The back-end work for OAuth2 is pretty much there.
I have a front-end change (which pEp decided was good enough). But it
doesn't support providers other than Google and there's a few other bits
of UI that could be improved.
We are looking at re-working the account creation regardless so I expect
it'll be part of that.
We need to release the PGP/MIME stuff first because everything since
then (including my OAUTH2 work) is built on top of it :/
- Philip Whitehouse
On 2016-11-16 14:39, Tanstaafl wrote:
K-9 still doesn't even support OAUTH2 yet...
This is a MUCH higher priority than than PGP/MIME (vastly more gmail
users than PGP/MIME users)...
On 11/16/2016 5:41 AM, Philip Whitehouse <[email protected]> wrote:
On 2016-11-16 06:10, Mobile Mouse wrote:
The only insane part of this conversation is being stuck in one use
case and threat model, despite several people screaming otherwise.
I guess you haven't heard of using separate keys for encryption and
signature either...
Who would use it? We aren't spending time on a feature at most half a
dozen people will deploy at the cost of either drowning the
application
in endless options or complicating the UX.
K-9 is suffering from configuration overload as it is - 3 settings
menus
all with sub sections - hundreds of permutations. Supporting every
possible use case is not a realistic proposition.
Especially with what, half a dozen active developers?
The biggest problem with PGP/MIME is the complexity of set-up and
usage.
Adding more and more options to support every plausible way of using
it
is not helping solve that.
By all accounts there's 4.5 million keys on keyservers. Now I know, I
know, people distrust keyservers. Maybe that's not even half of all
keys.
But even if it were only 40%, meaning ~10 million keys and each key
was
a single email address (far from true) and all of those were active
(far
from true) it would be a deployment rate of 0.21%
So the biggest threat to PGP/MIME is deployment. You can talk about
potential threats all you like, but it's irrelevant because the
biggest
threat to communicate with PGP is that the user won't have a single
key.
Supporting multiple keys is therefore ridiculous at this point.
None of this doesn't mean that if the deployment rate changes the app
will accommodate it. But right now the app has far more important
priorities.
There is a reason people like Moxie wrote this:
https://moxie.org/blog/gpg-and-me/
I happen to disagree with him that PGP is pointless. He also proposes
no
solution. But there is something to be said about the community of PGP
crypto people.
- Philip Whitehouse
--
You received this message because you are subscribed to the Google Groups "K-9
Mail" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
