Encouraging email security.
Daniel Carrera
dcarrera@math.umd.edu
Sun May 18 21:00:02 2003
--J/dobhs11T7y2rNN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Graham wrote:
> > There is such a client, in the form of Mozilla Mail with Enigmail,
> > which has been set up to make it easy for those unused to GPG to use
> > it, but you can alter the defaults to make email handling more
> > powerful. However, it does require GPG to be installed on your system
> > and it is NOT a GUI front end for key management.
I'll take a closer look at Enigmail.
I can try to encourage my friends to use it.
It seems that there are some ways in which Enigmail could be improved:
- It could have a front-end for key creation.
- It could come with GPG, like Malte Gell suggested.
- It could provide a mechanism to import/export keys.
For instance, when it gets a signed email it could prompt the user
to download the public key from a keyserver.
How does this sound?
Malte Gell wrote:
> The last sentence is absolutely true. But Daniel's approach has=20
> something promising I think. Imagine, most popular email clients would=20
> come up with a notice "Dear, XXX you have not yet created a private key=
=20
> for secure email communication. It is strongly recommended..." if=20
> started first !
> Maybe this could be a way to encourage email encryption.
Exactly. If the mail client:
- Encourages the user to create a key.
- Automatically signs messages.
- Automatically downloads a key when it gets a signed message.
There will be a natural push towards email encryption.
> A normal Windows user never gets in contact or cares about encryption, I=
=20
> think some education is needed.
Agreed.
On this note, what can we do about hotmail users?
AFAIK hotmail doesn't offer POP3 or IMAP. Suppose, for the sake of=20
argument, that a hotmail user becomes interested in using GPG. Is there=20
any way for the he or she to start using GPG with their hotmail address?
I guess that they could send GPG attachments, but that's a highly=20
non-optimal solution.
In general. Is there a way for a user with web-based email to start using=
=20
GPG?
It just happens that I know a medium-sized group of people who have a=20
non-trivial motivation to use encrypted communication. For some of them I=
=20
can suggest Enigmail. But many of them use web-based email systems. What=
=20
can I do about them?
Cheers,
--=20
Daniel Carrera | OpenPGP fingerprint:
Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
UMD (301) 405-5137 | http://www.math.umd.edu/~dcarrera/pgp.html
--J/dobhs11T7y2rNN
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (SunOS)
iD8DBQE+x9hk1/ZKhTQTHLARAp0XAKDSVRaXa59QcjxvWcndIpZ22IT3IwCeJAqw
bO+mqioFiXnK7w304idlMB8=
=v0RP
-----END PGP SIGNATURE-----
--J/dobhs11T7y2rNN--