On 09/04/12 01:32, Joey Hess wrote:
> Scott Ferguson wrote (remainder of your trolling ignored):
>>> as this will habituate people to expect your mail to be signed,
>> Nope. Wishful thinking at best.
> True story: Last weekend, I sent a friend an email to get him come
> help me move a couch. For complex reasons I neglected to sign it. My
> friend noticed, and worried someone might be playing a prank on him.
I don't doubt it. If you look at one of my other posts you'll see I
encountered a similar scenario that alerted me to compromised email
account. I'm in favour of encryption - amongst other things it reduces
malware. But I don't believe it's a panacea for everything - I know I
don't always check to see email is encrypted (though I should).
And it's my experience that my use of it doesn't automatically encourage
others to use it. I've had a hell of a time getting some people to
install it - and on several occasions noticed they used no passphrases!
Another was later found to have been running a root kit. Yet another
emailed me both his keys! Which makes secure communications with those
people fraught with peril.
Perhaps I'm overly cynical, but I suspect that when the masses adopt
something because it's popular they tend to dumb it down to the point
where it's no longer useful. The security of encryption between two
parties is determined by the lowest common denominator. So if encryption
catches on because everyone is doing it - it may become like SSL
certificates... (if your browser recognises that certificate there's a
good chance it came from a compromises assurer).
Iceweasel/Firefox/Chrome/Chromium/Iceape/IE extensions for finding
answers to questions about Debian:-
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact email@example.com