Mailing List Archive

1 2  View All
Re: We have GOT TO make things simpler [ In reply to ]
Jeff Allen via Gnupg-users wrote:

> I agree that there are easier-to-learn encryption solutions than GnuPG.
> Mailvelope, FlowCrypt, ProtonMail, Mailfence and Tutanota come
> immediately to mind. Any is adequate for the privacy needs of the
> masses. Unfortunately, the masses haven't swarmed to them any more than
> to PGP or GnuPG. The masses think they have nothing to hide. They
> aren't at all concerned about privacy.

We should also ask ourselves why for example a required minimum set
from the OpenPGP protocol is not natively supported by major apps,
like MUAs and Web browsers or on OS level like GnuPG in Linux but
not in macOS or Windows?

Everybody speaks https or smtps and probably S/MIME but what about
OpenPGP?

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
> Everybody speaks https or smtps and probably S/MIME but what about
> OpenPGP?

S/MIME adoption has far exceeded OpenPGP's in the world of email for a
simple reason:

You can make a whole ton of money as an S/MIME CA.

OpenPGP was designed such as to, as far as possible, cut centralized
trusted introducers out of the equation. Of course, those centralized
trusted introducers are also the groups with the greatest ability to
influence market decisions. ("While you're buying new SSL certs for
your business, have you thought about email security? We offer S/MIME
certs for affordable prices...")

S/MIME prevailed over OpenPGP not for technical decisions, but economic
ones. Given this is a technical mailing list, we should probably just
give a grudging nod in the direction of Adam Smith and his Invisible
Hand and move on to more technically-oriented lines of discussion.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
> Our views on what can be considered a successful adoption are strongly
> misaligned.

OpenPGP was never meant to be about email. It was never meant to be
about instant messaging. It was never meant to be about any of that.
It was meant to be a toolbox people could use to help solve a wide
variety of communications security problems, and in that respect it's
been astonishingly successful.

For example, pretty much every Linux installation on the planet uses
GnuPG to verify downloaded packages. Every single time you update your
Linux box, you're calling GnuPG to verify your supply chain.

If you want to say "OpenPGP hasn't been successful in this specific
niche," well, that may or may not be true, dunno, but we can at least
discuss it. But if you say "OpenPGP hasn't been successfully adopted,"
there you're just wrong: there are lots of niches it's been successfully
adopted. They're just ones you're either unaware of or deem unimportant.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
> Not to rain your parade, but I follow the topic encryption since the mid '80s
> and can say nowadays that GnuPG has failed to become an email encryption
> product for the masses, which IIRC was the initial goal of Mr Zimmermann's PGP
> back in the early ninetees.

It was not to be an email encryption tool. It was to be a *file*
encryption tool.

This is all that RFC1991 has to say about email:

"This radix-64 conversion ... is used to protect binary messages during
transmission over non-binary channels, such as Internet Email."

That's it. The only other mention of "email" in the entire document is
to list email addresses for Derek Atkins, Bill Stallings, and Phil
Zimmermann.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
Robert J. Hansen wrote:

> > Not to rain your parade, but I follow the topic encryption since the mid
> > '80s and can say nowadays that GnuPG has failed to become an email
> > encryption product for the masses, which IIRC was the initial goal of Mr
> > Zimmermann's PGP back in the early ninetees.
>
> It was not to be an email encryption tool. It was to be a *file*
> encryption tool.
>
> This is all that RFC1991 has to say about email:
>
> "This radix-64 conversion ... is used to protect binary messages during
> transmission over non-binary channels, such as Internet Email."
>
> That's it. The only other mention of "email" in the entire document is
> to list email addresses for Derek Atkins, Bill Stallings, and Phil
> Zimmermann.

Well, I only remember learning about PGP back then in Usenet and everybody
used it for email communications or with Cypherpunk Remailers and seldom for
file encryption.

Anyways then one question arises ... if it's design goal was only meaned for
file encryption why then pub keys with email addresses, names and a WoT back
then plus shortly later key servers and the stories about Alice, Bob, Eve and
Mallory?

Wasn't for example Mallory not always interested in Alice's and Bob's email
communications?

