We have GOT TO make things simpler

Tony Lane codeguro at gmail.com
Wed Oct 9 06:26:31 CEST 2019


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 10/8/19 9:21 AM, Jeff Allen via Gnupg-users wrote:
> On 10/7/19 4:59 PM, Sheogorath via Gnupg-users wrote:
>> Protonmail on the other hand is able to speak OpenPGP, they just don't
>> do it. Not even when you answer to a OpenPGP encrypted email, which will
>> result in the answer getting send to you in plaintext. And since a reply
>> contains a copy of the original email at the bottom you also get your
>> own, previously encrypted mail as answer without encryption.
> 
> I disagree.  No widely used OpenPGP implementation is going to
> automatically encrypt replies to encrypted email out of the box.  With
> ProtonMail you have to import your correspondent's public key and flip
> an encryption switch in settings. You have to do that with GnuPG too,
> whether you are working from the command line or using
> Thunderbird/Enigmail or a GUI front-end.

Not quite. Enigmail addon Thunderbird and even GPGMail addon for Apple Mail
encrypt it out of the box if you reply to a recipient who's sent you an an
encrypted email if you already imported their public key. Moreover, the
private key is stored on your local machine so no middleman can read it
without access to your device. AFAIK, protonmail holds your private keys
for you in some server. That doesn't sound very safe to me, and I wouldn't
take that risk. I would argue even Gmail with inline PGP encryption over
Enigmail or GPGMail is more secure than protonmail for this reason alone.

>> And no, making a mail account at each of those providers is no solution.
>> We have email to explicitly not run into this problem.
> 
> Sure it's a solution.  I have accounts at both.  Most of my email is not
> encrypted because, as the original poster pointed out, most people I
> communicate with are not particularly interested in privacy.  When a
> private discussion _is_ required, I suggest that we have it on one of
> those platforms.

That seems terribly inefficient. Do you intend to maintain accounts on
each of these platforms and take all of the risks of each into account?
You must have a lot more trust than I do, but I digress. I think his whole
point is "We should use e-mail as an insecure transport protocol and do 
secure end-to-end encryption on an agnostic encryption module such as GPG".
And it makes sense to do things this way if you want to be secure.
And before you point me to how PM stores your private keys (I've read it),
remember that all of that salting and hash/password storage is done using
business logic they developed, which means anytime there's an update,
hidden or announced, you are running a risk of a backdoor being introduced.
Can you even audit that code? At least with GPG I can not just audit but
also substitute the module with any OpenPGP-compliant library. This gives
me a heck of a lot more freedom (and security) than maintaining a
thousand different accounts on a thousand different platforms.

-----BEGIN PGP SIGNATURE-----

iLgEARMKAB0WIQQWZv6JZKxO310TWtXo8fj9gx4T0wUCXZ1hdwAKCRDo8fj9gx4T
03jGAgdQ5F64jhGM2rYwAJjGW0sD75tE029SMUxSbL2mV90XcL6Rdu94YL6oTpSE
QJWP93dCYmqvX9btuRviFBjuIyBtmAIJASKWeAzEyfrva2ljveBPOru3XsvM5xL4
bHwgTEmycH6nG6JMwBIu5A450OdEIC/83EgRVFXG4NZo67ndhHTGA+KN
=K5la
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list