Re: We shall value email usage
Hi, 1 avr. 2021, 18:19 de gnupg-users@gnupg.org: > Why stop? > You're right. Today is the good day to break habits, think out of the box and do things differently! ;) Best regards, l0f4r0 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 01/04/2021 15:39, Stefan Vasilev via Gnupg-users wrote: Another option would be direct FAX/GnuPG usage, with a different armor, which is OCR friendly. From a purely practical point of view, why would anyone in the modern world use a system where a digital message is rendered in OCR-able format on an analogue raster, to be converted into digital tones, then passed down an analogue connection, which is almost certainly carried over a VoIP backbone? Please stop. -- Andrew Gallagher OpenPGP_signature Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Johan Wevers wrote: Sorry for not quoting your message! Let's say it this way, Bernhard likes to promote email usage for GnuPG, or why should we here on this Mailing List value email usage (with a MUA)? I showed a couple of examples to make it for the surveillance industry a bit harder to collect decentralized distributed GnuPG encrypted payloads. :-) And I am aware that we have people here on this ML who for example work(ed) in that industry and that they like how GnuPG with MUAs on online devices work. ;-) Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Andrew Gallagher wrote: On 01/04/2021 15:39, Stefan Vasilev via Gnupg-users wrote: Another option would be direct FAX/GnuPG usage, with a different armor, which is OCR friendly. From a purely practical point of view, why would anyone in the modern world use a system where a digital message is rendered in OCR-able format on an analogue raster, to be converted into digital tones, then passed down an analogue connection, which is almost certainly carried over a VoIP backbone? Please stop. Why stop? It is a valid option for almost real time decentralized comms which guarantees that the recipient gets a time stamped encrypted document from a hardcoded landline no. email delivery, as you may no, can not be guaranteed and in case of GnuPG armored messages they will be most likely filtered for further archival and/or processing. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 01-04-2021 17:54, Stefan Vasilev via Gnupg-users wrote: > Fax is faster than email and arrives, while email delivery to a > recipient can not On;y if the recipient has a landline that can always pickup the fax call. A more and more uncommon situation. I don't have a landline anymore, no use for it. > many users. Third assuming households have muli-purpose printers too > they can simply scan the Fax for further processing. What a waste of paper and expensive ink. And I don't have a (functioning) printer anyway, why would I? I can read everything on screen. Maybe RMS might do something like that but while I support him in the current which hunt I'm not as strict as he is about using modern hardware. Killing some Google services like advertising id on my phone and blocking ads is as far as I go. >> Why limit yourself with expensive special purpose hardware that has far >> less options than the current? > Why not, this product is available and does not limit Internet users to > do other thing besides encrypted Fax usage. Why buy expensive special purpose hardware for only that use case? > No, Signal is an easy to monitor smartphone tool needing a server with > registered users, while Not really easy to monitor, not since they implemented "sealed sender" so the server does only know the receiver, not the sender. > PGPfone was a Computer usage only tool, for direct and secure comms, > between two endpoints, Who both had to synchronize being online at the same time. That might have been acceptable 20 years ago but not now. > without server usage. Dialing was done from IP address to IP address and > verified with the included PGP wordlist. That might cause problems now that most people have dynamic IP addresses. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Johan Wevers wrote: On 31-03-2021 22:28, Stefan Vasilev via Gnupg-users wrote: Hopefully the Industry will take a look at affordable hardware based encrypted Fax comms for Fax? To get the information on paper? In 2021? Why? Fax is faster than email and arrives, while email delivery to a recipient can not been guranteed. Secondly it is more dezentralised than smpt(s) servers with many users. Third assuming households have muli-purpose printers too they can simply scan the Fax for further processing. Hardware based AES/DH crypto phones (no smartphones) would be a welcome addition too. Why limit yourself with expensive special purpose hardware that has far less options than the current? Why not, this product is available and does not limit Internet users to do other things besides encrypted Fax usage. Or that the OpenPGP community revives PGPfone, for free Internet calls, at least ... I think Signal has already stepped into that niche. No, Signal is an easy to monitor smartphone tool needing a server with registered users, while PGPfone was a Computer usage only tool, for direct and secure comms, between two endpoints, without server usage. Dialing was done from IP address to IP address and verified with the included PGP wordlist. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 31-03-2021 22:28, Stefan Vasilev via Gnupg-users wrote: > Hopefully the Industry will take a look at affordable hardware based > encrypted Fax comms for Fax? To get the information on paper? In 2021? Why? > Hardware based AES/DH crypto phones (no smartphones) would be a welcome > addition too. Why limit yourself with expensive special purpose hardware that has far less options than the current? > Or that the OpenPGP community revives PGPfone, for free Internet calls, > at least ... I think Signal has already stepped into that niche. