[Pine-info] getross - email privacy /security of system

[Ross]

On Mon, 6 Nov 2006, Bert Driehuis wrote:

> On Sun, 5 Nov 2006, Ryan Barrett wrote:

>

>> wow, is that true? i'd meant that they'd need to include encryption, PGP

>> style, in their base installs. outlook and thunderbird already do



> Trying to get it to work is about as much fun a getting a root canal


I never use OutlookXp other than to play around or as a test bed 
for a new server problem, a ver 5.5 is on this system, with 
encryption MS style I am sure. I imagine you are correct in your 
root canal analysis.

Not using Mozilla encryption so far, I am not familiar with it, 
but read help & usage they provide. I am sure somebody uses it or 
they would have abandoned it long ago. Mozilla is recognized by 
financial websites & prefered for most all applications at same. 
That says something. But it is not PGP / GPG as I can find out. I 
am not familiar with GPG at all. Mozilla mail works well as 
Windooz software goes, typical performance.


> Finding a certificate authority with clean hands is another challenge. 

> Would you trust one who takes $35 out of your credit card, then claims the


It seems to me another way is required for certificate authority 
or verification. I understand a little about the credit card / 
financial tranaction process, & it seems buggy in general. Too 
many complaints like yours. The services worry me. People that 
know each other should provide the verification over any paid 
service. Possibly the PGP concept of public key/verification is 
the best way. Obviously there are limits in dealing with other 
People & business.

I do not know any of you. Yet I do know People that know me, as 
do you. Would we be better protected if we established a network 
where certificate authority resides in our knowledge of each 
other, issued as public certificates?  A slow building system 
that can be controlled outside establishments?  Essentially a 
public system not only for public PGP keys, but any verification.


> PGP is great. Unfortunately, IMHO the old PGP was greater than the 

> subsequent PGP and when I had to maintain multiple copies of PGP with 

> radically different command lines just to decrypt older stuff I sort of


I understand that, & observe most serious users still encrypt 
with the DOS 2.6.2 original issue. Even copies are suspected as 
being tampered with. Anything Windoozz is immediately suspected 
as suffering with compromise.


> Crypto is not for the faint of heart. And end-users, by and large, have 

> more trust in the authorities than they have in technology, and much as I 

> distrust some authorities, the above examples do point out that the 

> technosceptical users do have an point that's rooted in fact.


There is a need for cross checks, failure is common from what I 
hear. Possibly a multiple verification system, processes 
functioning simultaneously, would help. Certainly any 
substantial financial transaction requires checks & balances.

-- 
RossARR 
---end-of-message---