Cryptography Reference
In-Depth Information
reading more about disillusionment, read the magazine article [Wobmail2] (also
online at
www.lanline.de
).
The Technical Side of the Problem
...
When PGP emerged, computer users were real gurus, and the Internet was used
by a restricted 'elite'. People had a permanent email address, and attachments
were unheard of. Without wanting to make it sound like a reproach — this
concept still sticks on OpenPGP.
For example, I think it's a conceptual mistake
to permanently bind a mail
address to a public key
(there is no logical reason for it). The mail address can
be changed, but only by its owner, and then she has to ensure that the changed
key is distributed somehow or other. This is as difficult and unreliable in the
Web of Trust as key revocation. In practice, Alice wants to send a PGP mail
to Bob's private mail address, but her mail program says that it cannot find a
key for that address. This is in order, because mail programs manage identities
on mail addresses and not on the key-IDs of public keys. It is not in order
that many mailers cannot handle this simple problem. From the mailers tested
on Linux (Pine, Mutt, Kmail, Mozilla with Enigmail), only Kmail handled the
task reasonably: it let me store the 'mail address-to-key' allocation. However,
I had to put the key on the highest trust level within the Web of Trust to be
able to encrypt at all, which is a conceptual error.
Another problem relates to the
incompatibility between Inline-PGP and PGP/
MIME
. The first of these two formats is the one used in PGP 2.6, which encrypts
only the mail body itself. The second of these two formats is the 'answer' of
OpenPGP to S/MIME. It also encrypts attachments. However, only very few
mailers can handle PGP/MIME, or they understand only one of the two formats
by default. For example, Pine (as well as the WinPT plugin of Windows) can
process only Inline-PGP, while Mutt deals only with PGP/MIME and gives the
average user who wants to use Inline-PGP a hard time.
Things look a little better when it comes to the
compatibility between GnuPG
and PGP
. GnuPG users should set
-openpgp
for encryption to make sure they
won't use algorithms and other extras that only GnuPG knows. Mail traffic will
then work nicely, at least it did with one of my readers of the Polish edition
of this topic. The thing is you first have to notice the problem.
Much more critical is the
incompatibility of the two OpenPGP and S/MIME
worlds
. GnuPG 2.0 emerged at the time of writing this; it is the first tool to pro-
cess S/MIME. However, the installation is cumbersome and the documentation
