
>> communicate with are not particularly interested in privacy. When a
>> private discussion _is_ required, I suggest that we have it on one of
>> those platforms.
>
> That seems terribly inefficient. Do you intend to maintain accounts on
> each of these platforms and take all of the risks of each into account?
> You must have a lot more trust than I do, but I digress. I think his whole
> point is "We should use e-mail as an insecure transport protocol and do
> secure end-to-end encryption on an agnostic encryption module such as GPG".

Of course we should. I'm happy to do that when the person with whom I
want to communicate privately is willing to do the same. Most aren't,
and I am unwilling to let the perfect be the enemy of the good.

> And it makes sense to do things this way if you want to be secure.
> And before you point me to how PM stores your private keys (I've read it),
> remember that all of that salting and hash/password storage is done using
> business logic they developed, which means anytime there's an update,
> hidden or announced, you are running a risk of a backdoor being introduced.
> Can you even audit that code?

Personally, I am not capable of auditing code, including that of GnuPG.
It is unrealistic to think most users, even most power users, have the
time and ability to audit the code of their security software.

My threat model is not overly demanding. Mainly I want to avoid getting
targeted pharma ads or being denied insurance if I discuss a medical
issue in an email. I'd prefer that Google not be able to surmise my
income sources and net worth based on information I share with family
members. Were I worried about being targeted by NSA, law enforcement or
a civil court order, I'd be a lot more demanding of my correspondents
and myself.

I have used PGP since at least version 2.6.x. I can do OpenPGP via
Thunderbird/Enigmail, mutt, GPGShell, Geany, Kleopatra or the command
line and don't find any of them to be particularly daunting. What I
haven't been able to do is convince many people to do the same.

Jeff

Jeff Allen via Gnupg-users writes:

> So what? If the goal is private communication, ProtonMail and Tutanota
> are nearly effortless ways to achieve it. Sign up for a free account

How do you figure that? If they aren't encrypting mail then how is it
private? Or or is it using some other form of encryption ( s/mime )?
If that's the case then why don't you just use that yourself and skip
the centralized web site for holding your key?

> I disagree. No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box. With

Of course they do. If they don't, then they utterly fail to maintain
your privacy.

> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

iirc, it may poke you to import the key, but at least it tells you "hey!
I can't encrypt this without the key. Unless you *really* don't want to
encrypt this?" Silently sending the reply unencrypted is entirely unacceptable.

> Sure it's a solution. I have accounts at both. Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy. When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms. All my family members have ProtonMail accounts. They
> don't use them most of the time. They have Gmail accounts for daily
> use. But when we discuss financial matters or anything else we'd rather
> not have Google a party to, ProtonMail is the answer. If someone tells
> me they have a Tutanota account or are willing to get one, I say "fine!"
> and give them my Tutanota address.

So you think it is easier to sign up for some dedicated private webmail
service that can only communicate securely with other people using that
service than to run proper e2e on a real mail client? I suppose that's
a matter of opinion, but it certainly is less secure and conveinient.
And by conveinient I mean it is annoying to have both parties switch to
some silly web site instead of just following their normal and preferred
email routine.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users