Necessity of GPG when using SSL
Janusz A. Urbanowicz
alex at bofh.net.pl
Thu Feb 23 12:03:42 CET 2006
On Wed, Feb 22, 2006 at 10:38:19AM -0500, Benjamin Esham wrote:
> On Feb 22, 2006, at 6:22 AM, Janusz A. Urbanowicz wrote:
>
> >And there is really no point in ecryptiong the whole access since the
> >contents, the emails usually travel the rest of the net unencrypted.
> But wouldn't it be much easier for an attacker to intercept all of your
> e-mail by listening in on an unencrypted webmail session than by trying to
> intercept each e-mail individually somewhere else? I think there
> certainly is a benefit to having SSL-encrypted webmail for exactly that
> reason: less determined attackers will not have access to the plaintext of
> the messages. (Although granted, it would be kind of foolish to depend
> upon SSL webmail if the messages are sent in plain text.)
Answering this question is impossible without actually describing the
attacker's powers (defining a formal threat model). Clarify your question
and ask again, now the answer is: Mu.
A.
More information about the Gnupg-users
mailing list