<https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html>

I no longer have the original MIT booklet from Mr Zimmermann, to check in
there.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
> Well, I only remember learning about PGP back then in Usenet and everybody
> used it for email communications or with Cypherpunk Remailers and seldom for
> file encryption.

No, they were using it for file encryption. They were using email as a
file transport protocol. That's what inline PGP is: you take a blob of
data, do crypto, base64 it, drop it in email. At the other end you pull
it out and undo the process. But the inline PGP payload is in
*absolutely no way* integrated into the email message. That had to wait
until the PGP/MIME RFCs -- that was when OpenPGP became an email protocol.

> Anyways then one question arises ... if it's design goal was only meaned for
> file encryption why then pub keys with email addresses, names and a WoT back
> then plus shortly later key servers and the stories about Alice, Bob, Eve and
> Mallory?

See above. Email was used as a way to transfer files. But there was
nothing special about using email to transfer files. You could just as
easily replace the Alice, Bob, and Eve stories by saying "Alice is
delivering a 5.25-inch floppy to Bob, but is afraid Eve might get her
hands on it while Alice is distracted at the coffeeshop."

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/5/19 7:19 AM, Werner Koch via Gnupg-users wrote:
> On Sat, 5 Oct 2019 12:15, Stefan Claas said:
>
>> installing MUAs and plug-ins, besides of GnuPG) point them to the FAQ as
>> learning resource and then show them as modern alternative Mailvelope
>
> And don't forget to point them to all the HOWTOS and RFCs required to to
> use and admin a MUA, sendmail, and the net configuration to name just a
> few. The point here is that you falsely compare a system tool with an
> end user visible interface.

Thank you. This was exactly the point that set me off in my first message.
The standalone GnuPG interface was never meant for those kinds of end-users.
It was meant for power-users, system administrators, developers, and other
folk who know their way around the terminal. If we want, say, an elegant
graphical user interface for your average Joe, then that's a discussion to
be had. But it's not an issue with GnuPG, per say. Applications that
interface to GnuPG are responsible for _that_ burden. You don't go complain
to OpenSSL devs when it's difficult to attain a secure connection to
some website unless it's a technical issue with OpenSSL.
No, you complain to Mozilla (or whoever made your browser of choice) or
to Github admins. OpenSSL (or NSS, whatever your tool of choice) is just
a back-end utility that non-tech-folk who don't know what they're doing
should -never- interface to. And it's not because it's a difficult tool
to use (it is), but because it's not intended for them. Dumbing the
interface down, _especially_ if it compromises its security or our level
of control over it, is a recipe for disaster.

/endrant
-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZkDyAAKCRDo8fj9gx4T
0wd8AgkB71/0Q2AE0QxTQsDLtvCnnuZo2bOGhyhOKeNaJ0FiTcGdxIo+nAyEh+NF
D1DF0wIAkfSywJemPVFP2NaHGm2JPvcCCLLfVZ7ZeYT86BvVnrcnlNFXSGZkNiVC
JXwuTjLNRNsgG/TI+KwtBZmfQmeQ3Cs2XNle63yKHeRw9BRQD+ERo1LR
=KeRH
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On 05/10/2019 15:06, Robert J. Hansen wrote:
> OpenPGP was never meant to be about email.

https://www.openpgp.org/ tells a different story.

It would benefit the community if you guys stop bending over backwards,
explaining potential users that their needs are invalid.

Over and out. I really don't want to continue this
fruitless conversation.

Chris

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On Sat, 5 Oct 2019 12:30, Robert J. Hansen said:

> *absolutely no way* integrated into the email message. That had to wait
> until the PGP/MIME RFCs -- that was when OpenPGP became an email protocol.

MIME types for PGP inline were used on Unix soon after the introduction
of MIME in 1992 at about the same time PGP started its life. The
original use cases for MSDOS PGP were BBS (e.g. FidoNet) where it does
not make sense to distinguish between mail and files.

RFC-2015 (PGP/MIME) was published in fall 1996 and predates the OpenPGP
specs. I recall that Mutt implemented PGP/MIME even before its
publication.

