Saving Opportunistic Encryption
petard
petard at freeshell.org
Wed Mar 17 07:09:54 PST 2004
a couple nitpicks on otherwise interesting points...
On Wed, Mar 17, 2004 at 09:02:17AM -0500, sunder wrote:
> Look at how many folks use PGP - those who really know it and want it, or
> those who know enough about it and have some easily automated
> implementation that plugs in to their mail client. (i.e. commercial pgp
> with Eudora/Outlook plug in. As an aside, I'm still pissed off that the
> Mozilla mail client doesn't support PGP/GPG in addition to S/MIME or
> whatever the hell..)
>
There's a well-supported extension for that: http://enigmail.mozdev.org/
Actually, plans are in the works to make S/MIME an extension as well, so
the two will soon be on equal footing.
> There are ways to protect against this such as publishing a line for the
> known-hosts entry by other means, but no one does this (yet?) (i.e:
> sneakernet, finger, web page, pgp signed/encrypted email, over the
> telephone, etc.) (Another useful thing is to use public keys for SSH
> instead of passwords: this way the attacker won't be able to reuse your
> password - but you're still compromised the second you login.)
>
Out-of-band transmission of known-hosts entries has been standard
operating procedure everywhere *I* have used ssh for the past 10 years.
I thought everyone did that.
regards,
petard
More information about the Testlist
mailing list