On 12/07/13 13:38, Olav Seyfarth wrote: > Hi Stefan, > > > For signatures it is maybe not so important, but what if you get an > > important, encrypted, email? Then you will be unable to read it on your > > phone unless the sender also encrypted it with your phone key. > > sure. On the other hand, the private key isn't safe on a mobile device. It really is a matter of why you are using encryption. Random thieves would not care about reading my encrypted mail (since it really contains nothing of interest to them). Someone who did care about my mails specifically could just as easily threaten to beat me up if I didn't give them the key. Storing my key safely will not help me against that. (I also don't care about email signatures. I don't worry about that).
Personally, I'm mostly concerned with mass surveillance, so if someone happens to get my key, it doesn't matter much. What I'm hoping for is that enough people use encryption that it discourages the powers that be from even trying to implement email surveillance. That's why I try to encrypt all my mail, no matter how mundane it is (and to aid this, I'm developing a website where a user can pick her operating system and mail client, and will then be given extremely simple point by point instructions on how to make a PGP key and how to read/send encrypted mail). I don't care much about the security of a specific key. If the government manages to intercept one granny's cookie recipes it's not the end of the world. If they do it to a million grannies, then it's a much bigger deal. If you always use a complex passphrase it will discourage people from encrypting mail (because it becomes a hassle) which is contrary to my own goal. But on the other hand, I fully understand that some people actually DO need strong security for their communication, and they should use strong passphrases, smartcards etc. I guess the best combination is to have two keys: one for actually important stuff, and one for mundane stuff where it doesn't matter too much if someone gets hold of your key. Of course, if you use your key to validate your identity then you also need to keep your key secure. > IMHO that's something the user should care for himself, that's not > something > a GUI should implement. Choose a reasonable passphrase on your master > device, > distribute your key by USB flashdrive / email / dropbox / encrypted ANYbox > and change the passphrase to your needs. The UI should strive to make common use cases as simple and secure as possible. When it comes to security, the more a user has to figure out on her own, the less secure their solution usually is. Bad UI: Machine A): Go to key management. "Huh, I can only export to a file. OK, I'll use dropbox, I usually use that to share files!" Export key to your dropbox folder. (BAM, NSA et al. now have a copy of your weak key). Machine B): Go to key management, import key from your dropbox folder. Good UI: Machine A): Go to key management. "Oh, there's an option here to export my private key. Nice! Oh, it's telling me to pick a long passphrase, and I don't need to use it regularly. OK, in that case I might as well make it really long and complicated.". Send key via email. By default email contains instructions saying that the key is protected by the password you just picked, not the usual one. Machine B): Open email, import key just like normally. UI recognizes that it's a private key and asks if you want to change the password. In the first case the user had to come up with their own (insecure) solution to the problem, in the second case they were guided through the process and basically didn't need to think much for themselves. Importing a secret key is pretty rare, so asking if the user wants to change password is not too much of an extra hassle considering the improvement in usability and security (IMHO). You can even add a checkbox not to show the alert, so it would be shown only once to people who don't need it. -- Stefan Parviainen _______________________________________________ enigmail-users mailing list [email protected] https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
