Cryptography Reference
In-Depth Information
is incomplete. There seems to still be a long way to go to get a mailer plugin that
optionally handles OpenPGP and S/MIME, depending on the incoming mail.
You can read more about typical problems with encrypted mail in the article
[Wobmail].
I turned back to the command line for receiving encrypted mail (not for sending,
though), because that takes me to the goal fastest. I took that decision when I
received a mail from a sender with a slightly faulty release of Squirrel Mail.
A blank at the end of the marker line
-----BEGIN PGP MESSAGE-----
brought up the error message 'no valid OpenPGP data found', and guessing
at riddles began. As it happens, I use a script that controls the
vim
editor to
remove known errors in advance. My command line doesn't really speak in
favor of a successful integration in mailers.
...
and the 'Human' Side
Bruce Schneier wrote in his topic [SchnCr] that if the average Web surfer clicks
on a button that promises dancing pigs on his computer monitor, and instead
gets a hortatory message describing the potential dangers of the applet, he's
going to choose dancing pigs over computer security any day. In email terms,
if a user doesn't see an urgent reason to encrypt mail he won't. You cannot
expect a user to understand why he should encrypt mail, or what happens
when he does. And things are still cumbersome in practice, as we saw in
the previous section. Linux designers favor the
Mutt
mail program, which is
believed to excellently integrate GnuPG. But to configure
Mutt
, you have to
read the ManPage of
muttrc
, which is about 4000 lines of text. Who has that
kind of time to waste? What's more, you have to know that Mutt obstinately
prefers the PGP/MIME format, while the sender of an Inline-PGP mail has no
idea what mailer the receiver uses.
Even if you eventually let yourself be talked into using your pal's favorite
mail encryption tool, there is yet another problem: you left your private key in
another location, so you still can't read his mails (it happened to me in three
distinct cases). As things like these normally happen especially when mails are
really important and things are urgent, I decided I'd rather sign them, but leave
them unencrypted to get things done.
