Re: [Geary] GPG/OpenPGP support
- From: Robert Schroll <rschroll gmail com>
- To: "J. R. Schmid" <jrs weitnahbei de>
- Cc: geary-list gnome org
- Subject: Re: [Geary] GPG/OpenPGP support
- Date: Fri, 30 Jan 2015 20:08:40 -0500
On Fri, Jan 30, 2015 at 3:57 PM, J. R. Schmid <jrs weitnahbei de> wrote:
I'm trying to keep the amount of accounts I open on the internet as
low
as possible, so I'll respond here once more.
Understandable. Eventually we'll figure out how to make bug trackers
work without requiring accounts, I hope.
For me personally, it's about being able to encrypt messages, though
[...]
In what way that would be implemented (inline PGP, PGP/MIME,
S/MIME, whatever) I don't really care as long as it "just works"
(including HTML and attachments, as I understand that these seem to
be distinct topics).
I don't think you can make HTML and attachments work with inline PGP,
so this probably means PGP/MIME or S/MIME. But "just works" is tricky
-- do we just support one and hope your recipient also supports that?
Do we support both and make you choose each time you send? Keep track
of your last choice and use that one? What about multiple recipients?
Does "just works" include you being able to read this email in your
"Sent" folder? How do we do that with servers that automatically
populate your sent mail for you?
I notice that you didn't include "receiving encrypted email" as a
requirement. Is that not important, or is it assumed under "just
works"?
I'm not expecting you, or anyone, to answer all of these questions.
This is more to illustrate the complexity we face and show why we're
not jumping on this straight away. We need to spec out quite a bit
before we can start attacking it.
One thing that might help us is to learn how other clients deal with
these sorts of problems. If you're familiar with some, please comment
here or on the bug. If it turns out everyone supports PGP/MIME, for
example, we should probably do that as well.
(instead of sending them through the internet as postcards everybody
who wants to can take a look at)
This is getting a rather of topic, but nowadays email is usually
encrypted end-to-end at the transport layer. (And if your mail
provider isn't doing this, get yourself a new provider!) The people
who can just take a look at your email are your email provider and your
recipient's email provider. If you don't trust them, why are you
trusting them to deliver the email you sent?
I'm not saying it's not a good idea encrypt your email as a second line
of defense. But worrying that "everybody" can read your email today is
going a bit far.
Robert
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