> See above. Email was used as a way to transfer files. But there was
> nothing special about using email to transfer files. You could just as

Everything is a file on Unix (or well, on Plan-9) ;)


Salam-Shalom,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: We have GOT TO make things simpler [ In reply to ]
Jeff Allen via Gnupg-users writes:
> The original poster, perhaps unintentionally, stated the real reason the
> masses have not adopted PGP, "Please do appreciate that the persons who
> we are convincing and instructing are not particularly interested in
> privacy." That's it in a nutshell. The masses are not particularly
> interested in privacy. If they were, they'd abandon Gmail and Yahoo and
> all the other providers who make no excuse for the fact their economic
> model depends on users being not particularly interested in privacy.

Bingo! And as long as the user is not interested in it, and won't learn
how to properly use it, all they will get is the veneer of privacy and
learn the hard way that they really aren't secure. You just can't make
security idiot proof.

There was also mention of "legally binding digital signatures" in
practice. So far, the ones I have seen are nothing more than a web site
that you log into with a username/password, click sign, and it adds a
nice forged signature to the pdf document with an attestation that the
server verified your identity at such and such a time. That's not a
cryptographic signature in any way and only an idiot would consider it
"legally binding". Yet that is exactly how I signed the contract to
purchase my house a little over two years ago.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On 10/7/19 9:32 AM, Phillip Susi wrote:
> Bingo! And as long as the user is not interested in it, and won't learn
> how to properly use it, all they will get is the veneer of privacy and
> learn the hard way that they really aren't secure. You just can't make
> security idiot proof.

I had a realistic uncle who used to say, "You can always design a system
to be fool-proof; but if you do, a damned-fool will come along.


--
.~. Jean-David Beyer
/V\ PGP-Key:166D840A 0C610C8B
/( )\ Shrewsbury, New Jersey
^^-^^ 15:45:01 up 13 days, 21:19, 2 users, load average: 4.39, 4.72, 4.87

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On 9/30/19 4:38 PM, Jeff Allen via Gnupg-users wrote:
> On 9/30/19 4:58 AM, Roland Siemons wrote:
>> Dear GNUPG developers,
>>
>> We have GOT TO make things simpler.
> <snip>
>> 3/ Please do appreciate that the persons who we are convincing and
>> instructing are not particularly interested in privacy. They need simple
>> approaches.
>
> ProtonMail or Tutanota. Both ensure far more privacy and security than
> Gmail. Both offer free accounts and smartphone apps. If you need to
> communicate privately with someone, have them get an account.
>

I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
proper OpenPGP (by default) with outside services. Tutanota doesn't
speak OpenPGP at all and completely bound to their own way of doing
"email"(?)[1].

Protonmail on the other hand is able to speak OpenPGP, they just don't
do it. Not even when you answer to a OpenPGP encrypted email, which will
result in the answer getting send to you in plaintext. And since a reply
contains a copy of the original email at the bottom you also get your
own, previously encrypted mail as answer without encryption.

I had this experience recently when sending emails with their support.
So it's not just a user error, but their UI simply doesn't think about
sending emails properly encrypted to the outside world. Sadly.

And no, making a mail account at each of those providers is no solution.
We have email to explicitly not run into this problem.

[1]: https://tutanota.com/faq/#pgp

--
Signed
Sheogorath

OpenPGP: https://shivering-isles.com/openpgp/0xFCB98C2A3EC6F601.txt
Re: We have GOT TO make things simpler [ In reply to ]
Sheogorath via Gnupg-users:
> I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
> proper OpenPGP (by default) with outside services. Tutanota doesn't
> speak OpenPGP at all and completely bound to their own way of doing
> "email"(?)[1].
>
> Protonmail on the other hand is able to speak OpenPGP, they just don't
> do it. Not even when you answer to a OpenPGP encrypted email, which will
> result in the answer getting send to you in plaintext. And since a reply
> contains a copy of the original email at the bottom you also get your
> own, previously encrypted mail as answer without encryption.
>
> I had this experience recently when sending emails with their support.
> So it's not just a user error, but their UI simply doesn't think about
> sending emails properly encrypted to the outside world. Sadly.

