Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.mail.misc > #290 > unrolled thread

PGP tools for dumb users -- suggestions?

Back to article view | Back to comp.mail.misc

Contents

  PGP tools for dumb users -- suggestions? Anonymous <noreply@breaka.net> - 2012-10-09 03:55 -0600
    Re: PGP tools for dumb users -- suggestions? Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> - 2012-10-09 17:47 +0200
      Re: Re: PGP tools for dumb users -- suggestions? Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> - 2012-10-14 05:19 +0200
        Re: Re: PGP tools for dumb users -- suggestions? Anonymous <nobody@remailer.paranoici.org> - 2012-10-15 13:29 +0000
      Re: PGP tools for dumb users -- suggestions? Jorgen Grahn <grahn+nntp@snipabacken.se> - 2012-10-29 22:28 +0000
        Re: PGP tools for dumb users -- suggestions? Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> - 2012-10-31 03:06 +0100
    Re: PGP tools for dumb users -- suggestions? Andreas Mattheiss <please.post@publicly.invalid> - 2012-10-11 22:11 +0200
    Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-12 19:24 -0400
      Re: Re: PGP tools for dumb users -- suggestions? Nomen Nescio <nobody@dizum.com> - 2012-10-13 15:55 +0200
        Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-13 13:00 -0400
          Re: PGP tools for dumb users -- suggestions? Kees Theunissen <theuniss@rijnh.nl> - 2012-10-15 17:49 +0200
            Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-15 16:43 -0400
              Re: PGP tools for dumb users -- suggestions? "Thor Kottelin" <thor@anta.net> - 2012-10-16 01:19 +0300
                Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-15 19:35 -0400
                  Re: PGP tools for dumb users -- suggestions? "Thor Kottelin" <thor@anta.net> - 2012-10-16 03:39 +0300
                    Re: PGP tools for dumb users -- suggestions? Hans-Georg Michna <hans-georgNoEmailPlease@michna.com> - 2012-10-16 13:35 +0200
                      Re: Re: PGP tools for dumb users -- suggestions? Andreas Mattheiss <please.post@publicly.invalid> - 2012-10-20 19:01 +0200
                      Re: PGP tools for dumb users -- suggestions? Jorgen Grahn <grahn+nntp@snipabacken.se> - 2012-10-29 22:25 +0000
                        Re: PGP tools for dumb users -- suggestions? Anonymous <nobody@remailer.paranoici.org> - 2012-10-31 08:30 +0000
                          Re: PGP tools for dumb users -- suggestions? Jorgen Grahn <grahn+nntp@snipabacken.se> - 2012-10-31 17:25 +0000
                            Re: Re: PGP tools for dumb users -- suggestions? Anonymous <noreply@breaka.net> - 2012-11-01 05:25 -0600
                              Re: Re: PGP tools for dumb users -- suggestions? Anonymous <nobody@remailer.paranoici.org> - 2012-11-01 14:05 +0000
                  Re: Re: PGP tools for dumb users -- suggestions? Anonymous <noreply@breaka.net> - 2012-10-25 13:00 -0600
              Re: PGP tools for dumb users -- suggestions? Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> - 2012-10-16 04:16 +0200
                Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-15 23:08 -0400
              Re: Re: PGP tools for dumb users -- suggestions? Anonymous <noreply@breaka.net> - 2012-10-23 10:39 -0600
              Re: PGP tools for dumb users -- suggestions? Anonymous <anonymous@hoi-polloi.org> - 2012-10-30 23:03 +0000
          Re: PGP tools for dumb users -- suggestions? bonomi@host122.r-bonomi.com (Robert Bonomi) - 2012-11-02 07:59 -0500
      Re: PGP tools for dumb users -- suggestions? Anonymous <nobody@remailer.paranoici.org> - 2012-10-20 19:53 +0000
        Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-20 16:43 -0400
      Re: PGP tools for dumb users -- suggestions? Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> - 2012-10-21 09:30 +0200
        Re: PGP tools for dumb users -- suggestions? Mail Man <Mail@Man.com> - 2012-10-21 08:49 -0400

Page 1 of 2  [1] 2  Next page →

#290 — PGP tools for dumb users -- suggestions?