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Bernhard Reiter wrote: Am Mittwoch 31 März 2021 22:28:45 schrieb Stefan Vasilev via Gnupg-users: The more I think about GnuPG with email MUA usage I strongly believe that the Industry has better options than email, especially when it comes to decentralised and confidential communications. And what options would that be? First of all we should consider that GnuPG did not changed the email world as users may had expected over the decades and during to continuing mass-surveillance it is debatable if a few users should use this communication form further. It would be good if it would be accepted by millions when conducting online business but since this is not the case, nor never will be, it can be argued when a few people do encrypted email communications, why not switch to other channels, to reduce the flow of meta data? An option would be to use UIDless GnuPG key pairs with the Bitmessage p2p Network to give GnuPG users additional anonymity. Another method could be IPFS (InterPlanetary FileSystem) usage where users distribute encrypted GnuPG payloads and only provide the IPFS hashes to communication partners, so that they can read those hashes, say from an SMS, a FAX etc. and then download the encrypted payload from places they feel comfortable with. Another option would be direct FAX/GnuPG usage, with a different armor, which is OCR friendly. Hopefully the Industry will take a look at affordable hardware based encrypted Fax comms for the little individual or small business owner. https://www.tccsecure.com/Products/voice-fax-data-encryption/CSD3324spf-detail.aspx Briefly skimmed the page, it does not say how the maschine-in-the-middle (MITM) attack is migitated. Also this hardware solution does not offer the means to transport electronic documents, neither would crypto phones. Correct no electronic documents, but would it be not a bit more difficult or less common to intercept DH usage from hardware based devices compared to software based Internet DH usage? At least this product exists and it can be assumed that it is been used. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Am Mittwoch 31 März 2021 22:28:45 schrieb Stefan Vasilev via Gnupg-users: > The more I think about GnuPG with email MUA usage I strongly believe > that the Industry has better options than email, especially when it comes > to decentralised and confidential communications. And what options would that be? > Hopefully the Industry will take a look at affordable hardware based > encrypted Fax comms for the little individual or small business owner. > https://www.tccsecure.com/Products/voice-fax-data-encryption/CSD3324spf-detail.aspx Briefly skimmed the page, it does not say how the maschine-in-the-middle (MITM) attack is migitated. Also this hardware solution does not offer the means to transport electronic documents, neither would crypto phones. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Bernhard Reiter wrote: Am Mittwoch 24 März 2021 16:15:16 schrieb Stefan Vasilev via Gnupg-users: Bernhard Reiter wrote: What I observe is that knowledge and practive of email usage is declining. I notice it in many little things This is quite normal, because millions of people nowadays are using modern web based email clients Most webclients I have seen, are not as usable as native clients. But this is no excuse for not using email in a good way. :) and those have with Gmail etc. the option to use OpenPGP too. GnuPG with add-ons for a MUAs seems therefore a bit outdated and is probably mostly used among Mailing List members. Yes, there is a perception of "outdatedness". Maybe it is needed to show the advantages to make it look modern. A tool that is more effective should be modern. Of course, email belong to many, a proprietary messenger to one vendor, guess who has more marketing money. ;) An exception might be the new Thunderbird, with OpenPGP support. The choise of implementing a pre-standard way of protected headers and making it the default without way to disable it, was doing email and secure email a disservice in my opionion. :( The more I think about GnuPG with email MUA usage I strongly believe that the Industry has better options than email, especially when it comes to decentralised and confidential communications. Hopefully the Industry will take a look at affordable hardware based encrypted Fax comms for the little individual or small business owner. https://www.tccsecure.com/Products/voice-fax-data-encryption/CSD3324spf-detail.aspx Hardware based AES/DH crypto phones (no smartphones) would be a welcome addition too. Or that the OpenPGP community revives PGPfone, for free Internet calls, at least ... Regards Stefan smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
* Bernhard Reiter: > Just wondering if there is a standard for sharing email drafts ... https://tools.ietf.org/html/rfc6154 defines optional attributes for "special-use" mailboxes. That applies to IMAP only, of course, but it may be sufficient, depending on a user's client/server combination. -Ralph ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Am Donnerstag 25 März 2021 12:34:15 schrieb Klaus Ethgen: > if you start editing a mail with thunderbird and put it to > drafts. Then finishing the edit with mutt. Just wondering if there is a standard for sharing email drafts ... Anyhow implementing the wrapped message method of protected headers would also be good for drafts: Just fully encrypt the real mail. Note that email needs meta data like a postal package needs an address sticker on the cardboard. Best, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
