Saving Opportunistic Encryption

petard petard at freeshell.org
Wed Mar 17 07:09:54 PST 2004


a couple nitpicks on otherwise interesting points...

On Wed, Mar 17, 2004 at 09:02:17AM -0500, sunder wrote:
> Look at how many folks use PGP - those who really know it and want it, or 
> those who know enough about it and have some easily automated 
> implementation that plugs in to their mail client. (i.e. commercial pgp 
> with Eudora/Outlook plug in.  As an aside, I'm still pissed off that the 
> Mozilla mail client doesn't support PGP/GPG in addition to S/MIME or 
> whatever the hell..)
>
There's a well-supported extension for that: http://enigmail.mozdev.org/
Actually, plans are in the works to make S/MIME an extension as well, so
the two will soon be on equal footing.
 
> There are ways to protect against this such as publishing a line for the 
> known-hosts entry by other means, but no one does this (yet?)  (i.e: 
> sneakernet, finger, web page, pgp signed/encrypted email, over the 
> telephone, etc.)   (Another useful thing is to use public keys for SSH 
> instead of passwords: this way the attacker won't be able to reuse your 
> password - but you're still compromised the second you login.)
> 
Out-of-band transmission of known-hosts entries has been standard
operating procedure everywhere *I* have used ssh for the past 10 years.
I thought everyone did that.


regards,

petard





More information about the cypherpunks-legacy mailing list