I asked about this in
https://lists.gnupg.org/pipermail/gnupg-users/2019-October/062767.html
if someone with more experience than me wouldn't mind imparting their
knowledge.

--
Caleb Wolf

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On Mon, 7 Oct 2019 15:49:35 -0400, Jean-David Beyer via Gnupg-users
stated:

>On 10/7/19 9:32 AM, Phillip Susi wrote:
>> Bingo! And as long as the user is not interested in it, and won't
>> learn how to properly use it, all they will get is the veneer of
>> privacy and learn the hard way that they really aren't secure. You
>> just can't make security idiot proof.
>
>I had a realistic uncle who used to say, "You can always design a
>system to be fool-proof; but if you do, a damned-fool will come along.

Every day, man is making bigger and better fool-proof things, and every
day, nature is making bigger and better fools. So far, I think nature
is winning.

Albert Einstein

--
Jerry

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
> On 9/30/19 4:38 PM, Jeff Allen via Gnupg-users wrote:
>> On 9/30/19 4:58 AM, Roland Siemons wrote:
>>> Dear GNUPG developers,
>>>
>>> We have GOT TO make things simpler.
>> <snip>
>>> 3/ Please do appreciate that the persons who we are convincing and
>>> instructing are not particularly interested in privacy. They need simple
>>> approaches.
>>
>> ProtonMail or Tutanota. Both ensure far more privacy and security than
>> Gmail. Both offer free accounts and smartphone apps. If you need to
>> communicate privately with someone, have them get an account.
>>
>
> I'm sorry to disappoint you here: Neither ProtonMail nor Tutanota speak
> proper OpenPGP (by default) with outside services. Tutanota doesn't
> speak OpenPGP at all and completely bound to their own way of doing
> "email"(?)[1].

So what? If the goal is private communication, ProtonMail and Tutanota
are nearly effortless ways to achieve it. Sign up for a free account
and have at it. Most folks could care less about speaking proper
OpenPGP with outside services. Those who do will use ProtonMail, not
Tutanota.

> Protonmail on the other hand is able to speak OpenPGP, they just don't
> do it. Not even when you answer to a OpenPGP encrypted email, which will
> result in the answer getting send to you in plaintext. And since a reply
> contains a copy of the original email at the bottom you also get your
> own, previously encrypted mail as answer without encryption.

I disagree. No widely used OpenPGP implementation is going to
automatically encrypt replies to encrypted email out of the box. With
ProtonMail you have to import your correspondent's public key and flip
an encryption switch in settings. You have to do that with GnuPG too,
whether you are working from the command line or using
Thunderbird/Enigmail or a GUI front-end.

> I had this experience recently when sending emails with their support.
> So it's not just a user error, but their UI simply doesn't think about
> sending emails properly encrypted to the outside world. Sadly.
>
> And no, making a mail account at each of those providers is no solution.
> We have email to explicitly not run into this problem.

Sure it's a solution. I have accounts at both. Most of my email is not
encrypted because, as the original poster pointed out, most people I
communicate with are not particularly interested in privacy. When a
private discussion _is_ required, I suggest that we have it on one of
those platforms. All my family members have ProtonMail accounts. They
don't use them most of the time. They have Gmail accounts for daily
use. But when we discuss financial matters or anything else we'd rather
not have Google a party to, ProtonMail is the answer. If someone tells
me they have a Tutanota account or are willing to get one, I say "fine!"
and give them my Tutanota address.

Jeff
Re: We have GOT TO make things simpler [ In reply to ]
Phillip Susi writes:
>
> Jeff Allen via Gnupg-users writes:
> > The original poster, perhaps unintentionally, stated the real reason the
> > masses have not adopted PGP, "Please do appreciate that the persons who
> > we are convincing and instructing are not particularly interested in
> > privacy." That's it in a nutshell. The masses are not particularly
> > interested in privacy. If they were, they'd abandon Gmail and Yahoo and
> > all the other providers who make no excuse for the fact their economic
> > model depends on users being not particularly interested in privacy.
>
> Bingo! And as long as the user is not interested in it, and won't learn
> how to properly use it, all they will get is the veneer of privacy and
> learn the hard way that they really aren't secure. You just can't make
> security idiot proof...

