> Maybe you should think things through, or God forbid even run a > few tests or something before puffing your chest there Robert. > Especially when you're in the unenviable position of potentialy > being your own proof of concept.
I don't know why you have such an allergy to being shown wrong. Or why you think I do. It works like this: if you can find me a commonly-used IMAP client that's this stupid, then I will welcome being shown wrong. And really, why shouldn't I? Being wrong isn't the end of the world. But until you can show me an IMAP client in common use which is dumb enough to store sensitive and arbitrary data server-side, then I'm going to continue to say this is a nonissue and you shouldn't worry about it. You can also assume the existence of MUAs which, when you encrypt data, will also send an unencrypted copy to a recipient. This could be done while still being perfectly in accordance with the OpenPGP spec. And yet, we're not worried about MUAs doing it. Why? Because it's so incredibly dumb that we're going to assume people are smarter than that. The same logic applies here. Once you show me a commonly-used IMAP client that's this stupid, I'll happily admit that yes, I was wrong, and some IMAP client authors are this stupid. But until then, what's the use in fearmongering? _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
