Encouraging email security.

[Per Tunedal]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Agree!
The details might have to be modified somewhat. I would personally prefer
to add some key verification by automatic use of robot-CA:s, as I have told
in previous discussions.

Anyhow it's important to work in the direction of a very easy to use tool
for users that are not interested in the technical matters. All projects
working in that direction are wellcome!

It would be fine if some teams would form that could try developing
extremely easy to use encryption software. I suppose in the end a winner
will evolve.

It might be the marketing that makes the winner rather than the technical
solution. Think of a successful software company with an unstable operative
;-)>

Per Tunedal

At 01:46 2003-05-18 -0400, you wrote:
 >
 >A good idea.
 >
 >On Sat, 17 May 2003, Daniel Carrera wrote:
 >
 >> I was thinking about how most people have no understanding or interest in
 >> email security.  OpenPGP is hard enough to understand and use that getting
 >> the majority of the population to use it seems a formidable task.
 >>
 >> I thought of a compromise that might be a step forward.  I was hoping that
 >> those who know more about this than I could offer an opinion.
 >>
 >> There could be a mail client with the following properties:
 >>
 >> 1) Automatically creates a pre-defined key setup (e.g. 4096 RSA,
 >>    1024 DSA, 2048 ElGamal).
 >> 2) Automatically signs, and encrypts emails (when the pub key is
 >>    available).
 >> 3) Here is the big one:
 >>    It stores the user's password in the hard disk, in the style of
 >>    Mozilla, so that the user doesn't have to type it.  It all happens
 >>    automatically.
 >>
 >> This would be a significant down compared to the proper use of OpenPGP,
 >> but a significant up compared to what exists today.  Now emails would go
 >> around signed and encrypted.  In order to read a message an attacker would
 >> have to get the password from the recipient's hard drive.  A determined
 >> attacker could certainly do that, but the casual one would not.
 >>
 >> Today's email system is about as secure as a postcard.
 >> This alternative would raise the bar somewhat bit above sending mail in a
 >> sealed envelope.  It raises the effort needed to eavesdrop in a
 >> conversation or impersonate someone.
 >>
 >> Any thoughts?
 >>
 >> --
 >> Daniel Carrera         | OpenPGP fingerprint:
 >> Graduate TA, Math Dept | 9B32 660B 0557 7D7D 5892 0036 D591 4D05 2938 1B7E
 >> UMD  (301) 405-5137    | http://www.math.umd.edu/~dcarrera/pgp.html
 >>
 >
 >_______________________________________________
 >Gnupg-users mailing list
 >Gnupg-users@gnupg.org
 >http://lists.gnupg.org/mailman/listinfo/gnupg-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+x+3x2Jp9Z++ji2YRAnEpAKCXfByo1Qw4As1aWYGOA4X8OIh7hwCgn6o3
mXJ3K97edXZBlE9+3ndHb/s=
=EIXr
-----END PGP SIGNATURE-----