Encouraging email security.

Malte Gell malte_gell@t-online.de
Sun May 18 18:53:32 2003


=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Am Sonntag, 18. Mai 2003 06:33 schrieb Graham:
> On Sunday 18 May 2003 12:42 am, Daniel Carrera wrote:
>
> [snipped]
>
> > There could be a mail client with the following properties:
> >
> > 1) Automatically creates a pre-defined key setup (e.g. 4096 RSA,
> >    1024 DSA, 2048 ElGamal).
> > 2) Automatically signs, and encrypts emails (when the pub key is
> >    available).
> > 3) Here is the big one:
> >    It stores the user's password in the hard disk, in the style of
> >    Mozilla, so that the user doesn't have to type it.  It all
> > happens automatically.
>
> There is such a client, in the form of Mozilla Mail with Enigmail,
> which has been set up to make it easy for those unused to GPG to use
> it, but you can alter the defaults to make email handling more
> powerful. However, it does require GPG to be installed on your system
> and it is NOT a GUI front end for key management.

The last sentence is absolutely true. But Daniel's approach has=20
something promising I think. Imagine, most popular email clients would=20
come up with a notice "Dear, XXX you have not yet created a private key=20
for secure email communication. It is strongly recommended..." if=20
started first !
Maybe this could be a way to encourage email encryption. Under GNU/Linux=20
many people come in contact with encryption when using e.g. rpm -v=20
=2D --checksig to check RPM files.
A normal Windows user never gets in contact or cares about encryption, I=20
think some education is needed.
Mozilla could be a start, it is so big, it wouldn't make a big=20
difference if GnuPG and enigmail would become part of it. For many=20
Windows users it may be the first time to install an OpenPGP compliant=20
product and to get in contact with email encryption. And if Mozilla=20
would "complain" "Dear, XXX, you have not yet..." I think this would be=20
a big step forward.
How large is Mozilla for both, Linux or a Windows user ? !8,19 or 20=20
MB's ? Now, if GnuPG would be part of it, the additional 1 or 1.5 MB's=20
wouldn't be much addtional "bloat". I'm especially thinking of the=20
Windows users at this point, because under GNU/Linux GnuPG is already a=20
de facto standard and GNU/Linux users are used to use GnuPG. Wouldn't=20
this be a nice approach ?

=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iEYEAREDAAYFAj7HuroACgkQGzg12gD8wBYZkQCeLw9wm1Ss7mZiR22WmOoXKAKq
sRIAoJucxWL8GAJzY3EU5zCbWwPIMPC+
=3DMRij
=2D----END PGP SIGNATURE-----