>The all-embedded RFC 7265 JCAL (plus JMAP etc) is surely the >future for all of you.
I get the feeling there's some scorn in that statement. I'm not trying to drag anyone else's choices; it's tough to find the right balance between "keeping up with the times" and "sticking with stuff you know that works just fine". I can only offer (when asked!) how I came to make the decisions I chose. >Unfortunately no Yubikey/-alike thing yet, so i type my harddisk >decryption key, then my password, then the password of an >additional encfs filesystem, and then have a script which loads >keys into ssh-agent aka provides decrypted versions for easy >consumation (via copy+paste or so). The browser "container" which >(actually) has passwords is special and also stores in such a one. >(Also decrypted by that script.) I can only say that my personal security is NOT designed to defend against nation-state level attacks :-) But maybe it should be? --Ken