[Cryptography] Avoiding PGP

Ralf Senderek crypto at senderek.ie
Fri Mar 23 02:25:35 EDT 2018



On Thu, 22 Mar 2018, Walter van Holst wrote:

> On 2018-03-21 22:14, Ray Dillinger wrote:
>>  I'd be perfectly happy if there were never any confusion of encrypted
>>  mail with unencrypted mail - in fact I'd prefer to be using entirely
>>  different applications for private and non-private communications, and
>>  rest assured that the mail program not designed for security or privacy
>>  simply had no access whatsoever to addresses or contacts or header
>>  information pertaining to messages other than the plain-vanilla SMTP
>>  stuff it knows how to handle.
>
> No sane person would use that application. If anything people want more 
> integration between their modes of communication, not less. You can scream 
> that is a wish that is bad for security till you see blue in the face.

There is such a thing as choosing insecurity while there is no such thing
as choosing security. It's a bit like eating healthy. Everyone wants their
food being safe but even the most aware person can only try to avoid food
that'll harm with no guarantee of success. People who want more integration
between their nodes of communication have already made their choice.

The separation of private and non-private communication is a necessary
step but no guarantee of security. People who don't want that separation
won't even be in the draw for private communication no matter how blue
in the face they become by demanding other people to provide security
for them.



> Usability first. Without usability there is no security.

That's true and it took us a long time to learn this, but there are
solutions available that can be used without burdening the user too much.
The crucial point (apart from the initial choice) is whether these
solutions rely on a third party service or not.



     --ralf


More information about the cryptography mailing list