I told an associate (who uses Outlook) to install PGP and a plugin to
make it dumb-user-usable.  His "IT guy" could not handle it, saying
that the plugin "didn't work".

What tool is exceptionally fool-proof?  At this point, I would like to
recommend a MUA that is already PGP-aware, and even better, has an
integrated PGP implementation.

BTW, please, hold back on smart-ass suggestions like "get a new IT
guy" - it's not my IT guy, and not my place to make staffing
recommendations.

[toc] | [next] | [standalone]

#291

Anonymous <noreply@breaka.net> wrote:

> I told an associate (who uses Outlook) to install PGP and a plugin to
> make it dumb-user-usable.  His "IT guy" could not handle it, saying
> that the plugin "didn't work".

Where did he install "PGP" from? Did he buy a copy or use something old?

The old plugins from pgpi.net work but maybe not on the latest Outlook.

> What tool is exceptionally fool-proof?  At this point, I would like to
> recommend a MUA that is already PGP-aware, and even better, has an
> integrated PGP implementation.

Thunderbird and GPG work pretty well although Thunderbird is a shitty email
client and an even worse news client. If you have multiple accounts you'll
be sorry you used it. If you have only one or two email accounts it will be
good enough.

> BTW, please, hold back on smart-ass suggestions like "get a new IT
> guy" - it's not my IT guy, and not my place to make staffing
> recommendations.

But you can tell him to install PGP?

I would say he should "get a new IT guy".

[toc] | [prev] | [next] | [standalone]

#297

>Where did he install "PGP" from? Did he buy a copy or use something old?

No idea.

>Thunderbird and GPG work pretty well although Thunderbird is a shitty email
>client and an even worse news client. If you have multiple accounts you'll
>be sorry you used it. If you have only one or two email accounts it will be
>good enough.

Thanks for the tip.  The best I've come up with is the "GPG4Win"
package and Claws Mail.  I haven't tried it, but appears the two tools
were meant to work together.

Thanks for the tip about Thunderbird.  Was it "GPG4Win" that you're
suggesting with thunderbird?

[toc] | [prev] | [next] | [standalone]

#298

Fritz Wuehler <fritz@spamexpire-201210.rodent.frell.theremailer.net> wrote:

> >Where did he install "PGP" from? Did he buy a copy or use something old?
> 
> No idea.

It makes a difference because old PGP can work with new GPG but you have to
set the settings specifically for that and you also need IDEA support and
that isn't defaulted in GPG. 

> 
> >Thunderbird and GPG work pretty well although Thunderbird is a shitty email
> >client and an even worse news client. If you have multiple accounts you'll
> >be sorry you used it. If you have only one or two email accounts it will be
> >good enough.
> 
> Thanks for the tip.  The best I've come up with is the "GPG4Win"
> package and Claws Mail.  I haven't tried it, but appears the two tools
> were meant to work together.

I forgot about Claws. It's a much better mail client than Thunderbird and it
has plugins for GPG on Linux that work without any additional software
other than GPG itself. I didn't look at the Windows version. Maybe GPG4Win
is needed in place of the Claws plugin, if the plugin that comes with Claws
only works on Linux. I am pretty sure GPG4Win was not targeted at Claws
although you say they were meant to work together.  You could ask on the
claws mailing list.

> 
> Thanks for the tip about Thunderbird.  Was it "GPG4Win" that you're
> suggesting with thunderbird?

No, I should have explained myself better, sorry about that. Thunderbird
supports S/MIME natively (I think) and PGP/GPG with a Mozilla add-on called 
enigmail. If S/MIME isn't native it's also part of enigmail. Anyway I looked
at it years ago and it is excellent. Too bad it's wasted on a shitty kitchen
sink email client like Thunderbird! 

[toc] | [prev] | [next] | [standalone]

#333

On Tue, 2012-10-09, Fritz Wuehler wrote:
> Anonymous <noreply@breaka.net> wrote:
>
>> I told an associate (who uses Outlook) to install PGP and a plugin to
>> make it dumb-user-usable.  His "IT guy" could not handle it, saying
>> that the plugin "didn't work".
...
>> BTW, please, hold back on smart-ass suggestions like "get a new IT
>> guy" - it's not my IT guy, and not my place to make staffing
>> recommendations.
>
> But you can tell him to install PGP?

