ietf
[Top] [All Lists]

Re: Agenda, security, and monitoring

2014-02-02 02:55:12
On 2/2/2014 12:48 AM, Patrik Fältström wrote:
On 2014-02-02 00:34, Dave Crocker wrote:
1. It has demonstrated unacceptable usability for average users.

At last my view and experience is that latest Enigmail and MacGPG is
making it usable.

The key exchange is hard, but works really well in Enigmail+Thunderbird,
as key management is directly from mail read/compose window. Not in a
separate application.

You think that's a system that can and will be convenient and used by the mass market???

So why isn't it already?


2. It does not protect the header or the envelope, to the extent anyone
cares about divulging the Subject or other message meta-data...

Correct. It only protects what it protects.

3. It's packaging in the body is ugly. (See #1)

Huh?

It is using multipart/signed just like other security mechanisms that
protects the body.

Take a look at the message that John posted, opening this thread. That some systems use multipart/signed is fine, but it's not what's most common for PGP.

d/


--
Dave Crocker
Brandenburg InternetWorking
bbiw.net