How do you help someone to encrypted email (Re: How do you let your M.D. ...)

Duane Whitty duane at nofroth.com
Fri Dec 2 15:57:14 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 16-12-02 03:39 AM, Bernhard Reiter wrote:
>> so that it's easier for folks unfamiliar to setup and use than
>> having to go over the too long material
> 
> Within next year, someone will just need to use an email client 
> that support the following technical solution:
> 
> https://wiki.gnupg.org/WKD
> 
> This is something the GnuPG team is actively working on.
> 
> Best Regards, Bernhard
> 
> 
> 
> _______________________________________________ Gnupg-users mailing
> list Gnupg-users at gnupg.org 
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 

First let me say thank you to the developers of gnupg and all the
tools and scripts and everything else that goes into creating and
running a project as complex as this.  And thanks to all the helpful
people on the list.

Regarding WKD:  I'm sure this will be a great tool for fetching public
keys and will make life easier for many people on this list.  Thank
you for your efforts Bernhard!

<Rant>
(Putting on fireproof suit :-) )

My personal feeling and opinion however is that public key management
is not the barrier to adoption of gnupg for everyday users who would
like to increase their security.

I believe that outside of the lack of awareness that their privacy is
being ignored, the problem is mostly private key management and the
unfortunate fact that most of the email clients that most people use
on the most popular platforms don't support encrypting and decrypting
mail.

I'll be the first to admit that I don't know how to make it easy for
users to be able to generate a private/public key pair wherein the
private key can be stored relatively securely and be available for use
with their gmail or other email platform of choice from the desktop,
laptop, tablet, and phone.  Sure you can use a smart card reader to
solve the availability issues but then you have to deal with all the
software issues.  Most people have no knowledge about any of this let
alone the existence of tools like smart card readers.

I realize there is an argument to be made that people need to exercise
personal responsibility when it comes to their security.  But I
believe adoption will be limited to the technically adept until we can
make using encryption and decryption an understandable and short
process for people who only use their computers to run "canned"
applications and send mail.

(Thinking out loud)
I wonder if a solution akin to what the password managers do is
possible?  Maybe storing a private key in a password manager would
work for a lot of users.  It's not as if anyone would be forced to do
this.  Create a partnership with a few of the password managers that
would require a key be protected by a 30+ character random password
and then users could access their private key from anywhere once
they've logged into their password manager.  Just a thought and
clearly it's not the most secure method but maybe it is secure enough?
 Still doesn't solve the problem of having gnupg available and
integrated on all the different platforms.

(keeping fireproof suit on for a while :-) )
</Rant>

Thanks for your indulgence and patience :-)

Best Regards,
Duane

- -- 
Duane Whitty
duane at nofroth.com
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJYQYvKAAoJEOJfpr8UVxtkJPgH/1iH2Lk9WFUgE+mkhbJRivsc
HnPOzCY+XqWQkWSy7T9kgGddvnf/0jhanApsOnkOiVIUI44XOxuH2dViUbkoEDbj
bl+eAjVttVzpyoyVhgwU7jmnsxj4BRvH+6vbTWp3bWt1Cdwz5MTcvsL1nfAgm7zR
gAXR251Ul0kL+rFuM/SWe6DXlYoj5ZPWZRpCUR+cuP55PzYJTnoJeAvSMtoktBbH
aFDVVyltNJhjikMRTDZ93VJWd0KAytGjCZntnYtwssFbxNkBJIh92ODkEuB8Rj/M
mAqnzpKW7TLOjaAFXnD3Nyg4ATy4M3oK0hm+qV6IbTqEjzXspHlw/wubBHwZWfA=
=Dm3t
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list