Robert J. Hansen wrote: > > Maybe you should think things through, or God forbid even run a > > few tests or something before puffing your chest there Robert. > > Especially when you're in the unenviable position of potentialy > > being your own proof of concept. > > I don't know why you have such an allergy to being shown wrong. Or > why you think I do. > > It works like this: if you can find me a commonly-used IMAP client > that's this stupid, then I will welcome being shown wrong. And > really, why shouldn't I? Being wrong isn't the end of the world.
Well Robert, unless you care to further debase yourself by trying to argue the Thunderbird isn't a "commonly-used IMAP client" you've been handed the very example you're harping about. By two different people no less. It was in the part you snipped and ignored, in case you were wondering. The bottom line is this: There's probably a lot of IMAP clients out there that will by default or design write portions or whole copies of unencrypted text to a server. It really doesn't take a boat load of IQ points to realize this is the nature of IMAP. Storing pass phrases in email at all is bad idea for a number of reasons. You don't have many clues what a client does with it when it's open for one. The odds you'll inadvertantly click where you shouldn't and send an unencrypted copy some place you don't want it to go increase dramatically too. Likewise the chances of corruption or compromise at the hands of some script kiddie. If we invested a little thought in the project though we could probably come up with a few dozen reasons why mailing passwords about is a bad idea even if you have absolute control over the hardware at the end points of the encryption, let ALONE any scenario where you can't guarantee they won't be written to hardware you don't own. In the clear. :-( _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
