[Users] PGP in claws

Slavko linux at slavino.sk
Fri Apr 3 11:57:27 CEST 2015 

Ahoj,

Dňa Thu, 02 Apr 2015 21:08:06 -0400 Mike Miskulin
<mike.miskulin at leadingordersolutions.com> napísal:

> 
> On 4/2/2015 5:36 PM, Brian Morrison wrote:
> > On Thu, 2 Apr 2015 12:29:30 -0700
> > Chad Wallace <cwallace at lodgingcompany.com> wrote:
> >
> >>> That's fine, if the OP had mentioned doing something like that I
> >>> would not have commented, he gave the impression that he only
> >>> wanted his emails encrypted in transit.
> >> Even unencrypted, your local computer is much more secure than an
> >> email being sent through the internet.  It's physically secured:
> >> in your office or your home, behind a door that can be locked, and
> >> in a place that is regularly visited by only so many people.
> > Yes, and subject to variable legal protection against forced
> > decryption depending on where you live. Some people have laws that
> > actually protect their privacy, others have laws that allow LEAs to
> > do pretty much what they like.
> >
> > It's wise to decide what you are protecting against and take the
> > appropriate action to control your own data.
> >
> Just want to make two comments on this thread:
> 
> a) A local computer really should not be considered "much more
> secure" than the message transiting the internet as more and more
> email goes by TLS server to server connection.  Even the days of
> going through many unrelated servers are mostly past.
> 

I want to comment this:

a1) no one can guarantee, that whole SMTP path is encrypted, because
STARTTLS is not MUST property by the RFC, then there can be
(intermediate) servers without STARTTLS support (this is not a case of
POPS/IMAPS)

a2) SMTPS as standard was rejected cca 10 years ago and STARTTLS does
not provide MItM attack protection (eg. SMTP server without STARTTLS
support again), (and again this is not a case of POPS/IMAPS)

a3) messages are processed by the SMTP servers in unencrypted form (we
really believe that all administrators/providers are decent?)

a4) messages are temporary (in some cases for long time) stored on mail
(POP/IMAP) servers unencrypted (again, we really believe that all
administrators/providers are decent?)

Then encrypted mail transfer (SMTP + STARTTLS) cannot be considered as
secure, despite it is a more secure than unencrypted transfer at all.
Home computer **CAN** be more secure, because there is a lot fever
possibility to access it, than message on the path and/or message
stored on the remote server, although of course you are right -- that
computer is placed at home **IS NOT** a sign, that it **MUST** be more
secure. I know some computers about which i can tell, that
unencrypted SMTP transfer can be secure than these computers ;-)

Please, don't forget, that not all messages need the same security
level: some needs to be encrypted for whole storage time (i have only
few), some need to be encrypted only for some time (i mostly delete
them after this time), some not need the encryption at all (e.g. this
message) and some (for me they are most of encrypted messages) need
encryption only while transfer (to prevent a1 - a4 above) and store
them encrypted is only annoying for me. IMO, anybody must to decide
needed security level for particular message by himself.

Let me to give simple example:

I daily get encrypted messages from my server(s), with my login name in
body (not in headers, email servers tweaked) and i don't want to
anybody in the public internet can read it, then i decide to send them
encrypted by the OpenPGP. Is here advantage? Sure, i see -- to know the
login name is 50 % of the success login. But these login names are
stored in my ~/.ssh/config, which cannot be stored encrypted (only in
encrypted storage) because ssh need to read it. Then what advantage is
for me to store these mails encrypted locally? I see no one, only
annoying impossibility to filter these messages by the message body...
For me it sounds as security by obscurity, and this is known as not
working.

> b) There is a significant additional benefit to keeping messages 
> encrypted even on an encrypted hard drive - they are not vulnerable
> to malware.  Assuming strong encryption with good key management,
> those emails are safe and unusable.

Please, don't forget that:

c) it is not possible to automatize email processing (filtering,
post/preprocessing, etc) by the message body of encrypted messages

d) you need to maintain old keys for decrypting old messages (e.g. i am
in the process to replace the old short DSA master key now, but before
i need to decide what with old encrypted things, some things can be
simple reencrypted (e.g. PGP/Inline), some deleted, but what with
needed PGP/MIME mails? (rhetorical question) I don't want to maintain
old keys!)

My opinion is, that CM does PGP things in good way, only missing
feature (for me) is simple way to store encrypted messages in
decrypted form. I have it partially solved by the custom action/script).
Partially only, because my action serves only PGP/Inline messages and
because the encrypted icon stays in message list. But i can live with
these ;-)

Or i am missing something?

regards

-- 
Slavko
http://slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: Digitálny podpis OpenPGP
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20150403/68e53b95/attachment.sig>

More information about the Users mailing list