[Pine-info] getross - email privacy /security of system
bq550 at scn.org
Tue Nov 7 13:28:42 PST 2006
On Mon, 6 Nov 2006, Bert Driehuis wrote:
> On Sun, 5 Nov 2006, Ryan Barrett wrote:
>> wow, is that true? i'd meant that they'd need to include encryption, PGP
>> style, in their base installs. outlook and thunderbird already do
> Trying to get it to work is about as much fun a getting a root canal
I never use OutlookXp other than to play around or as a test bed
for a new server problem, a ver 5.5 is on this system, with
encryption MS style I am sure. I imagine you are correct in your
root canal analysis.
Not using Mozilla encryption so far, I am not familiar with it,
but read help & usage they provide. I am sure somebody uses it or
they would have abandoned it long ago. Mozilla is recognized by
financial websites & prefered for most all applications at same.
That says something. But it is not PGP / GPG as I can find out. I
am not familiar with GPG at all. Mozilla mail works well as
Windooz software goes, typical performance.
> Finding a certificate authority with clean hands is another challenge.
> Would you trust one who takes $35 out of your credit card, then claims the
It seems to me another way is required for certificate authority
or verification. I understand a little about the credit card /
financial tranaction process, & it seems buggy in general. Too
many complaints like yours. The services worry me. People that
know each other should provide the verification over any paid
service. Possibly the PGP concept of public key/verification is
the best way. Obviously there are limits in dealing with other
People & business.
I do not know any of you. Yet I do know People that know me, as
do you. Would we be better protected if we established a network
where certificate authority resides in our knowledge of each
other, issued as public certificates? A slow building system
that can be controlled outside establishments? Essentially a
public system not only for public PGP keys, but any verification.
> PGP is great. Unfortunately, IMHO the old PGP was greater than the
> subsequent PGP and when I had to maintain multiple copies of PGP with
> radically different command lines just to decrypt older stuff I sort of
I understand that, & observe most serious users still encrypt
with the DOS 2.6.2 original issue. Even copies are suspected as
being tampered with. Anything Windoozz is immediately suspected
as suffering with compromise.
> Crypto is not for the faint of heart. And end-users, by and large, have
> more trust in the authorities than they have in technology, and much as I
> distrust some authorities, the above examples do point out that the
> technosceptical users do have an point that's rooted in fact.
There is a need for cross checks, failure is common from what I
hear. Possibly a multiple verification system, processes
functioning simultaneously, would help. Certainly any
substantial financial transaction requires checks & balances.
More information about the Pine-info