Promoting the usage of OpenPGP

Ingo Klöcker kloecker at kde.org
Mon Dec 9 20:36:13 CET 2013 

On Friday 06 December 2013 10:10:41 Werner Koch wrote:
> On Thu,  5 Dec 2013 21:38, kloecker at kde.org said:
> > Unfortunately, I think email is a lost cause because there are so
> > many different mail clients that will never support encryption. I
> > think we
>
> Please name those email clients.  I am not aware of any mainstream
> mail cleint without encryption support (yes, Notes, but that is not
> mainstream).  The real problem are webmailers.

Exactly. Webmailers was what I was thinking about. And probably mail 
clients used on mobile devices. I don't know how many of those support 
encryption.


> > have a much better chance to replace email with something new that
> > has end-to-end encryption (and probably also authentication) built
> > in than we have to fix email.
> 
> There are some groups proposing this for some time now.  A few of them
> have an obvious business case for their new system.
> 
> However, mail will stay with us because everything works by mail. 
> Mail has replaced letters, folder and files cabinets.  You can't
> replace that with an online communication system, much as it is not
> possible to replace documents with phone call.  Mail is not done for
> the communication but for documenting transactions.

Where? AFAIK, in Germany, we still have to send faxes or registered 
letters with reply advice because email is not approved. (Well, maybe 
de-mail or whatever it's called is, but who's using that?)


> A business needs
> to retain most of its communication for 10 years and more.  In
> Germany you are even required to archive certain private mails for 2
> years (invoices by craftsmen).  The online media is by design not
> able to fulfill such requirements.

What do you mean by "online media"? Is de-mail such an "online medium"?


> Well, some are saying “you may send an attachment” using our system.
> But in this case you are back to standard mail with just a different
> transport layer (i.e. no RFC-821).  RFC-822 will stay with us and it
> is actual trivial to secure.  Given that anonymity is very hard to
> impossible to achieve using the current internet infrastructure, I
> would also claim that SMTP will stay for the foreseeable future. 
> STARTTLS is security wise not very different from https and has a
> chance to work reliable as soon as we have working mechanism to
> replace PKIX.

I don't dispute that. And yes, key exchange is the real challenge.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20131209/57975801/attachment.sig>

More information about the Gnupg-users mailing list