He can surely request that someone should communicate with him using a
specific protocol.  That's what protocols are for -- so people can
communicate without micro-managing exactly /how/.

/Jorgen

-- 
  // Jorgen Grahn <grahn@  Oo  o.   .     .
\X/     snipabacken.se>   O  o   .

[toc] | [prev] | [next] | [standalone]

#336

Jorgen Grahn <grahn+nntp@snipabacken.se> wrote:

> On Tue, 2012-10-09, Fritz Wuehler wrote:
> > Anonymous <noreply@breaka.net> wrote:
> >
> >> I told an associate (who uses Outlook) to install PGP and a plugin to
> >> make it dumb-user-usable.  His "IT guy" could not handle it, saying
> >> that the plugin "didn't work".
> ...
> >> BTW, please, hold back on smart-ass suggestions like "get a new IT
> >> guy" - it's not my IT guy, and not my place to make staffing
> >> recommendations.

Get a new IT guy!

If he has to use Outlook, there's not a solution simpler than S/MIME.
Outlook already supports it. But you still have to have a minor clue
to set it up.

[toc] | [prev] | [next] | [standalone]

#292

Hi,

you are aware that outlook supports S/MIME natively?

S/MIME is effectively the same as gpg in that it *does* the same thing,
but the nomenclature and in particular the "trust model" (important for
signing messages) follows different approaches. It is also a bit more
difficult to get a private/public key than in gpg. Plus, the handling in
Windows is something one needs getting used to.

The reason why I am not all that happy with outlook's implementation of
S/MIME is because it's doing it's own thing when signing messages.
Basically it renders such messages unreadable for an adressee not using
outlook as well.

Regards
Andreas

[toc] | [prev] | [next] | [standalone]

#293

Anonymous wrote:
 
> I told an associate (who uses Outlook) to install PGP and a
> plugin to make it dumb-user-usable. 

Is there *really* a point for the average user to incorporate PGP
signing into his/her e-mails?

What exactly is gained by it?

Satisfying some sort of info-technology fettish?

[toc] | [prev] | [next] | [standalone]

#295

>Is there *really* a point for the average user to incorporate PGP
>signing into his/her e-mails?

>What exactly is gained by it?

It's not for signing.

But regardless, whether you need non-repudiation or confidentiality,
the need is not a function of technical competence.

[toc] | [prev] | [next] | [standalone]

#296

Nomen Nescio wrote:
 
> > What exactly is gained by it?
> 
> It's not for signing.

I thought it was.

> But regardless, whether you need non-repudiation or
> confidentiality,

  confidentiality = encryption?
  encryption <> PGP signing?

> the need is not a function of technical competence.

Do dumb users really need PGP for their e-mail transactions?

Who exactly needs PGP for their e-mail transations - beyond those that
have a tech-fettish?

[toc] | [prev] | [next] | [standalone]

#299

Mail Man wrote:

> Do dumb users really need PGP for their e-mail transactions?

That depends on the purpose of the mail.

A user using email in a hostile environment like the internet
might want to encrypt her messages in order to keep confidential
contents confidential. And she might want to sign messages
like invoices, offers, contracts and other legal stuff
in order to proof that she was the sender and to ensure the
integrity of the message.


Regards,

Kees.

-- 
Kees Theunissen.

[toc] | [prev] | [next] | [standalone]

#300

Kees Theunissen wrote:
 
> A user using email in a hostile environment like the internet
> might want to encrypt her messages in order to keep confidential
> contents confidential. 

You mean like if terrorists want to send e-mail to each other?

> And might want to sign messages like invoices, offers, contracts
> and other legal stuff in order to proof they were the sender and
> to ensure the integrity of the message.

I have been using email for about 24 years now, 17 of which have been
part of a small bio-tech company doing business with universities,
medical schools, pharmaceutical and medical device companies in US /
Canada / Europe / Japan / Australia (and now China) and medical
scientists in several branches of the US military.  Some of our email
transactions included patent law and strategy involved with patent
licensing.

Not once have I / we ever received an email with a PGP signature, or
were asked to obtain and use PGP signing as a pre-condition of engaging
in email communication.

So I continue to ask who, beyond those with a fettish for IT technology,
has a real-world need for PGP encryption or signing as part of email
communication?

