How to improve our GUIs (was: We have GOT TO make things simpler)
sheogorath at shivering-isles.com
Fri Nov 1 22:06:12 CET 2019
On Fri, 2019-11-01 at 15:42 -0400, Tony Lane via Gnupg-users wrote:
> On 10/29/19 8:33 PM, raf via Gnupg-users wrote:
> > Hi,
> > Sorry if this was mentioned before but I've just come
> > across a novel approach to email encryption that
> > doesn't do end-to-end encryption, but rather it
> > encrypts email upon receipt so that an individual can
> > encrypt the email that is stored in their IMAP account
> > as it arrives without the need for every sender to
> > encrypt and without the need for any service provider's
> > involvement
> That doesn't sound very safe. My interpretation of the
> goals of GPG is two server two purposes:
> 1) To transmit data securely over an insecure medium in
> a way such that it can protect itself against some
> eavesdropper or man-in-the-middle listening, or...
> (2) Provide a means to create digital signatures on data
> such that you can be assured that some message was sent
> only by someone who possesses the private key who's
> public key you've added.
> Your proposal doesn't seem to address the MITM attacks.
> It doesn't seem deal with signatures either.
> It seems only to encrypt things only on receipt. What
> does that protect against, exactly? Maybe I'm missing
> something here...
TL;DR: It's about damage control.
This idea considers the email provider as an entity that the user
trusts in the perspective of not being an intentional eavesdropper. But
it counts in the possiblity that an email provider might gets
compromised and mail content is extracted or existing mails might be
searched. And that's what it tries to protect from.
All this can be achieved by proper rolled out OpenPGP, but we see that
we are not there (yet?). Something quite positive about the idea is the
fact that re-encryption of the emails happens which is something we
might should consider to simplify with gnupg as well.
When there is one problem with OpenPGP encrypted emails, then it's the
fact that we don't re-encrypt them on a regular basis (at least I don't
hear anyone talking about this). Cryptographic functions (or at least
their parameters) are aging rather bad, which means my 10 year old
mails might be easy to crack in 5 years because of whatever found
problem in the algorithm (or parameters used for it) from 10 years ago.
It's a cold storage problem that this approach seems to try to solve,
which is a rather refreshing idea, even when I agree that it has its
own set of problems.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part
More information about the Gnupg-users