Re: [Geary] GPG/OpenPGP support

On Fri, Jan 30, 2015 at 3:57 PM, J. R. Schmid <jrs weitnahbei de> wrote:
I'm trying to keep the amount of accounts I open on the internet as low
as possible, so I'll respond here once more.

Understandable. Eventually we'll figure out how to make bug trackers work without requiring accounts, I hope.

For me personally, it's about being able to encrypt messages, though
In what way that would be implemented (inline PGP, PGP/MIME,
S/MIME, whatever) I don't really care as long as it "just works"
(including HTML and attachments, as I understand that these seem to be distinct topics).

I don't think you can make HTML and attachments work with inline PGP, so this probably means PGP/MIME or S/MIME. But "just works" is tricky -- do we just support one and hope your recipient also supports that? Do we support both and make you choose each time you send? Keep track of your last choice and use that one? What about multiple recipients? Does "just works" include you being able to read this email in your "Sent" folder? How do we do that with servers that automatically populate your sent mail for you?

I notice that you didn't include "receiving encrypted email" as a requirement. Is that not important, or is it assumed under "just works"?

I'm not expecting you, or anyone, to answer all of these questions. This is more to illustrate the complexity we face and show why we're not jumping on this straight away. We need to spec out quite a bit before we can start attacking it.

One thing that might help us is to learn how other clients deal with these sorts of problems. If you're familiar with some, please comment here or on the bug. If it turns out everyone supports PGP/MIME, for example, we should probably do that as well.

(instead of sending them through the internet as postcards everybody who wants to can take a look at)

This is getting a rather of topic, but nowadays email is usually encrypted end-to-end at the transport layer. (And if your mail provider isn't doing this, get yourself a new provider!) The people who can just take a look at your email are your email provider and your recipient's email provider. If you don't trust them, why are you trusting them to deliver the email you sent?

I'm not saying it's not a good idea encrypt your email as a second line of defense. But worrying that "everybody" can read your email today is going a bit far.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]