30 Apr
2018
30 Apr
'18
11:33 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
William Morder wrote:
I think that's what I said. There are two (or
maybe three) different
issues here, which it seems are getting conflated by how we keep talking
about it. Number 1 is encrypting our own emails sent by TDE's version of
Kmail, using our own private keys. Number 2 is using an encrypted email
service, which not only encrypts emails in transit, but also encrypts
everything on the server, as well as Number 3, (which was pointed out by
others) encrypting headers, addresses, etc.
How does this would differ in terms of security compared to SSL/TLS?
The mail servers already use TLS.
If you don't control the private key, you don't control the readers, so IMO
it is not a point
My own problem is that I have correspondents who talk
about wanting to use
encryption, but don't seem to know how to do it. I can send encrypted
emails, but they don't seem to be able to read them. They can send
encrypted emails, but then I can't read them. And those who claim to know
what they are doing are generally too busy to spend time on getting it
right.
Not only your problem, but we can not force anyone to use something - if
they want, they can. If they can not - they don't want. My personal
experience shows that people that really need it, also use it.
So perhaps a few of us (here on the TDE list) could
work this out among
themselves, if they can find somebody that they trust?
This is the point. When you really want to trust someone, you probably would
meet him/her and exchange keys face to face. Anything else is somehoe
dubious - but can also work if the one can confirm his/her key.
The point is that the verification can not be replaced by a machine or
application. You and only you are entitled to mark the key as trusted.
I include my signature on purpose now. It does not make any sense to encrypt
messages destined to the user group. But this is an example.
Otherwise, you have right there the need for using
ProtonMail or a similar
email service.
I still don't see any advantage, except that the server is secure and not
under US or EU law. Which means the probability to shut it down, or
confiscate it, like it happened in US is much lower.
regards
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQSgzx3AlTPl6H9U20Dx7rjNn7FqUAUCWub+/gAKCRDx7rjNn7Fq
UJzZAP0ahKVER7GS7HZYP1q2Yx5uIbvIiq032AbgYm1CNv8WxQD9Hp0nriwEgbH5
UEwG7OtuQqSKsoEyvs4i0bewQDgaFJw=
=hs/W
-----END PGP SIGNATURE-----