Neil Williams
Sat Apr 12 19:15:02 2003

Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
Content-Description: signed data
Content-Disposition: inline

On Saturday 12 April 2003 1:53 am, Denis McCauley wrote:
> Neil Williams wrote:
> Maybe I'm a bit thick, but I can't find an option to queue encrypted
> or signed messages on my version (Enigmail 0.71 on Mozilla 1.2.1 on
> w2k), though it can be done for unencrypted/unsigned messages. I have
> to encrypt or sign with gpg outside the mailer, copy to the composer
> and then queue the message.

Doesn't Ctrl+Shift+Return work? Have you not got Enigmail set to sign by 
default? It might be worth setting up an identity where this can be used. If 
not, it just goes to show that Windows simply isn't up to the job.

> I keep in mind a comment by Bruce Schneier: "Some firewalls are
> reasonably effective", and I've seen examples of sites reading my file
> structure through IE (not with Mozilla, but I'm careful all the same).

That's IE's fault, not the firewall!!! Those exploits can be patched but new 
ones keep appearing. I switched to Linux instead. Mozilla doesn't provide 
holes like IE as it is not part of the operating system like explorer. On 
Linux, Mozilla behind a iptables deny-all firewall simply has no permission 
to even read the filesystem structure as it runs as a user. Unlike Windows, 
the user on Linux is NOT given permission to access the filesystem structure 
outside the home directory, that is reserved for the sys admin user. All 
attempts are simply refused. 

Your basic problem is that Windows runs as the system admin even when the user 
doesn't have a clue. Worse, it runs a scripted environment that can be 
modified by the not-a-clue user but which still runs as the super-user. On 
Linux/Unix, the system runs as super-user and no other user has any 
permission to access the system. Users have access to their own home 
directories (and not to each others) and have no permission to modify the 
system environment. That's how my machines keep running even when a user 
trashes their own environment. As the firewall is part of the system, there 
is no way for a user (or user program) to interfere with the port 
configuration directly.

> Once the firewall is opened for the browser there's a potential
> problem.

Depends on the browser and the operating system. If a request is received on a 
port opened by the browser, the request doesn't have to completed - it's down 
to the security of the browser and the operating system behind it.

> Cheers,
> DM
> _______________________________________________
> Gnupg-users mailing list


Neil Williams

Content-Type: application/pgp-signature
Content-Description: signature

Version: GnuPG v1.2.1 (GNU/Linux)