On Mon, Feb 09, 2015 at 12:02:06PM +0000, Craig Skinner wrote: > On 2015-02-09 Mon 11:56 AM |, Gilles Chehade wrote: > > > > > > Because they are not an SMTP (*simple* mail transfer protocol) problem, > > > they are a MUA & user training issues. > > > > > > > Yes, unfortunately you can't always use PGP because not everyone does. > > > > A user training issue, not a technical problem. >
That's your point of view, I disagree with it. My grandma, like a lot of non-technical people, just wants to send mail, she doesn't want to be trained, she wants to write a message and press a button and the message being sent. If it doesn't work that way, she will just not use mail. She's like most internet users, she doesn't care or want to care how the message will be emitted, if you provide two ways and a simpler one, then she will pick up the simpler one. So you can train all you want, you will realistically convert just a few people and this will be marginal compared to the hordes of people who'll still be using more insecure ways because it's simpler. Even amongst the IT people some do bad choices voluntarily because they are simpler... > > If you rely solely on PGP, then as soon as you exchange with someone who > > doesn't use it... your mail is stored in plaintext. > > > > Errr,... no. > > An encrypted message is transmitted and stored encrypted, > the recipient can't read it without decrypting it. > Errr... yes. If the user doesn't use PGP, with what public key do you encrypt his message ? or do you simply not write to him anymore ? Do you think people will stop writing mail to other people who don't have PGP keys because ... other people could read it ? > Neither can Goatmail, Snotmail, NSA, govt agencies, etc. > > Govts & businesses have access to freemail data. > Encrypting only one end of the transaction offers little privacy. > Yes, PGP offers end-to-end and it's great. Most people don't use it. > SSL tranmission is of little benefit, for the same reason. > Yet it adds security on a segment of the communication where there would be 0 security for non PGP users if it wasn't around. I prefer that people who dont use PGP still get a bit of protection even if it is not perfect, rather than go full plaintext. -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
