storing password lists in mails to myself on IMAP?
Robert J. Hansen
rjh at sixdemonbag.org
Fri Feb 16 18:16:39 CET 2007
> Maybe you should think things through, or God forbid even run a
> few tests or something before puffing your chest there Robert.
> Especially when you're in the unenviable position of potentialy
> being your own proof of concept.
I don't know why you have such an allergy to being shown wrong. Or
why you think I do.
It works like this: if you can find me a commonly-used IMAP client
that's this stupid, then I will welcome being shown wrong. And
really, why shouldn't I? Being wrong isn't the end of the world.
But until you can show me an IMAP client in common use which is dumb
enough to store sensitive and arbitrary data server-side, then I'm
going to continue to say this is a nonissue and you shouldn't worry
You can also assume the existence of MUAs which, when you encrypt
data, will also send an unencrypted copy to a recipient. This could
be done while still being perfectly in accordance with the OpenPGP
spec. And yet, we're not worried about MUAs doing it. Why? Because
it's so incredibly dumb that we're going to assume people are smarter
than that. The same logic applies here.
Once you show me a commonly-used IMAP client that's this stupid, I'll
happily admit that yes, I was wrong, and some IMAP client authors are
this stupid. But until then, what's the use in fearmongering?
More information about the Gnupg-users