In my opinion this argument has some similarity to arguments brought
up years ago when safety belt use for car driving was made mandatory
by law. Before that the individual driver deemed the safety belt
just an unneccessary obstacle when getting in and out of the car.
Also using it has no benefits for him as he believed to be a low-risk,
careful driver not crashing anyway.

On the other side on whole-society level a noticable loss of workforce,
tragedies was statistically measured, that could be prevented by
belt use. As with encryption software, even "fool-proof" and easy-to-use
safety belts did not change behaviour, there had to be incentives
in place to trigger adoption ... The main "incentive" introduced
in the end was to be able to use the whole road network without
being annoyed by police asking you for money when you use it.
Therefore the belt-use rate increased quickly ...


So to put that to mail encryption, maybe use this tech-fiction
mind experiment: let's assume, there would be an SMTP response
code to "RCPT: <address at domain>" saying something like
"550 Address rejected, unencrypted message storage not safe, use key [id]".
The only thing the sending SMTP would then need to do is to check,
if the message was already encrypted, if not encrypt it with
the given key, then continue with the secure recipient
call "SRCPT: <address at domain>". The receiving SMTP would
not even need to check if the transmitted message is then really
encrypted, just a well-behaved sender would not maliciously
declare unencrypted data as encrypted.

Why would that be an incentive to get own keys? Because e.g.
your bank, your tax administration, your doctor, your lawer would
refuse to accept unencrypted messages (or to respond to them)
when they deem associated risks of data leakage too high, e.g.
by violating GDPR. So if you as client want to use mail transport
also for these purposes instead of showing up in the office or
installing tons of specialized apps for specifically communicating
with one partner, users would start registering keys, because
they get a benefit from it. As the average dude does not operate
his own SMTP servers, the major mail providers are somehow forced
to provide this functionality with server-stored keys. Still anyone
having motivation to take things further can do local decryption,
even use hardware security modules to avoid key theft.

So in the end safety belt for every one, super-high-quality safety
belts for those, who deem their risks for crashes above average.


I hope I managed to make my point clear. Please do not be picky
if the hypothetical SMTP extension would be the best lever to
provide that incentive for encryption adoption, maybe there are
better ones (or none).

Still I would be interested if my argument seems correct or if
someone can point out serious flaws in it.

hd


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/8/19 9:21 AM, Jeff Allen via Gnupg-users wrote:
> On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
>> Protonmail on the other hand is able to speak OpenPGP, they just don't
>> do it. Not even when you answer to a OpenPGP encrypted email, which will
>> result in the answer getting send to you in plaintext. And since a reply
>> contains a copy of the original email at the bottom you also get your
>> own, previously encrypted mail as answer without encryption.
>
> I disagree. No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box. With
> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

Not quite. Enigmail addon Thunderbird and even GPGMail addon for Apple Mail
encrypt it out of the box if you reply to a recipient who's sent you an an
encrypted email if you already imported their public key. Moreover, the
private key is stored on your local machine so no middleman can read it
without access to your device. AFAIK, protonmail holds your private keys
for you in some server. That doesn't sound very safe to me, and I wouldn't
take that risk. I would argue even Gmail with inline PGP encryption over
Enigmail or GPGMail is more secure than protonmail for this reason alone.

>> And no, making a mail account at each of those providers is no solution.
>> We have email to explicitly not run into this problem.
>
> Sure it's a solution. I have accounts at both. Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy. When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms.

That seems terribly inefficient. Do you intend to maintain accounts on
each of these platforms and take all of the risks of each into account?
You must have a lot more trust than I do, but I digress. I think his whole
point is "We should use e-mail as an insecure transport protocol and do
secure end-to-end encryption on an agnostic encryption module such as GPG".
And it makes sense to do things this way if you want to be secure.
And before you point me to how PM stores your private keys (I've read it),
remember that all of that salting and hash/password storage is done using
business logic they developed, which means anytime there's an update,
hidden or announced, you are running a risk of a backdoor being introduced.
Can you even audit that code? At least with GPG I can not just audit but
also substitute the module with any OpenPGP-compliant library. This gives
me a heck of a lot more freedom (and security) than maintaining a
thousand different accounts on a thousand different platforms.