[toc] | [prev] | [next] | [standalone]

#301

"Mail Man" <Mail@Man.com> wrote in message 
news:507C7568.7C3DB3AA@Man.com...

> I continue to ask who, beyond those with a fettish for IT technology,
> has a real-world need for PGP encryption or signing as part of email
> communication?

The same people who use ssh instead of telnet, log in to websites using 
https in lieu of http and use a VPN tunnel when connecting to the office. 
In short, those who have a clue (or a CISO with a clue) and do not want to 
endanger the confidentiality of sensitive information. Transmitting such 
information in the clear may even be illegal in some cases, such as in 
public administration.

Why are you asking such a strange question?

-- 
Thor Kottelin
http://www.anta.net/

[toc] | [prev] | [next] | [standalone]

#302

Thor Kottelin wrote:
 
> > I continue to ask who, beyond those with a fettish for IT
> > technology, has a real-world need for PGP encryption or
> > signing as part of email communication?
> 
> The same people who use ssh instead of telnet, log in to websites
> using https in lieu of http and use a VPN tunnel when connecting
> to the office.

All the examples you gave are for security measures taken when you have
a public-facing portal or server of some sort that you want to allow
only authenticated people to access.

Unless you believe that your internet connection is being wire-tapped,
then you have to show that the email transport and spooling facility is
insecure in order for encryption to have any value or need.

And the need or utility of PGP signing is another matter entirely.

> Why are you asking such a strange question?

To get you to admit the futility of expecting that PGP will ever become
useful for email beyond those with a fettish for IT (and *nix).

[toc] | [prev] | [next] | [standalone]

#303

"Mail Man" <Mail@Man.com> wrote in message 
news:507C9DD4.2B7539D0@Man.com...
> Thor Kottelin wrote:
>
>> > I continue to ask who, beyond those with a fettish for IT
>> > technology, has a real-world need for PGP encryption or
>> > signing as part of email communication?
>>
>> The same people who use ssh instead of telnet, log in to websites
>> using https in lieu of http and use a VPN tunnel when connecting
>> to the office.
>
> All the examples you gave are for security measures taken when you have
> a public-facing portal or server of some sort that you want to allow
> only authenticated people to access.

ssh, https and VPNs protect all information being transferred, not just 
the login credentials. The reason for using a VPN is not to restrict 
access to the VPN server; it is to create a secure tunnel over an insecure 
network, much like PGP typically is used to provide end-to-end encryption 
of email messages.

> Unless you believe that your internet connection is being wire-tapped,
> then you have to show that the email transport and spooling facility is
> insecure in order for encryption to have any value or need.

No. Given how Internet traffic is routed, it is very difficult to prove an 
unencrypted connection secure. As such, it makes sense to assume that it 
is insecure.

Sweden, for example, has publicly announced that it wiretaps cross-border 
Internet traffic. Various other countries are likely to do the same less 
openly. Content-based spam filtering is another potential threat to 
confidentiality.

>> Why are you asking such a strange question?
>
> To get you to admit the futility of expecting that PGP will ever become
> useful for email beyond those with a fettish for IT (and *nix).

I still fail to see your point or understand your motives (and the word 
you are looking for is 'fetish'). I have seen very non-technical users 
adopt PGP because they needed to. As for your reference to '*nix': PGP was 
originally a DOS application, and now it is mainly used in Windows 
environments. Perhaps you are thinking of GPG, the open software product 
that was released almost a decade after PGP.

-- 
Thor Kottelin
http://www.anta.net/

[toc] | [prev] | [next] | [standalone]

#306

I think in this discussion the main point is not touched, namely
that the use of PGP or, worse, GPG is too awkward for all
ordinary mail users. GPG is outright user-hostile.

I also think we should all use encryption, but as long as it is
not easy to use, few people will use it.

S/MIME is easy to use and built into many mail clients. The
problem here is that a bunch of standards bodies and biggish
encryption companies has successfully monopolized the keys and
is trying to make money that way. They have mainly done that by
connecting the encryption purpose with the identification
purpose. The latter requires some effort that is worth some
money, but it is not really required for the former.

The whole thing is a mess, and governments benefit from it,
because they can all too easily eavesdrop on huge flows of email
information.

