Slashdot Mirror
Enigmail Standard In Mandrake 9.0
AxelTorvalds writes "The Mozilla 1.1 RPMs in Mandrake 9.0 contain the enigmail plugin. It seemlessly encrypts, signs, decrypts and authenticate email with GPG or PGP in the Mozilla Mail client. This is the first major distributor I know of to support enigmail. With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?" Update: 09/15 17:26 GMT by T : Borked link fixed.
Excellent, except as I recall, Microsoft Outlook has had this ability since the release of Windows XP... sure it's not GPG and PGP messages, but it's seamless strong encryption. I love mandrake though, and this is a great step. Good work team!
__________________________________________
Take comfort in your ignorance.
Grandmaster Plague
With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?
Of course! Because we know that the only thing holding back encrypted e-mail is the fact that Linux didn't have it built in! (rolls eyes)
Of course, the fact that it's extremely difficult (if not impossible) to make it fully automatic for the users has nothing to do with it.
Sometimes it's best to just let stupid people be stupid.
Spam I can't read!
Non impediti ratione cogitationus.
Sen:te has put together something that works seamlessly and automaticaly w. OS X's Mail.
But you are right - the lack of Linux (or Mac) support is not what has kept secure email from becoming more wide-spread.
And with the coming of quantum computing as reported in past articles, this golden age, like any, will have a definite ending point
"Hey brother Christian with your high and mighty errand / your actions speak so loud I can't hear a word you're saying"
I'd like to point out that the mozilla 1.1 ebuild in gentoo actually includes enigmail... But yes I know that it is still masked for some reason that's outside of my understanding.
freenode.net #gentoo asked me to do this.
Gentoo was the first, and yes, gentoo IS major.
-- Note: If you don't agree with me, don't bother replying. I won't read it.
"With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?"
Yes, definitely. With the three most popular e-mail clients in the world (Mozilla Mail, KMail and Evolution) all supporting encryption, I'm sure e-mail encryption will finally be the rule.
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Nope. Not until all the most popular mail clients include functionality to make it ridiculously easy for a nontechnical user to use encryption (including key generation and management), will we see commonplace encrypted email. The inclusion of an extension to mozilla on a linux distribution hardly fulfills this requirement.
What we need is a way to be able to send mail to anyone without you ISP/whatever to be able to notice. And no, just running an SMTP on your linux box isn't enough.
With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?
No. The biggest problem with public key encryption is that you can't use it on multiple computers without some way of transferring the private key. Plus you have to keep a backup of your private key somewhere outside your main computer's location, yet somewhere it will remain secure.
So, ultimately, unless you carry around a CD everywhere you go, you're probably relying on passwords in the end anyway.
Is Enigmail working?
If you celebrate Xmas, befriend me (538
"player 4 hit player 1 with 0 stroms"
Mozilla should have the ability to receive all major forms of encrypted mail as standard. (As with other formats, the "player" needs to be more widely distributed than the "authoring" program.) That will help Mozilla's market share.
I'd like to see Mozilla marketed as "the browser for business" - popup blocking, encrypted mail, spam filtering, virus blocking, etc. Contrast this with Microsoft Explorer, which is a home entertainment center whether you like it or not.
>What's next? Scrambling your voice over the
>telephone?
You really don't get the point about common-place message encryption yet.
I hope I can illustrate this in a helpful way, without appearing to condescend:
All plain-text e-mail - without encryption - can be likened in the snail-mail model, to a post-card. The message contents, sender and receiver, are all in plain view of anyone who might take a notice. At its most mundane, message cryptography can be seen as providing the equivalent of a digital envelope.
Of course, e-mail is not a postcard. In fact, the situation is better compared to sending postcards through a system which photocopies your message every time it passes through another station or container in its transit.... Oh, and every time it is photocopied, it is done by a different individuals and agencies, many of whom you may never have had any prior contact or relationship.
The desire to manage who has access to thecontent of such messages is not paranoia. If you are in the habit of sending e-mail in the context of any business, deploying encryption and certificate technologies would fall under the domain of "Due Dilligence". Not using them routinely would constitute failure to exercise "Due Care" - both of which have considerable legal and regulatory implications.
If you are an executive, a middle-manager or systems administrator, a tool like PGP now enables mail as a trusted path for exchange within your own organization sensitive information that would otherwise have to be circulated by more cumbersome means.
When you consider the wide variety of purposes for which most all people use SMTP as a transport, it is irresponsible to marginalize the use of encrypting mechanisms, or to view advocates of their use with suspicion.
Or, you can keep stapling your phone-bill to a 3x5 card! ;-)
"Flyin' in just a sweet place,
Never been known to fail..."
http://www.ietf.org/rfc/rfc2440.txt
what clients would actually need to support this for it to become really standard ?
Outlook (express)
Eudora
Lotus Notes
I cant think of any more really can you ?
regards
John Jones
This sounds all wrong but, read this and think about it.
