On Wed, Mar 17, 2004 at 03:09:54PM +0000, petard wrote:

There's a well-supported extension for that: http://enigmail.mozdev.org/ Actually, plans are in the works to make S/MIME an extension as well, so the two will soon be on equal footing.

PGP/GPG has failed to protect the bulf of email for same reason as FreeS/WAN failed to protect the bulk of TCP/IP traffic. In comparison, opportunistic encryption via StartTLS has been a modest success, simply because it's so easy to deploy at MTA level (it would be a lot more successfull, if postfix/exim/qmail shipped with working StartTLS, or at least apt-get install yourMTAhere-tls would set up the certs and config properly). Purists would scoff that plaintext is default fallback, hence initial key setup easily disruptable, and MITM, and whatnot. However, if keys are cached, key changes and sudden reverts to plain for known hosts are logged, and key fingerprints for hosts crosscorellated, potential meddling becomes far easier to detect, and if only after the fact. Passive taps are easy, stealthy active traffic manipulation, on a large scale? Could as well look out for fecal precipitation from porcine aviation. Should it happen, upgrading to a web of trust is always an option. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]