Hans-Georg

[toc] | [prev] | [next] | [standalone]

#313

Hi,

Am Tue, 16 Oct 2012 13:35:35 +0200 schrieb Hans-Georg Michna:

> 
> S/MIME is easy to use and built into many mail clients. The problem here
> is that a bunch of standards bodies and biggish encryption companies has
> successfully monopolized the keys and is trying to make money that way.
> They have mainly done that by connecting the encryption purpose with the
> identification purpose. The latter requires some effort that is worth some
> money, but it is not really required for the former.
> 

good point, but it only requires minimum effort to get round this. Either
roll your own certificates by running your own mini-CA, or get one with
minumum fuzz at www.cacert.org. The first approach will certainly not and
the second one will unlikely solve the identification issue, but if you
don't care about this anyway it doens't matter at all. Encryption will
work.

Regards
Andreas

[toc] | [prev] | [next] | [standalone]

#332

On Tue, 2012-10-16, Hans-Georg Michna wrote:
> I think in this discussion the main point is not touched, namely
> that the use of PGP or, worse, GPG is too awkward for all
> ordinary mail users. GPG is outright user-hostile.

What's extra bad about gpg?  Surely we are talking about
- mail clients providing the user interface
- OpenPGP providing the feature set and terminology
- pgp or gpg just providing the implementation?

I don't see any of the gpg user interface when I read/sign mail using
Mutt.

(All this assumes PGP still exists, in a form that's freely available
and regularly updated.  I was under the impression that it was not --
the situation here has been very confused for at least 20 years.)

> I also think we should all use encryption, but as long as it is
> not easy to use, few people will use it.
...
> The whole thing is a mess [...]

Yes.

/Jorgen

-- 
  // Jorgen Grahn <grahn@  Oo  o.   .     .
\X/     snipabacken.se>   O  o   .

[toc] | [prev] | [next] | [standalone]

#337

Jorgen Grahn <grahn+nntp@snipabacken.se> wrote:

> On Tue, 2012-10-16, Hans-Georg Michna wrote:
> > I think in this discussion the main point is not touched, namely
> > that the use of PGP or, worse, GPG is too awkward for all
> > ordinary mail users. GPG is outright user-hostile.

It's no more hostile than any other command-line tool. I can see how a
Windows victim might consider that hostile, since Windows has brainwashed
most idiots into believing GUI = computer.

Do you really expect something like encryption to be easy? TINSTAAFL!
Encryption does require intelligent, responsible usage to be effective. I
guess that rules it out for Windows victims.

> What's extra bad about gpg?  Surely we are talking about
> - mail clients providing the user interface
> - OpenPGP providing the feature set and terminology
> - pgp or gpg just providing the implementation?
> 
> I don't see any of the gpg user interface when I read/sign mail using
> Mutt.

Right you are! Many mail clients have integrated some form of cryptographic
support to the point even our pal Hans-Georg shouldn't be offended.

> (All this assumes PGP still exists, in a form that's freely available
> and regularly updated.  I was under the impression that it was not --
> the situation here has been very confused for at least 20 years.)

Old versions of PGP still exist and are freely available, and they work
fine. GPG has picked up where they left off and added new ciphers and bug
fixes.

[toc] | [prev] | [next] | [standalone]

#338

On Wed, 2012-10-31, Anonymous wrote:
> Jorgen Grahn <grahn+nntp@snipabacken.se> wrote:
>
>> On Tue, 2012-10-16, Hans-Georg Michna wrote:
>> > I think in this discussion the main point is not touched, namely
>> > that the use of PGP or, worse, GPG is too awkward for all
>> > ordinary mail users. GPG is outright user-hostile.
>
> It's no more hostile than any other command-line tool. I can see how a
> Windows victim might consider that hostile, since Windows has brainwashed
> most idiots into believing GUI = computer.

That may have been what he meant, but I doubt it and would still like
a clarification.

>> I don't see any of the gpg user interface when I read/sign mail using
>> Mutt.

/Jorgen

-- 
  // Jorgen Grahn <grahn@  Oo  o.   .     .
\X/     snipabacken.se>   O  o   .

[toc] | [prev] | [next] | [standalone]

Page 1 of 2  [1] 2  Next page →

Back to top | Article view | comp.mail.misc

csiph-web