Am Sa 19.07.2014, 22:37:24 schrieb Ingo Klöcker: > > > And what's your threat model, i.e. what do you want to achieve by > > > your symmetric email encryption scheme? > > > > Same answer: This is for users who don't need any threat model > > consideration. > > Huh? Why would those users want to encrypt a message if they don't > have a threat in mind?
I guess the typical case would be that either the sender or the recipient wants the communication encrypted (probably uses real crypto himself) and would use symmetric encryption as the fastest and easiest way to enable the other one to do that (or the only way the other party accepts at that moment). Furthermore: Usually when people start using a new tool or new technology they don't use it right. Probably at least 90% of the OpenPGP users use OpenPGP in a way I would not consider good. They do it because it's OK for them. They probably haven't put much consideration into that – as you have to know a lot about the area to make these considerations. Noone cares about that with normal crypto. Why should this be a hard criterion in this case? I haven't seen the new Enigmail 1.7 yet but the default settings of 1.6 are a nightmare. GPGTools takes worst practice to a new level by doing the same like Enigmail – but without the (easy to find?) option to change it. And even more showing off on the bad side: Certifying keys *without* showing the fingerprint! GnuPG doesn't tell you at which (maximum) level a certain key has been signed. There is no transparency in authenticity, no transparency in key security (part of that: no transparency about PC security, see (German) http://www.crypto-fuer-alle.de/wishlist/securitylevel/), no trancparency in key usage, the current WoT is crap because it offers nearly none of the information you need... That is the current crypto reality. And people are talking about security problems and thread models for symmetric encryption, fighting for good crypto usage? Really? Hauke -- Crypto für alle: http://www.openpgp-schulungen.de/fuer/unterstuetzer/ http://userbase.kde.org/Concepts/OpenPGP_Help_Spread OpenPGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
