ietf
[Top] [All Lists]

Re: Agenda, security, and monitoring

2014-02-02 03:00:50
On 2014-02-02 09:54, Dave Crocker wrote:
On 2/2/2014 12:48 AM, Patrik Fältström wrote:
On 2014-02-02 00:34, Dave Crocker wrote:
1. It has demonstrated unacceptable usability for average users.

At last my view and experience is that latest Enigmail and MacGPG is
making it usable.

The key exchange is hard, but works really well in Enigmail+Thunderbird,
as key management is directly from mail read/compose window. Not in a
separate application.

You think that's a system that can and will be convenient and used by
the mass market???

So why isn't it already?

Several reasons, but specifically two:

A. Even people like we engineers (just look at your message) is unaware
of the good software that is out there

B. It is not supported by Microsoft/Outlook out of the box

2. It does not protect the header or the envelope, to the extent anyone
cares about divulging the Subject or other message meta-data...

Correct. It only protects what it protects.

3. It's packaging in the body is ugly. (See #1)

Huh?

It is using multipart/signed just like other security mechanisms that
protects the body.

Take a look at the message that John posted, opening this thread.  That
some systems use multipart/signed is fine, but it's not what's most
common for PGP.

I disagree.

   Patrik


Attachment: signature.asc
Description: OpenPGP digital signature