On 2003.06.17 09:48 John Hebert wrote: > Ray, > > Just to be technically clear and correct for those who may not know, GPG > does not provide end to end mail encryption, but only mail content > encryption. Even if you use GPG to encrypt the contents of your mail > message, it is possible for people (mail sysadmins, bad guys sniffing, etc.) > to see the message headers (mail recipient's address, etc.).
That and it stands out like a sore thumb when you only take the trouble to encrypt 1% of your mail. > > But, as others have pointed out, TLS only encrypts the connections to the > mail server. Anyone with access to your mail spool can read your unencrypted > email content. TLS is only a partial security solution and requires the user > to trust the mail server admin. Let's see, the only person with access to the mail spooler on my computer is ... me. If everyone ran their own mail and had TLS, everyone would have end to end encryption. Sure, admins here and there could see who I emailed, but that' not as important as them not getting at what I'm up to when I don't want them to know. Some people don't think that's possible or practical. They are correct only when they confine themselves to Microsoft and dial up limits. Cable now reaches the majority of US homes. There's no reason everyone could not have an always on connection with a fixed IP address. Free software is secure and has default settings that make mail work without much effort on the user's part. Oh yeah, a computer running free software is just as or more reliable than the dinky little computer that runs the cable modem itself. The only trouble with mail I've had has been from Cox being bullied into making their cable service look and act like a dial up service. > > So if you want true message security, don't use email at all. Anyone know of > a good alternative? Are there any free|OSS encrypted IM apps out there? > That is the big problem here. If you can't trust that your email is private, email loses much of it's value. I like the idea of substituting an IM program for an email program =;) It kinda shows how email could be done. Why is it that people think that it's OK to have these IM programs but not email? Why is it that people think you can secure IM but not email? Why do people think that you need a relay for mail but not IM?