-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZ1hdwAKCRDo8fj9gx4T
03jGAgdQ5F64jhGM2rYwAJjGW0sD75tE029SMUxSbL2mV90XcL6Rdu94YL6oTpSE
QJWP93dCYmqvX9btuRviFBjuIyBtmAIJASKWeAzEyfrva2ljveBPOru3XsvM5xL4
bHwgTEmycH6nG6JMwBIu5A450OdEIC/83EgRVFXG4NZo67ndhHTGA+KN
=K5la
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We have GOT TO make things simpler [ In reply to ]
On 10/9/2019 Tony Lane <codeguro@gmail.com> wrote:
> On 10/8/19 9:21 AM, Jeff Allen via Gnupg-users wrote:
>> Sure it's a solution. I have accounts at both. Most of my email is not
>> encrypted because, as the original poster pointed out, most people I
>> communicate with are not particularly interested in privacy. When a
>> private discussion _is_ required, I suggest that we have it on one of
>> those platforms.
>
> That seems terribly inefficient. Do you intend to maintain accounts on
> each of these platforms and take all of the risks of each into account?
> You must have a lot more trust than I do, but I digress. I think his whole
> point is "We should use e-mail as an insecure transport protocol and do
> secure end-to-end encryption on an agnostic encryption module such as GPG".

Of course we should. I'm happy to do that when the person with whom I
want to communicate privately is willing to do the same. Most aren't,
and I am unwilling to let the perfect be the enemy of the good.

> And it makes sense to do things this way if you want to be secure.
> And before you point me to how PM stores your private keys (I've read it),
> remember that all of that salting and hash/password storage is done using
> business logic they developed, which means anytime there's an update,
> hidden or announced, you are running a risk of a backdoor being introduced.
> Can you even audit that code?

Personally, I am not capable of auditing code, including that of GnuPG.
It is unrealistic to think most users, even most power users, have the
time and ability to audit the code of their security software.

My threat model is not overly demanding. Mainly I want to avoid getting
targeted pharma ads or being denied insurance if I discuss a medical
issue in an email. I'd prefer that Google not be able to surmise my
income sources and net worth based on information I share with family
members. Were I worried about being targeted by NSA, law enforcement or
a civil court order, I'd be a lot more demanding of my correspondents
and myself.

I have used PGP since at least version 2.6.x. I can do OpenPGP via
Thunderbird/Enigmail, mutt, GPGShell, Geany, Kleopatra or the command
line and don't find any of them to be particularly daunting. What I
haven't been able to do is convince many people to do the same.

Jeff
Re: We have GOT TO make things simpler [ In reply to ]
Jeff Allen via Gnupg-users writes:

> So what? If the goal is private communication, ProtonMail and Tutanota
> are nearly effortless ways to achieve it. Sign up for a free account

How do you figure that? If they aren't encrypting mail then how is it
private? Or or is it using some other form of encryption ( s/mime )?
If that's the case then why don't you just use that yourself and skip
the centralized web site for holding your key?

> I disagree. No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box. With

Of course they do. If they don't, then they utterly fail to maintain
your privacy.

> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

iirc, it may poke you to import the key, but at least it tells you "hey!
I can't encrypt this without the key. Unless you *really* don't want to
encrypt this?" Silently sending the reply unencrypted is entirely unacceptable.

> Sure it's a solution. I have accounts at both. Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy. When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms. All my family members have ProtonMail accounts. They
> don't use them most of the time. They have Gmail accounts for daily
> use. But when we discuss financial matters or anything else we'd rather
> not have Google a party to, ProtonMail is the answer. If someone tells
> me they have a Tutanota account or are willing to get one, I say "fine!"
> and give them my Tutanota address.

So you think it is easier to sign up for some dedicated private webmail
service that can only communicate securely with other people using that
service than to run proper e2e on a real mail client? I suppose that's
a matter of opinion, but it certainly is less secure and conveinient.
And by conveinient I mean it is annoying to have both parties switch to
some silly web site instead of just following their normal and preferred
email routine.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

1 2  View All