Necessity of GPG when using SSL

Janusz A. Urbanowicz alex at bofh.net.pl
Thu Feb 23 12:03:42 CET 2006


On Wed, Feb 22, 2006 at 10:38:19AM -0500, Benjamin Esham wrote:
> On Feb 22, 2006, at 6:22 AM, Janusz A. Urbanowicz wrote:
> 
> >And there is really no point in ecryptiong the whole access since the
> >contents, the emails usually travel the rest of the net unencrypted.
 
> But wouldn't it be much easier for an attacker to intercept all of your
> e-mail by listening in on an unencrypted webmail session than by trying to
> intercept each e-mail individually somewhere else?  I think there
> certainly is a benefit to having SSL-encrypted webmail for exactly that
> reason: less determined attackers will not have access to the plaintext of
> the messages. (Although granted, it would be kind of foolish to depend
> upon SSL webmail if the messages are sent in plain text.)

Answering this question is impossible without actually describing the
attacker's powers (defining a formal threat model). Clarify your question
and ask again, now the answer is: Mu.

A.



More information about the Gnupg-users mailing list