Please, don't use encryption!!!
Please, AxelTorvalds was obviously talking about the Linux world. You could also object that he said "the first major distributor" instead of "the first major GNU/Linux distributor". What's the need for a cheap shot ?. How about being a bit nicer to other posters ?.
Thank god they follow the MIME/OpenPGP standard! Now maybe us Sylpheed users will be able to decrypt email from non-Sylpheed users without having to jump through a slew of goddamn copy-to-clipboard hoops.
Email client developers, take note. Please don't reinvent the wheel. It only slows down adoption of encryption.
Once encryption is wide spread, you will know something is spam by the fact that it wont be encrypted... Your friends and people you want to email you will have your public key to encrypt...
Im not here now... Im out KILLING pepperoni
``...are we at the dawn of that golden age when encrypted email will be commonplace?''
No, because M$ Outlook [Exress] doesn't have it enabled by default.
Please correct me if I got my facts wrong.
of encrypting your email when every time you check it, you send your password in clear text across the net. This drives me absolutely insane. Why TF do 99% of all ISP's and webhosts still use insecure authentication? Yes if you encrypt all of your emails and if everyone who ever emails you encrypts their's your a step up, but that clear text thing kinda makes it all worthless.
Why has this most glaring of all security problems not been addressed for the general public? Why Why Why Why?
Want hear something funny and typical. My webhost for my business which also does my email, requires SSH to log into my shell account to do things like upload files to changes my website etc. But I have to use the same fricking logon and password to check my email. Does that make any sense at all? I'd out them right now so you would know not to use them but I don't want my website cut off.
O.K. just relax.....I'm on a beach.....
If you wanna get rich, you know that payback is a bitch
hmmm... satire wire tells you not to do something. I have this sneaking suspecion that they were being sarcastic.
The point was that since encryption isnt very wide spread, weather or not an email is encrypted tells you alot... which is bad. While the content is encrypted, the headers are not, which means if someone sees that you are sending encrypted mail, they will know who is sending it and who is receiving it and will become suspecious. This is actually a very good argument for proliferation of encryption, and use of encryption on everday "boreing stuff".
Im not here now... Im out KILLING pepperoni
A mate and I tried to setup encrypted email a couple of months back. I use evolution and he uses Pine (I Think). The hardest part was setting up the public/private keys and getting all that working. We had to do that via the command line which 'end users' wouldn't find easy. Once we had done that then it is _really_ easy to use in evolution. Simply create a new email and select 'Security|PGP Encrypt' and its done. In pine the problem was reading the email I sent. my friend had to save the attachment and then decrypt it. However sending encrypted email from pine was easy.
/b
I do agree though that once it is a seamless process from setup to use then it will become more popular.
[Please type your sig here.]
Swedish-Chef Google search on enigmail.
Great news for enig, but what about the other distros? Will this news carry any weight, giving the other offerings a desire to carry enigmail?
What about ximian support?
A week ago I've downloaded the 1.1 mozilla rpm from SuSE's ftp-server. It came with enigmail included as well. So this seems to get a standard part of more distros. This is a good thing.
Evolution shipped with the last version with PGP support IIRC
-- Who is the bigger fool? The fool or the fool who follows him? --
What's this talk of a golden age? An age where we are all so paranoid that we encrypt our mail routinely? Sounds like a world ruled by fear more than anything. I for one have nothing to hide, and want no part in it.
To the best of my knowledge, PGP looks at a path you specify for the keyring files, now on windows I imagine when you stick the USB keychain disk in, it gets whatever available drive letter it gets. So them you have to go set PGP to look at the right drive.
Under linux I guess it would always mount to the same path, but how does the system know what user inserted the card? Would it mount as UID root? Thats not good. If it's formatted ext2 I guess the UIDs would have to match. But thats weak.
What i'm thinking is PGP (etc) need an API so you can press a button that says "I am going to stick in my keychain with my keyrings on it now", and when the device is detected, the system only allows PGP access to read it, and only to the current user.
Dunno if that makes sense, but the USB keychains are perfect for that sort of thing, cause your private never needs to be readily available unless you're actively using it. And then only breifly. Leaving it sitting in ~/.pgp (or "C:\Documents And Settings\Application Data\Network Associates\PGP") is just uneeded risk.
Of course, the fact that it's extremely difficult (if not impossible) to make it fully automatic for the users has nothing to do with it
Actually, while the setup is still not idiot-proof, actually using gpg in mutt is really, really easy, and works exactly the way I like. I automatically sign everything I send. mutt caches my password in memory so I don't have to type it over and over when sending a quick succession of emails. I automatically verify incoming signed emails, and download their keys if I don't have them from the keyservers automatically. Mutt gives me a status on whether the web of trust includes the key signing a letter. Dunno about encryption, since I can't find anyone else using pgp/gpg with encryption to find out with....
May we never see th
You may like Gentoo, but it sure isn't a major distro.
