Slashdot Mirror
Enigmail Standard In Mandrake 9.0
AxelTorvalds writes "The Mozilla 1.1 RPMs in Mandrake 9.0 contain the enigmail plugin. It seemlessly encrypts, signs, decrypts and authenticate email with GPG or PGP in the Mozilla Mail client. This is the first major distributor I know of to support enigmail. With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?" Update: 09/15 17:26 GMT by T : Borked link fixed.
I'd like to point out that the mozilla 1.1 ebuild in gentoo actually includes enigmail... But yes I know that it is still masked for some reason that's outside of my understanding.
"With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?"
Yes, definitely. With the three most popular e-mail clients in the world (Mozilla Mail, KMail and Evolution) all supporting encryption, I'm sure e-mail encryption will finally be the rule.
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
Nope. Not until all the most popular mail clients include functionality to make it ridiculously easy for a nontechnical user to use encryption (including key generation and management), will we see commonplace encrypted email. The inclusion of an extension to mozilla on a linux distribution hardly fulfills this requirement.
What we need is a way to be able to send mail to anyone without you ISP/whatever to be able to notice. And no, just running an SMTP on your linux box isn't enough.
With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?
No. The biggest problem with public key encryption is that you can't use it on multiple computers without some way of transferring the private key. Plus you have to keep a backup of your private key somewhere outside your main computer's location, yet somewhere it will remain secure.
So, ultimately, unless you carry around a CD everywhere you go, you're probably relying on passwords in the end anyway.
The important thing is that Mozilla is cross-platform so this gives almost everyone FREE access to an email client that can do all the encryption/decryption nearly transparently.
I'd say that is indeed a big step forward.
>What's next? Scrambling your voice over the
>telephone?
You really don't get the point about common-place message encryption yet.
I hope I can illustrate this in a helpful way, without appearing to condescend:
All plain-text e-mail - without encryption - can be likened in the snail-mail model, to a post-card. The message contents, sender and receiver, are all in plain view of anyone who might take a notice. At its most mundane, message cryptography can be seen as providing the equivalent of a digital envelope.
Of course, e-mail is not a postcard. In fact, the situation is better compared to sending postcards through a system which photocopies your message every time it passes through another station or container in its transit.... Oh, and every time it is photocopied, it is done by a different individuals and agencies, many of whom you may never have had any prior contact or relationship.
The desire to manage who has access to thecontent of such messages is not paranoia. If you are in the habit of sending e-mail in the context of any business, deploying encryption and certificate technologies would fall under the domain of "Due Dilligence". Not using them routinely would constitute failure to exercise "Due Care" - both of which have considerable legal and regulatory implications.
If you are an executive, a middle-manager or systems administrator, a tool like PGP now enables mail as a trusted path for exchange within your own organization sensitive information that would otherwise have to be circulated by more cumbersome means.
When you consider the wide variety of purposes for which most all people use SMTP as a transport, it is irresponsible to marginalize the use of encrypting mechanisms, or to view advocates of their use with suspicion.
Or, you can keep stapling your phone-bill to a 3x5 card! ;-)
"Flyin' in just a sweet place,
Never been known to fail..."
To the best of my knowledge, PGP looks at a path you specify for the keyring files, now on windows I imagine when you stick the USB keychain disk in, it gets whatever available drive letter it gets. So them you have to go set PGP to look at the right drive.
Under linux I guess it would always mount to the same path, but how does the system know what user inserted the card? Would it mount as UID root? Thats not good. If it's formatted ext2 I guess the UIDs would have to match. But thats weak.
What i'm thinking is PGP (etc) need an API so you can press a button that says "I am going to stick in my keychain with my keyrings on it now", and when the device is detected, the system only allows PGP access to read it, and only to the current user.
Dunno if that makes sense, but the USB keychains are perfect for that sort of thing, cause your private never needs to be readily available unless you're actively using it. And then only breifly. Leaving it sitting in ~/.pgp (or "C:\Documents And Settings\Application Data\Network Associates\PGP") is just uneeded risk.