Email Clients and digital signatures

[John Clizbe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

<It must be time for some vacation. Sent to Joe instead of to the list>

Joseph Bruni wrote:

> On Wednesday, July 2, 2003, at 03:32 PM, R.Emory Lundberg wrote:
>> On Tuesday, July 1, 2003, at 11:15 AM, Thomas Arend wrote:
>>> Windows 98 is not a very good chice from the security aspect. Indeed
>>> itīs the worst. Outlook is also not a good choice as MS Office.
>>>
>>> My proposal is try Linux, Ximian Evolution OpenOffice.
>>
>> I don't want to get into a huge thing here, but it would have been
>> more helpful to point out that this person can run OpenOffice on their
>> own Windows PCs.  A Linux PC as a workstation isn't really
>> substantially "more secure" than a Windows 98 PC - *especially in the*
>> *hands of someone that has never used it before*.
>>
>>
> With this statement I would very much disagree. Win95/98/ME are based
> on DOS and use the DOS security model -- i.e., none at all. Whereas,
> Linux borrows from the Unix security model (users, groups, access
> control, etc. enforced by the kernel). The only way Linux could emulate
> DOS in this manner *is if the user logged in as root*, but none of the
> DOS-based Microsoft operating systems can emulate the security of Unix.
>

<emphasis added above>

I don't think Emory was arguing that the design/architecture of a Linux
worksatiion was no more secure than that of DOS, but that the *use* of
one, in the hands of an inexperienced user, often is. Usually, for the
exact reason Joseph mentioned, they login and run as root. They also tend
to over-install and run network services which would be better left disabled.

Different security designs because of OS heritages - DOS on signle-user
PCs; Unix evolving on networked shared timeshare systems. Unix/Linux
systems make the assumption that one knows what he is doing. That is their
heritage. Windows approaches from the philosophy of making computers
<ack-ack> "easy to use". Microsloth wants you to eXPerienthhh your
computer (I want to *beat* the marketing-droids that created THAT
concept/campaign).

I agree that not running OE/Outlook (LookOut?) is a positive step. I think
I once saw Outlook described as "A huge security hole with a small e-mail
client attached". But I disagree that one must switch to Linux to get a
safe(r) email client. Clients exist for WIN32 that avoid all, if not most,
of the problems stemming from MSFT's tight coupling of client and OS:
Mozilla/Phoenix, Beonex, Pegasus, Eudora, Becky, The Bat!,... Some of
these like Mozilla and Phoenix make encrytion/signing relatively easy with
the Enigmail addon for GnuPG. Eudora supports a PGP plugin.

When Evangelizing users away from OE/Outlook, one needs to remember that
all users are not as techno-savvy as many on this list. To win converts a
product needs to be easy to install and configure, relatively simple to
use, and provide a high degree of interoperability and functionality. As
the original poster asked, "Can this be implemented ... easily without
having to read tons of HOWTO documents?" The answer sadly is still "Maybe".

I got my partner to make the move from IE/Outlook to Mozilla simply by
showing how things HE wanted to do were easier/possible using, in this
case, Netscape.  But not everyone is "blessed" with a live-in tech support
department.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr1 (Windows 2000)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/BMNcHQSsSmCNKhARAomnAKCradDekTWvcsj0nfElJeqQ3sgeHQCdHTai
QJIDcZ06sLRCvAFwusca5Js=
=aLr3
-----END PGP SIGNATURE-----