May we never see th
Great, PGP support is included. Now all they need to figure out is how to package enough clue inside the box so people can properly use it.
The OpenPGP and it's public keyring trust system are very complex and not something most users will ever understand. And there are so many other weak links in the chain that it just turns out to be overkill.
Anyone have ideas on how secure e-mail could be brought to the masses? Because shipping PGP is not it. PGP has been around a long, long time (in Internet years), and if there was demand, it would have taken off already.
I'm pretty happy with Mozilla Mail. It works quite well, and allows me to relax a little in Win32 when I'm opening emails. That having been said, MSIE ignores the setting for default email client in the Internet Preferences control panel, launching Outlook Express. Odd behavior, when you consider that MSIE will open the default browser (in my case, Mozilla) when a page attempts to open a new window.
are we at the dawn of that golden age when encrypted email will be commonplace?
No.
There are still two important pieces missing. Without them the non-geek will not be using encrypted email.
The first is key generation. No matter how simple of a front end you have for it, the user still has to consciously sit down and create a strong key. We all know from experience that the average user will not want to do this.
The second is even more problematic. That's key management. Where is the average user going to store their private keys? On their harddrive or on a floppy disk? And will they be conscientious participants in a web of trust?
So far most proposed methods of automated key management have been detrimental to our privacy (Clipper chip, Passport, etc). But here's one idea: create and market a USB dongle that has a write-once key that is generated during its first use (or the user could initialize it with a preexisting key). Such keys would be automatically signed by the manufacturer. It might not work, but it's something to think about.
A Government Is a Body of People, Usually Notably Ungoverned
Excellent explanation. Mod parent up!!!!
I don't think you get it. The fact is, some people (like me for instance) are not at all bothered by what you describe. I understand what you say, and actually, I don't usually mind copies of my emails sitting on servers all around the world.
Of course, I have nothing against anyone using encryption. I'd use it myself if I felt it was needed for a particular message. But I don't see ubiqitous encryption as a golden age.
If the U.K. govenment starts the monitoring and surveillance of Nationals who have made repeat visits to countries governed by suspect regiemes (Vietnam), or home to significant revolutionary guerilla movements (Peru), you would have no objection?
If -- by extra-legislative intelligence agreements -- they shared this information with unaccountable foriegn agencies in the U.S., Canada and Australia... You'd still be comfortable with that? I'm sorry if I have taken the argument closer to the "paranoia" scenario.
I take your point about "Golden Age" hyperbole. But the issues are farther reaching, by implication, than even most well-informed people are aware of.
"Flyin' in just a sweet place,
Never been known to fail..."
Your comments deserve a reply. As it happens, I am a British citizen and I have also been to both Peru and Vietnam - so I suppose that means I might be a target for surveillance... Well, that's fine by me. I have nothing to hide.
I also don't have a problem with government agencies sharing information in order to track down the real crooks. International cooperation is important. The real crooks are probably using strong encryption anyway. At least MI6 and the CIA will be able to eliminate me from their enquiries quickly 8-)
I am glad you are unconcerned by the free traffic of personal and sensitive communications into hands of unintended recipients with indeterminate motives.
I think it naive to view MI6, etc. as "Good Guys" who will accurately use this intelligence to correctly identify "Bad Guys". The historical performance by U.K. and U.S. on these counts is miserable. Sometimes the "Bad Guys" are villagers trying to clean up foreign polluters in Malaysia, or people like Nelson Mandela... I won't try to convince you further on this point. Read, and draw your own conclusions.
Even when the agenda and motive of, say MI6, are not in doubt, do you want to be Mr. Buttle from Brazil?
Oh, and the "Bad Guys" aren't generally using strong encryption. This was one of the Red Herring issues in the pseudo-intelligence speculation after 9/11. Talking Heads from "expert" think-tanks spouted these claims like mad, and started a mini craze on searching for encrypted terror communiques. Never happened. All the communications were plain text and regular phone conversations. The interviewees last week on Al Jazeereh explained clearly how coded phrases were used to pass information on open channels.
What is harmful in your attitude is that you imply there is again something criminally suspect in the casual use of encryption technologies. I refer you to my earlier post in this thread - There is potential criminal and civil liability in NOT employing encryption, when commonly available.
"Flyin' in just a sweet place,
Never been known to fail..."
So, Mr Cornelius. I seem to have underestimated you. It appears that my evil plan to hide my nefarious activities in Peru and Vietnam by publishing the information openly on the internet has badly backfired...
;-)
In all seriousness, I don't see the use of strong encryption as necessarily suspect. I think everyone should make up their own mind on that, based on their view of what they do and don't mind others knowing about themselves. I personally would only bother with it for something that I wanted to keep private. Some things are just too boring to bother keeping private
And yes, I stand corrected on the 11 Sept stuff - now you mention it I do remember hearing that codewords were used instead of encryption.
We will be waiting a very long time. There is no end to the power of inertia.
"Flyin' in just a sweet place,
Never been known to fail..."