At 12:54 AM -0500 11/7/00, Omri Schwarz wrote:
Both your solution and mine do the same thing on the human failings angle: they allow a mail server admin to set up a list that does encryption for everyone, so that people learn that some things are best not discussed in plaintext.
no, it really doesn't, because the message is sent to the MLM in plaintext, so it has no security at all. If you depend on the MLM to do the encryption, you might as well not encrypt, bceause anyone sniffing packets will have the data no proble. what you're doing is setting up a sense of *false* security, but you're in fact leaving things wide open. It has to be encrypted leaving the client, or it's not secure.
GPG version chauvinism is a must for such a project.
why? you want encryption endemic. Which implies abiliy to handle anyone's public key and do something reasonable with it, not just one. Otherwise, you're balkanized, and that defeats the purpose again.
In turn, that kills the MUAs. However, I don't believe good GPG handling in the MUAs is the necessary-and-sufficient part to bring this about.
If the MUAs don't support encryption, then how will users decrypt something the MLM encrypted? And if the MUA does support encryption -- the MLM doens't have to.
-- Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui@plaidworks.com) Apple Mail List Gnome (mailto:chuq@apple.com)
Be just, and fear not.