[FORGED] Re: [FORGED] Re: UK To Ban Crypto In Devices, Email And More

[Razer]

On 11/08/2015 11:34 AM, oshwm wrote:
> So...
>
> Click on the little options button (three lines) at the top right of
> Thunderbird.
> Hover over Enigmail and click on Key Management.
> A list of local copies of keys will appear, including my own private ones.
> I double click on my key to show the details about it.
> This includes the creation date of 23/07/15.
>
> Well, that was quite simple, its almost as if someone created a not
> perfect but workable User Interface called Enigmail - it even has a
> Wizard for creating new keys and configuring Thunderbird.
>
> It's gets more tricky if you have multiple email accounts in Thunderbird
> but not prohibitively so.
>
> It's not created by Apple so the shiny things fanboi's will hate it.
>
> That seems easy enough though that even a Windows user could manage it.
>
> The tough bit is understanding crypto but with analogies about keys and
> shit then most people only need a superficial understanding of how to
> USE GPG rather than Prime Numbery stuff - they should be able to cope.
>
>


I include my public key as a signature. I DO NOT give out the password
to decode messages sent under that sig, nor would I find it efficacious
to do so with a separate encrypt-for-a-PUBLIC-list key.

It makes no sense whatsoever to encrypt messages to a public listserv.

RR

> On 08/11/15 18:58, oshwm wrote:
>>
>> On 08/11/15 13:41, Joseph Gentle wrote:
>>> On Sun, Nov 8, 2015 at 7:45 PM, oshwm <oshwm at openmailbox.org> wrote:
>>>> On 08/11/15 08:40, Peter Gutmann wrote:
>>>>> oshwm <oshwm at openmailbox.org> writes:
>>>>>
>>>>>> Can GPG be easier to use, I think so, is it too difficult to use by ordinary
>>>>>> people - no, they're just too fucking lazy and lack motivation.
>>>>> ... and this is pretty much the poster child for why we have so much unusable
>>>>> crypto today.
>>>>>
>>>> Or, why we have such a fucking retarded human race with the attention
>>>> span of a knat who expect everything to be given to them on a plate.
>>>> People have to stop being lazy and start taking an interest and
>>>> responsibility for what goes on in the world around them - your point of
>>>> view re-inforces the dumbing down of the population and the increase in
>>>> power of the Government and big Corps.
>>> Even if thats all true, its still also true that nobody is using PGP.
>>> Its easier to make a slick UI than convince people to do work. Is it
>>> so much to ask that people who make software try to make life easy for
>>> their users?
>>>
>> Slick UI would be cool, just a shame that's being used as an excuse by
>> ppl who can't be arsed to do a bit of work.
>> What's the excuse once it has a nice UI?
>>
>> As for nobody is using PGP, I think that may be a little overstated -
>> what you mean is nobody who doesn't give a fuck about privacy is using it.
>>
>>> For all your talk of doing hard work oshwm, it looks like you only
>>> created that PGP key yesterday:
>>> $ gpg --list-packets signature.asc
>>> hashed subpkt 2 len 4 (sig created 2015-11-08) [...]
>> except the key has been around for quite some time, I did re-sync with
>> the sks servers yesterday.
>>
>>> And as far as I can tell it hasn't been signed by anyone. At least I
>>> think so - after 15 minutes fighting with gpg I still can't find your
>>> actual key and I ran out of care.
>>>
>> No, it hasn't been signed by anyone as I don't have any friends in real
>> life who give two shits about security as I mix with non-techies offline.
>> This is not a difficulty issue, I can't even begin to talk about
>> encryption with them without them changing the issue to great subjects
>> such as what was on telly last night.
>>
>>> ... Which leads me into my second point, which is that here in 2015
>>> PGP is a terrible technical solution. It doesn't encrypt metadata
>>> (which is a non-starter these days - who you communicate with is some
>>> of the *most* valuable personal data for the NSA). It also leaks
>>> information about who signed your key. That means either:
>>>
>> Oh yeh, some bright spark came up with STARTTLS for encrypting comms
>> with mail servers but made it optional, not a GPG issue.
>> However, the metadata issue a big problem for everyone who connects to a
>> server that isn't owned by them and I suspect really requires a new mail
>> protocol to resolve.
>>
>>> - Your key gets signed by your friends, so now your friend network public
>>> or
>>> - Emails with PGP are provably from you, in a way that can be traced
>>> back to physically witnessed government ID.
>>>
>> 1) friend network - can't be avoided if you want a system for vouching
>> for email sender authenticity.
>> 2) That's part of what PGP is about - sender authenticity. My PGP is not
>> attached to a Gov Issued ID.
>>
>>> ... Or both! Personally I would rather the possibility of forgery than
>>> either of those outcomes.
>>>
>>> -J
>>>
>>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151108/d526e56c/attachment-0002.sig>