GPG support in Mahogany

Dick Gevers Dick Gevers <dvgevers@xs4all.nl>
Thu Dec 12 19:20:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hallo Tenui and others,

On Thursday, 12 December 2002 at 7:10 h, Tenui wrote
about "Re: GPG support in Mahogany":

>Sorry, Dick, I must in turn disagree with you. It is
>not the privacy of the recipient that is encroached upon, but 
rather
>his/her personal liberty.

In my view these are almost synonymous, at least in this case. 
Anyway I agree on that point.

>For the sender, though, it is a question
>of privacy, and maybe more (life, liberty, property, etc may well 
be
>at stake).

True, but he entrusts the contents of the message to the recipient,
otherwise he should not have sent the (encrypted) message to him.

So he also trusts the receiver to not repeat the contents by any
means from the tempest viewer (no matter how, e.g. by retyping
word for word). So he can only *ask* the recipient to uphold the
utmost security when viewing his e-mail. However IMHO he
should not *force* the recipient under all circumstances
(including those of the highest possible security) to view them
by means of one viewer or another.

It is naturally the responsibility of the recipient to observe the
highest possible security without infringing on that of the sender,
but the sender must trust the receiver to be the judge of his own
threat model, not the sender. If there is no such trust the sender
should not relay the sensitive data to the receiver at all.

Therefor, IMO, Mahogany should not *force* the recipient to use any
kind of tempest viewer. It may be turned on by default but I as
recipient must be able to turn it off if I judge that my
circumstances permit that - without breaking the trust the sender
placed in me.

You may, of course, disagree with me, but in that case I will not
use your application if it *forces* me to view the content of an
encrypted message in a manner that I prefer not to use. On the
other hand, as I said before, if you are in a position to *order*
me to do so then I can only observe the instruction. But that will
apply only if there is an agreed relation e.g. employer/employed,
contractor etcetera.

>Agreed, some users may use "for your eyes only" messages lightly,
>but if I send such a message it is because I have a good reason 
for
>doing so, and I must assume a priori that any sender also has a 
good
>reason.

Okay, in such cases I would say turn the tempest viewer on by
default, but in a secure setting the receiver should have the
liberty/privacy/right to turn it off. That does not relieve him of
the need to not break the privacy, liberty or security of the
sender. But that should remain in the hands of the recipient. If
the sender does not trust the receiver to that extent, then don't
send the message.

I trust this clarifies my view and I hope that you can to any
extent agree with what I am saying.

Best regards,
=Dick Gevers=

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Win32)
Comment: GPGShell 2.65a - QDGPG for Pegasus Mail 1.0.3.0 beta4

iD8DBQE9+NLkwC/zk+cxEdMRAptAAJ9wlzs0Y7BjBcn4CDgLmvcG4WaYxQCfcdYx
AXZeL3hgTMWb25OPMzkAYNs=
=n0q+
-----END PGP SIGNATURE-----