Enigmail Standard In Mandrake 9.0

AxelTorvalds writes "The Mozilla 1.1 RPMs in Mandrake 9.0 contain the enigmail plugin. It seemlessly encrypts, signs, decrypts and authenticate email with GPG or PGP in the Mozilla Mail client. This is the first major distributor I know of to support enigmail. With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?" Update: 09/15 17:26 GMT by T : Borked link fixed.

Gentoo ships enigmail with moz1.1

[Tester]

I'd like to point out that the mozilla 1.1 ebuild in gentoo actually includes enigmail... But yes I know that it is still masked for some reason that's outside of my understanding.

Golden Age Ahead

[RPoet]

"With this and Evolution and Kmail both supporting GPG and PGP are we at the dawn of that golden age when encrypted email will be commonplace?"

Yes, definitely. With the three most popular e-mail clients in the world (Mozilla Mail, KMail and Evolution) all supporting encryption, I'm sure e-mail encryption will finally be the rule.

Re:No.

[Jeremiah+Cornelius]

> No. Because we are not all paranoid?

>What's next? Scrambling your voice over the
>telephone?

You really don't get the point about common-place message encryption yet.

I hope I can illustrate this in a helpful way, without appearing to condescend:

All plain-text e-mail - without encryption - can be likened in the snail-mail model, to a post-card. The message contents, sender and receiver, are all in plain view of anyone who might take a notice. At its most mundane, message cryptography can be seen as providing the equivalent of a digital envelope.

Of course, e-mail is not a postcard. In fact, the situation is better compared to sending postcards through a system which photocopies your message every time it passes through another station or container in its transit.... Oh, and every time it is photocopied, it is done by a different individuals and agencies, many of whom you may never have had any prior contact or relationship.

The desire to manage who has access to thecontent of such messages is not paranoia. If you are in the habit of sending e-mail in the context of any business, deploying encryption and certificate technologies would fall under the domain of "Due Dilligence". Not using them routinely would constitute failure to exercise "Due Care" - both of which have considerable legal and regulatory implications.

If you are an executive, a middle-manager or systems administrator, a tool like PGP now enables mail as a trusted path for exchange within your own organization sensitive information that would otherwise have to be circulated by more cumbersome means.

When you consider the wide variety of purposes for which most all people use SMTP as a transport, it is irresponsible to marginalize the use of encrypting mechanisms, or to view advocates of their use with suspicion.

Or, you can keep stapling your phone-bill to a 3x5 card! ;-)

Re:No

[Alan]

This is where those little USB keychain hard drives will become useful... just carry it around with all your other "keys" :)

Excellent Idea, but it needs more work

[tweakt]

YES! I've been wanting to do this. It makes me wish that there was a way to better integrate the concept with things like PGP/GPG, etc.

To the best of my knowledge, PGP looks at a path you specify for the keyring files, now on windows I imagine when you stick the USB keychain disk in, it gets whatever available drive letter it gets. So them you have to go set PGP to look at the right drive.

Under linux I guess it would always mount to the same path, but how does the system know what user inserted the card? Would it mount as UID root? Thats not good. If it's formatted ext2 I guess the UIDs would have to match. But thats weak.

What i'm thinking is PGP (etc) need an API so you can press a button that says "I am going to stick in my keychain with my keyrings on it now", and when the device is detected, the system only allows PGP access to read it, and only to the current user.

Dunno if that makes sense, but the USB keychains are perfect for that sort of thing, cause your private never needs to be readily available unless you're actively using it. And then only breifly. Leaving it sitting in ~/.pgp (or "C:\Documents And Settings\Application Data\Network Associates\PGP") is just uneeded risk.