STEED - Usable end-to-end encryption

Ingo Klöcker kloecker at kde.org
Wed Oct 19 22:10:30 CEST 2011 

On Wednesday 19 October 2011, Harakiri wrote:
> --- On Mon, 10/17/11, Werner Koch <wk at gnupg.org> wrote:
> > From: Werner Koch <wk at gnupg.org>
> > Subject: STEED - Usable end-to-end encryption
> > To: gnupg-devel at gnupg.org
> > Cc: "Marcus Brinkmann" <marcus at gnu.org>, gnupg-users at gnupg.org
> > Date: Monday, October 17, 2011, 2:11 PM
> > Hi!
> > 
> > 
> >   http://g10code.com/docs/steed-usable-e2ee.pdf
> > 
> > There is also a brief (for now) web page dedicated to this
> > project:
> > 
> >   http://g10code.com/steed.html
> 
> Here is some input, you might not like it - but still:
> 
> I dont see any ground breaking new approaches to the topic - key
> search via DNS has been in commercial products for over 10 years
> already - nothing new - heck isnt there even an RFC that describes
> this?
> 
> Letting the keys automatically be generated by the client is not a
> new approach either commercial solutions do this too - however - did
> you think of the keys the user already has? His ID for example - you
> are sponsored by the german government - the first thing which
> should have come into your mind is that everybody can use his
> "Personalausweis" as a Smartcard because it already has a
> private/public keypair.

No, it does not. At least, not by default. If you buy a qualified 
certificate then you can put this certificate on your "Personalausweis", 
but, given how expensive such a certificate is, I doubt that a lot of 
people will use this feature of the Personalausweis. There are probably 
more people with an OpenPGP-capable smartcard than there are people with 
a German Personalausweis with an expensive certificate.


> Other european countries could follow...
> 
> Also - inventing just ANOTHER protocol for email encryption that mail
> clients should implement? Heck, the only protocol available in all
> major mail clients right now for out of the box encryption is only
> smime - for PGP you need plugins - even after so many years there is
> no out of the box solution for the other major standard - lets not
> talk about all the compatibility issues with smime in all existing
> clients. And you just want add another NEW standard which will solve
> issues? I dont think so.

What NEW standard are you talking about? Werner wants to use OpenPGP. 
The only thing he wants to simplify is key exchange.


> Use existing tools most user have installed on his machine by default
> - work with these and get a suiteable end-to-end encryption going!

I'm not sure what existing tools you mean. Are you talking about S/MIME? 
You said yourself that S/MIME is no viable solution because of 
compatibility issues.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20111019/5d5ec40e/attachment.pgp>

More information about the Gnupg-users mailing list