Hello Alexander,
On Mon, 13 Nov 2000 at 15:41:42 GMT +0100 (which was 6:41 AM
where I live) witnesses say Alexander Turcic typed:
> So you are saying that only people who have in general sensitive data
> on their computer would appreciate a feature to encrypt their mails.
This was discussed in much detail many moons ago. The general
consensus was that since there are so many different encryption needs,
it would be better for TB to stay out of the fray. As someone else
pointed out, if something goes wrong with your TB installation, there
is a good chance that you'll lose all of your encrypted mail. At
least with external solutions, the user has to assess that risk
themselves.
> See, I don't care if my roommate reads the paper I wrote on H.D.
> Thoreau, but I DO care if he reads in my mail how much my girlfriend
> misses me. And I DO care if he reads a lot of other things in my mail.
> Fact is that my mail contains the most private aspects of my life,
> more than anything else on my hard drive.
Ok, that might be true right now, but what if one of your contacts
sends you a very personal Word document or some other thing which you
might not want your roommate to read? External solutions can provide
as much flexibility as you desire.
> And here another important point: Currently The Bat offers a feature to
> "lock" (is that the best-fitting word?) your mail account, so that
> without a password another user cannot "unfold" it inside The Bat.
> Excuse me, that is just exactly what Microsoft does for years:
This is what I was saying at the beginning. Windows 9x passwords are
meaningless because you can hit the cancel button to get into the
root account. TB is no better or worse.
> sell software that APPEARS to be secure. If there is really no
> desire for mail encryption, then why offer this pretence of
> protection?
I agree, TB should really warn the user that the password option
is not secure. I think the password remains important if you use the
Group mode capabilities of TB. It prevents accidental or casual
intrusion into your mail. However, you seem to need more than just
casual protection.
> AND: Unlike you assert it, it is neither impractical nor inefficient
> for The Bat to encrypt the mail files.
<snip implementation notes>
Sounds good, but what happens if a mail database gets corrupted. How
does the user recover their data? The current mechanism gets the RIT
guys off the hook for such tasks. Are there 3rd party recovery tools
that can help fix problems with this encryption scheme?
I think the other reason we're touting the 3rd party option is that
everyone seems to have their favourite encryption schemes.
But you said the one you mentioned is very easy to implement. Are there
any public domain general purpose file encryption programs that use
the encryption scheme you mentioned?
> Thanks, I feel better now :)
I hope we're not scaring you off. I am presenting some of the points
from earlier discussions on this same topic. Also, remember that the
decision was to remove *weak* encryption.
Your option of adding stronger encryption isn't exactly the same.
Also the RITlabs guys seem to be moving towards security issues with
the focus on S/MIME. So, perhaps your suggestion will fit into their
current vision.
--
Thanks for writing,
Januk Aggarwal
See header for e-mail address
Using The Bat! 1.48 Beta/6
under Windows 98 4.10 Build 2222 A
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
