Quiet in the list...
IanG
iang at systemics.com
Sat Sep 6 10:06:33 EDT 2008
Ben Laurie wrote:
> IanG wrote:
>> 2. GPG + Engimail + Thunderbird. Will never be totally robust because
>> there is too much dependency.
>
> What does this mean? GPG + Enigmail, whilst not the best architecture I
> ever heard of, is a tiny increment to the complexity of Thunderbird.
>
> Are you saying anything other than "big software has bugs"?
No, interaction between different software packages has
costs. When you spend time to load up Thunderbird, then
load up enigmail, then load up gpg ... this is more work
than just loading up Tbird and sticking with it.
Then, when a new Thunderbird comes out, you load that up and
the other packages cease to work. What do you do? Wait a
few months until the others come back into line? Or stop
using encrypted email. The masses do the latter, the geeks
might do the former.
Most people download one thing and stick to it. They follow
the automated upgrades, or don't upgrade at all. Most
people have a life other than package management. These are
the masses. For them, the softare has to work first time,
every time, all the time. And upgrade itself.
These are the target. Aiming to do security for geeks alone
is pointless, it just marks us out for special treatment.
Using gpg is evidence of your guilt. Using skype is normal,
it's just the easiest way to chat and phone.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list