Conversation:
Notices
-
zoowar (zoowar)'s status on Sunday, 03-Nov-2013 11:39:09 EST 
zoowar
Ask HN: Why is PGP not used widely? !darknet !crypto https://news.ycombinator.com/item?id=6662798 -
morph (morph)'s status on Sunday, 03-Nov-2013 12:05:32 EST 
morph
@zoowar Most people don’t want to be bothered with anything that is suspected to be too technical and complcated at all. But the use of PGP is really not nice, although you don’t need really dig too deep into crypto. -
zoowar (zoowar)'s status on Sunday, 03-Nov-2013 12:33:58 EST
zoowar
I don't follow your second sentence. -
morph (morph)'s status on Sunday, 03-Nov-2013 13:41:15 EST
morph
@zoowar I meant you would not need to learn a lot about cryptography to handle PGP mail, but people think it is too complicated and/or are too lazy to look at it. -
zoowar (zoowar)'s status on Sunday, 03-Nov-2013 13:44:44 EST
zoowar
I like the idea of renaming public/private to something like lock/key which would resonate more clearly with the unthinking masses. -
morph (morph)'s status on Sunday, 03-Nov-2013 14:29:52 EST
morph
Yes, and just a “encrypt” button to enable it. I also think maybe it would be a good idea to include a GPG package by default within the installation routine of mail clients. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 17:52:43 EST 
Joshua Judson Rosen
I think one of the things that killed #e-mail !crypto was the refusal to store messages decrypted even after they've gone end-to-end. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 18:00:43 EST
Joshua Judson Rosen
e.g., #e-mail !crypto in #Thunderbird still means I can't #search *local* messages lest I be vulnerable to someone breaking into my house. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 18:13:08 EST
Joshua Judson Rosen
Not being allowed !crypto for #privacy on an insecure public net unless I also fear for physical #security in my house/office is #bullshit. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 20:52:57 EST
Joshua Judson Rosen
Love how the #Enigmail FAQ says "IF a message was confidential enough to be encrypted…" ☹ https://www.enigmail.net/forum/viewtopic.php?f=10&t=637 !crypto #FAIL Joshua Judson Rosen likes this. -
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Sunday, 03-Nov-2013 21:34:17 EST 
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
Thunderbird correctly keeps the message store encrypted, but should be performing decryption on-the-fly for searching, or keep an encrypted, hashed index for speedy searches. But that requires a level of !crypto integration that Enigmail doesn't yet offer. -
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Sunday, 03-Nov-2013 21:39:33 EST
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
More accurately, Thunderbird correctly stores encrypted messages in an unencrypted message store. Would be nice if the message stores were encrypted too, so I'd be less concerned about keeping mail on another computer. -
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Sunday, 03-Nov-2013 21:44:55 EST
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
What @SteveKlabnik said: Use GnuPG/PGP even if you *don't* understand it. You might be using a weak key, or accidentaly signing your mail with my public key, but even poor !crypto practices are better than no !crypto at all (but beware the false sense of security given by simple, easy-to-use, weak !crypto) See his pretty good speech at https://www.youtube.com/embed/LjZk8PP-u3c -
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Sunday, 03-Nov-2013 21:48:07 EST
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
And if you're doing it wrong, there are lots of us !crypto geeks willing to provide advice: https://www.cryptoparty.in/ -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 23:45:55 EST
Joshua Judson Rosen
You say "correctly", I still say #bullshit. If I wanted my local files encrypted, I'd encrypt my local filesystem. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 23:48:40 EST
Joshua Judson Rosen
The transport doesn't get to dictate how data gets stored/used beyond its endpoints. Imagine if SSH left stdout encrypted.... -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 23:52:28 EST
Joshua Judson Rosen
Imagine if TLS required that `anything that was sensitive enough to encrypt during HTTPS transit' was also stored encrypted on both ends. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 23:53:26 EST
Joshua Judson Rosen
I just want end-to-end #security, not `up-my-end' security. Like TLS, which "correctly" doesn't impose encryption beyond the transport. -
Joshua Judson Rosen (rozzin)'s status on Sunday, 03-Nov-2013 23:55:37 EST
Joshua Judson Rosen
I don't want to have to maintain my PGP keys and passwords, after revoking them, just to read my old #e-mail. Having to is what killed PGP. kuro likes this. -
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Monday, 04-Nov-2013 00:24:18 EST
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
GnuPG/PGP isn't transport-layer encryption. For e-mail it's a message container that has to be opened separately; similar for files. If you want to store a message plain text, save it as plain text. The problem is that mail clients or their !crypto plugins have tried to make the encryption layer seamless with the transport layer or the message store. The analogy of a (plaintext) pos… -
Joshua Judson Rosen (rozzin)'s status on Monday, 04-Nov-2013 17:22:04 EST
Joshua Judson Rosen
@bobjonkman, I'm not disagreeing. I'm saying: you're right, and that's the problem. ☹ -
Joshua Judson Rosen (rozzin)'s status on Monday, 04-Nov-2013 17:46:45 EST
Joshua Judson Rosen
#HOWTO craft a solution-in-search-of-a-problem that nobody wants to use: Step 1, get your #user-story wrong. -
Joshua Judson Rosen (rozzin)'s status on Monday, 04-Nov-2013 17:51:31 EST
Joshua Judson Rosen
I'm not convinced that PGP couldn't be used to implement `just end-to-end secure' e-mail if the !crypto community could actually value that. -
lnxw37 (lnxwalt on quitter) (lnxw37)'s status on Monday, 04-Nov-2013 18:10:31 EST 
lnxw37 (lnxwalt on quitter)
@rozzin @bobjonkman ISTM that there should be a way to make a PGP / WOT alike secure end-to-end transport. But I'm not a security guru. -
zoowar (zoowar)'s status on Monday, 04-Nov-2013 18:13:09 EST
zoowar
Would protect the data, but not the meta data. Still should use tls. -
zoowar (zoowar)'s status on Monday, 04-Nov-2013 21:03:44 EST
zoowar
An important issue rarely voiced. Good job. -
Joshua Judson Rosen (rozzin)'s status on Friday, 28-Sep-2018 16:22:38 EDT
Joshua Judson Rosen
Holy crap! "Since version 1.8, Enigmail can decrypt mails permanently." https://enigmail.net/index.php/en/faq-en?view=topic&id=15 #enigmail #pgp #crypto
-
All Hacker Poesy content and data are available under the