[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Avoiding PGP

On Thu, 22 Mar 2018, Walter van Holst wrote:

On 2018-03-21 22:14, Ray Dillinger wrote:
 I'd be perfectly happy if there were never any confusion of encrypted
 mail with unencrypted mail - in fact I'd prefer to be using entirely
 different applications for private and non-private communications, and
 rest assured that the mail program not designed for security or privacy
 simply had no access whatsoever to addresses or contacts or header
 information pertaining to messages other than the plain-vanilla SMTP
 stuff it knows how to handle.

No sane person would use that application. If anything people want more integration between their modes of communication, not less. You can scream that is a wish that is bad for security till you see blue in the face.

There is such a thing as choosing insecurity while there is no such thing
as choosing security. It's a bit like eating healthy. Everyone wants their
food being safe but even the most aware person can only try to avoid food
that'll harm with no guarantee of success. People who want more integration
between their nodes of communication have already made their choice.

The separation of private and non-private communication is a necessary
step but no guarantee of security. People who don't want that separation
won't even be in the draw for private communication no matter how blue
in the face they become by demanding other people to provide security
for them.

Usability first. Without usability there is no security.

That's true and it took us a long time to learn this, but there are
solutions available that can be used without burdening the user too much.
The crucial point (apart from the initial choice) is whether these
solutions rely on a third party service or not.

The cryptography mailing list
cryptography AT metzdowd.com