On Mon, Oct 17, 2011 at 05:50:42PM -0600, Aaron Toponce wrote: [snip] > At any rate, I would love to see more client-to-client encryption in email. > I've always wondered if there could be an "OTR" approach to mail, somehow, > so people don't need to generate and manage their own sets of keys, as that > seems to be the largest hinderence to widespread adoption. The only thing > the user should do, is compose the mail, hit send, and everything is > handled with very minimal user interaction.
"Three can keep a secret, if two of them are dead." If your computer holds the ultimate secret, anyone who can control the computer can use that secret. The user *must* be actively involved. We can remove *needless* complexity, but security could be said to be the art of *introducing* specific complexity that's a lot worse for the attacker than it is for you. It can't be automagical. Anyway, key generation is already automated. All you have to do is (1) choose to employ crypto, and (2) supply a passphrase that you can remember. There are even methods and tools to help you do (2)! To be secure without being involved in the process is an unreasonable expectation which can never be met. We need to teach our kids to expect to protect themselves online the same way we teach them to look both ways before crossing the street. Probably at the same age. Otherwise they'll grow up to believe the hype that you can buy security the same as buying bread. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgprweGHynQeD.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
