PGP/MIME use

Steve stevebell at gulli.com
Tue Feb 21 01:55:29 CET 2012 

> . . .
>> Mozilla is founded ["funded" probably] by Google. Without Google
>> they would be gone.
>> Googles business model is not to protect the user but to analyze him.
>> That is not possible when you use mail encryption.
>> 
>> The question is still valid and imo, some pressure from the user
>> community might help to bring Thunderbird to the point where it can
>> be downloaded containing enigmail.
> . . .
> 
> Just considering your own points, would you trust an encryption
> functionality you thought was written in a way satisfying Google?


Sorry. Funded of course. And to answer your question. No I wouldn't. But would you still trust OpenPGP if it was delivered with every chromebook? Maybe that wouldn't satisfy Google, but I never asked for encryption technology that satisfied Google.

Robert wrote:
> I'm not a particular fan of Google (or Facebook or what-have-you), but
> let's make sure our criticisms of them match up to reality.

You might be correct. But also we all know that if Google has access the US gov does have access as well (other expamples would be dropbox, twitter, …). And although I might only tell my mom to buy 6 egg for a cake I'm going to make, I still don't want them to read that. Neither Google (which you say they don't  - but since we can't look into their internal mechanisms we'd have to trust them and if you ask me "do you trust google" I'd rather not) nor the US gov (which we know they do). Why again was it, that europe needed to sign swift-treaty?

> 
>> The question is still valid and imo, some pressure from the user 
>> community might help to bring Thunderbird to the point where it can
>> be downloaded containing enigmail.
> 
> You're certainly welcome to.  If you'd like to see Enigmail bundled with
> Thunderbird, then please write the Thunderbird developers a
> politely-worded email asking them to look into it.  

Will do.

>> The arguments by Robert seem to be rather minor compared to the huge
>> benefit delivery of save communication would bring.
> 
> There is virtually nothing OpenPGP can do that S/MIME cannot do.

Hm, that was also bothering me with the other mails you wrote on this topic earlier. It's already very late here, so bare with me I'm taking this from remembrance. You said due to the fact that the world is very big and web of trust not used much, it can't serve as a good information tool since most likely the signatures will be from people I don't know. 

I'm not so sure about that.  Wonder why google called the grouping feature in G+ "circle"? We communicate and behave and live in circles. This list is just another circle. And I might know e.g. our beloved Werner Koch from another project than this list. Or I might know Robert from another context than this list. The context might be the same (e.g. computersecurity) but it will still be the same people because at any time only so and so much people are currently dealing with a certain topic with a certain level of expertise. Wouldn't that mean that actually the web of trust should work well?

I think the web of trust is an awesome idea and again (as with encryption in general) it's up to each and every human to make use of those tools. Eventually the web of trust might become very informative indeed.

Isn't the big difference that OpenPGP is a decentralized concept while S/MIME requires centralized infrastructure?  And I have to say, currently I'd rather go with decentralized. Again, it boils down to the question of trust. I'd rather trust the web of trust than an anonymous centralized entity for which I don't know why they are in this business and who exactly is behind  the curtain of a company name (there is no business with a decentralized web of trust and imo it's much harder to corrupt it).


> There are certainly some implementation differences between the two, but in
> terms of broad capabilities they're almost identical.  If you want email
> encryption capabilities, they're already there.  If you want OpenPGP
> specifically, you'll need to find things OpenPGP can do that S/MIME
> can't do, and pitch it to the Thunderbird developers on that score.

See above.

>> Imagine a world in which Windows and OS X are delivered with
>> OpenPGP.
> 
> Windows and OS X are delivered with S/MIME already.  If people aren't
> using S/MIME (and they overwhelmingly are not!), why should we believe
> the presence of an OpenPGP suite would change their behavior?

Again, see above

>> Call me idealistic, but I think it's up to the community to make that
>> happen.
> 
> I'm not trying to dissuade you, but the people you need to convince are
> not on this mailing list.  :)

I am well aware of that fact. I just wanted to add my thought to this very interesting discussion. And maybe it's us (the people on this list) that can make a change. It has to start somewhere…

All the best, steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120221/1d04f5a5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20120221/1d04f5a5/attachment-0001.pgp>

More information about the Gnupg-users mailing list