Slashdot Mirror
Enigmail Standard In Mandrake 9.0
AxelTorvalds writes "The Mozilla 1.1 RPMs in Mandrake 9.0 contain the enigmail plugin. It seemlessly encrypts, signs, decrypts and authenticate email with GPG or PGP in the Mozilla Mail client. This is the first major distributor I know of to support enigmail. With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?" Update: 09/15 17:26 GMT by T : Borked link fixed.
With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?
Of course! Because we know that the only thing holding back encrypted e-mail is the fact that Linux didn't have it built in! (rolls eyes)
Of course, the fact that it's extremely difficult (if not impossible) to make it fully automatic for the users has nothing to do with it.
Sometimes it's best to just let stupid people be stupid.
The thing holding up encryption isn't Mandrake, or Linux, or the NSA. It's making it easy for my mom to use when she sends me a hoax chain letter from her AOL account, promising me that Bill Gates is going to send me $500 if I forward it to all my friends too.
Seriously, though, it's the least common denominator. Maybe with the adoption of DNSSEC and SMTP extensions we can eventually have pseudo end-to-end encryption handled by the mail servers themselves. But until the more common email clients perform encryption on their own, no pgp keys to import, etc., don't look for my mom to start using it.
And with the coming of quantum computing as reported in past articles, this golden age, like any, will have a definite ending point
"Hey brother Christian with your high and mighty errand / your actions speak so loud I can't hear a word you're saying"
its only masked because we are in a feeature freazee pendin the release of gentoo 1.4
Regards
Nope. Not until all the most popular mail clients include functionality to make it ridiculously easy for a nontechnical user to use encryption (including key generation and management), will we see commonplace encrypted email. The inclusion of an extension to mozilla on a linux distribution hardly fulfills this requirement.
What we need is a way to be able to send mail to anyone without you ISP/whatever to be able to notice. And no, just running an SMTP on your linux box isn't enough.
With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?
No. The biggest problem with public key encryption is that you can't use it on multiple computers without some way of transferring the private key. Plus you have to keep a backup of your private key somewhere outside your main computer's location, yet somewhere it will remain secure.
So, ultimately, unless you carry around a CD everywhere you go, you're probably relying on passwords in the end anyway.
Mozilla should have the ability to receive all major forms of encrypted mail as standard. (As with other formats, the "player" needs to be more widely distributed than the "authoring" program.) That will help Mozilla's market share.
I'd like to see Mozilla marketed as "the browser for business" - popup blocking, encrypted mail, spam filtering, virus blocking, etc. Contrast this with Microsoft Explorer, which is a home entertainment center whether you like it or not.
>What's next? Scrambling your voice over the
>telephone?
You really don't get the point about common-place message encryption yet.
I hope I can illustrate this in a helpful way, without appearing to condescend:
All plain-text e-mail - without encryption - can be likened in the snail-mail model, to a post-card. The message contents, sender and receiver, are all in plain view of anyone who might take a notice. At its most mundane, message cryptography can be seen as providing the equivalent of a digital envelope.
Of course, e-mail is not a postcard. In fact, the situation is better compared to sending postcards through a system which photocopies your message every time it passes through another station or container in its transit.... Oh, and every time it is photocopied, it is done by a different individuals and agencies, many of whom you may never have had any prior contact or relationship.
The desire to manage who has access to thecontent of such messages is not paranoia. If you are in the habit of sending e-mail in the context of any business, deploying encryption and certificate technologies would fall under the domain of "Due Dilligence". Not using them routinely would constitute failure to exercise "Due Care" - both of which have considerable legal and regulatory implications.
If you are an executive, a middle-manager or systems administrator, a tool like PGP now enables mail as a trusted path for exchange within your own organization sensitive information that would otherwise have to be circulated by more cumbersome means.
When you consider the wide variety of purposes for which most all people use SMTP as a transport, it is irresponsible to marginalize the use of encrypting mechanisms, or to view advocates of their use with suspicion.
Or, you can keep stapling your phone-bill to a 3x5 card! ;-)
"Flyin' in just a sweet place,
Never been known to fail..."
of encrypting your email when every time you check it, you send your password in clear text across the net. This drives me absolutely insane. Why TF do 99% of all ISP's and webhosts still use insecure authentication? Yes if you encrypt all of your emails and if everyone who ever emails you encrypts their's your a step up, but that clear text thing kinda makes it all worthless.
Why has this most glaring of all security problems not been addressed for the general public? Why Why Why Why?
Want hear something funny and typical. My webhost for my business which also does my email, requires SSH to log into my shell account to do things like upload files to changes my website etc. But I have to use the same fricking logon and password to check my email. Does that make any sense at all? I'd out them right now so you would know not to use them but I don't want my website cut off.
O.K. just relax.....I'm on a beach.....
If you wanna get rich, you know that payback is a bitch
What's this talk of a golden age? An age where we are all so paranoid that we encrypt our mail routinely? Sounds like a world ruled by fear more than anything. I for one have nothing to hide, and want no part in it.
To the best of my knowledge, PGP looks at a path you specify for the keyring files, now on windows I imagine when you stick the USB keychain disk in, it gets whatever available drive letter it gets. So them you have to go set PGP to look at the right drive.
Under linux I guess it would always mount to the same path, but how does the system know what user inserted the card? Would it mount as UID root? Thats not good. If it's formatted ext2 I guess the UIDs would have to match. But thats weak.
What i'm thinking is PGP (etc) need an API so you can press a button that says "I am going to stick in my keychain with my keyrings on it now", and when the device is detected, the system only allows PGP access to read it, and only to the current user.
Dunno if that makes sense, but the USB keychains are perfect for that sort of thing, cause your private never needs to be readily available unless you're actively using it. And then only breifly. Leaving it sitting in ~/.pgp (or "C:\Documents And Settings\Application Data\Network Associates\PGP") is just uneeded risk.
Great, PGP support is included. Now all they need to figure out is how to package enough clue inside the box so people can properly use it.
The OpenPGP and it's public keyring trust system are very complex and not something most users will ever understand. And there are so many other weak links in the chain that it just turns out to be overkill.
Anyone have ideas on how secure e-mail could be brought to the masses? Because shipping PGP is not it. PGP has been around a long, long time (in Internet years), and if there was demand, it would have taken off already.