Wiktor, On Fri, Jul 06, 2018 at 09:12:26PM +0200, Wiktor Kwapisiewicz wrote: > >On that basis I think Mutt should force the user to explicitly decide > >that they want to fetch a key, by doing so through the gnupg > >interface. > > Is asking the user if they want to fetch the key interactively (if > the key is not found locally) not an explicit decision?
Not necessarily! Users get in the habit of accepting dialogs because, well, obviously I want to do what I just said I want to do! > Or do you mean that the user should exit mutt and run gpg manually? Yes. > >Another way to look at this: Mutt likes to relegate tasks to an > >application which is designated for that task. [...] > Yes, I agree. The problem is that GPGME does not respect user > preferences w.r.t. key retrieval (stored in gpg.conf). I will ask on > gnupg-devel list if this is by design. Yes, I can see that this is a problem. But Mutt's philosophy has generally been that the tool designated to do the job should do the job, and a bug in that tool should generally not be worked around in Mutt, though exceptions exist when the situation calls for it. I'm not convinced this one calls for it... the GnuPG people are pretty reasonable and responsive. Your other points are all reasonable, and like I said, my opposition to the feature isn't strong--but you didn't change my mind either. :) There's a trade-off here, as is often the case with security-sensitive issues. If you make it too easy, it will be used improperly, some percentage of the time, defeating the security that was meant to be added. If you make it too hard, it won't be used at all when perhaps it should. It's become my opinion that e-mail privacy is a lost cause. There are too many ways it can fail for you to be able to be confident that it has not (in the event you actually have any communications worth encrypting), some of which may put your life in danger[*]. This, combined with the point above, is the reason my opposition is not strong, but it's also another argument why Mutt doesn't need the feature. That is, you simply don't need it because encrypting your e-mail is pointless in the first place. :) Obviously there will be many exceptions, but I think for the average person it's true. But, I admit, I'm off in the weeds now... =8^) -=-=- [*] Like forcing you--OR your recipients--to decrypt your e-mail at gunpoint. And worse still, if you use it when you don't need it, encryption may lead some bad actors to believe you have something worth encrypting when you don't, causing them to target you for no good reason. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpERJ3nMO5VF.pgp
Description: PGP signature