On 3/25/2021 12:34 PM, Klaus Ethgen wrote: Hi, Am Do den 25. Mär 2021 um 11:51 schrieb Bernhard Reiter: To me the protected headers implementation Thunderbird is a step back, as it leads to unnecessary data leaks (subject and cc) to other clients with are OpenPGP/MIME compatible. Well, there is other.. For example, if you start editing a mail with thunderbird and put it to drafts. Then finishing the edit with mutt. This will leak the following headers: - user-agent - x-mailer - x-mozilla-draft-info - x-enigmail-draft-status - x-account-key - x-identity-key - fcc Even when sending mails just from thunderbird, it leaks at least the user-agent header. Currently I configured my MTA to remove that headers for outgoing mails. You can disable the usage of the user-agent in TB, one can only hope for the others as well. -- John Doe ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Hi, Am Do den 25. Mär 2021 um 11:51 schrieb Bernhard Reiter: > To me the protected headers implementation Thunderbird is a step back, > as it leads to unnecessary data leaks (subject and cc) to other clients > with are OpenPGP/MIME compatible. Well, there is other.. For example, if you start editing a mail with thunderbird and put it to drafts. Then finishing the edit with mutt. This will leak the following headers: - user-agent - x-mailer - x-mozilla-draft-info - x-enigmail-draft-status - x-account-key - x-identity-key - fcc Even when sending mails just from thunderbird, it leaks at least the user-agent header. Currently I configured my MTA to remove that headers for outgoing mails. Gruß Klaus -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Hi Klaus, Am Donnerstag 25 März 2021 10:25:22 schrieb Klaus Ethgen: > But there is > even a solution for Web-based mail clients. Mailvelope does a pretty > good job. Although there are some stuff to know about: > - Mailvelope can (obviously) only handle inline PGP mails. Decoding mime > mails (or encoding) is far away from such a tool AFAIR Mailvelope can do OpenPGP/MIME (if the webmailer it is used with offers some features). https://www.mailvelope.com/en/faq#only_attachments Did you know: you can use GnuPG with Mailvelope, if you want (e.g. for smartcards or higher security needs) https://github.com/mailvelope/mailvelope/wiki/Mailvelope-GnuPG-integration > It is sad, that the native implementation in Thunderbird is a > big step back. Although there is some advantages like the hidden subject > header. To me the protected headers implementation Thunderbird is a step back, as it leads to unnecessary data leaks (subject and cc) to other clients with are OpenPGP/MIME compatible. And it reduces the usability for emails in many cases (see my email thread about it). > On the other hand, as it was stated here too, it is not possible to > disable It is possible to disable (they added this later), but it is an expert option and the default is still on (see drawbacks mentioned above). https://lists.gnupg.org/pipermail/gnupg-users/2021-February/064862.html Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Hi List, Am Mi den 24. Mär 2021 um 16:15 schrieb Stefan Vasilev via Gnupg-users: > Bernhard Reiter wrote: > > > What I observe is that knowledge and practive of email usage > > is declining. I notice it in many little things (like folks sending > > alternative HTML mails, not being able to handle CC, good inline quoting, > > good subjects). So where are good explanations about email practice? > > This is quite normal, because millions of people nowadays are using modern > web based > > email clients and those have with Gmail etc. the option to use OpenPGP too. > GnuPG If they are "modern" is something, I do not judge about. But there is even a solution for Web-based mail clients. Mailvelope does a pretty good job. Although there are some stuff to know about: - Mailvelope can (obviously) only handle inline PGP mails. Decoding mime mails (or encoding) is far away from such a tool - Mailvelope cannot handle hidden encrypts (As I understand the discussion, current Thunderbird is also unable to handle this.) - Mailvelope Needs a e-mail address in the key identity. Otherwise it is not selectable. > among Mailing List members. An exception might be the new Thunderbird, with As you might see, I use mutt as mail client. But recently, I started having an eye to thunderbird for some reasons. I liked the Enigmail addon. It is sad, that the native implementation in Thunderbird is a big step back. Although there is some advantages like the hidden subject header. On the other hand, as it was stated here too, it is not possible to disable it so the still dump majority of Outlook is unable to view the subject. However, Outlook is also unable to view quotes a usable way, neither is it able to create proper mails. So I always wonder, why people stick to such horrible software. Gruß Klaus Ps. I might need to use this Outlook in future for work mails. But I try to fight it. :-) -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus Ethgen Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Am Mittwoch 24 März 2021 16:15:16 schrieb Stefan Vasilev via Gnupg-users: > Bernhard Reiter wrote: > > What I observe is that knowledge and practive of email usage > > is declining. I notice it in many little things > This is quite normal, because millions of people nowadays are using > modern web based email clients Most webclients I have seen, are not as usable as native clients. But this is no excuse for not using email in a good way. :) > and those have with Gmail etc. the option to use OpenPGP > too. GnuPG with add-ons for a MUAs seems therefore a bit outdated > and is probably mostly used among Mailing List members. Yes, there is a perception of "outdatedness". Maybe it is needed to show the advantages to make it look modern. A tool that is more effective should be modern. Of course, email belong to many, a proprietary messenger to one vendor, guess who has more marketing money. ;) > An exception might be the new Thunderbird, with > OpenPGP support. The choise of implementing a pre-standard way of protected headers and making it the default without way to disable it, was doing email and secure email a disservice in my opionion. :( Best, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: We shall value email usage
Bernhard Reiter wrote: What I observe is that knowledge and practive of email usage is declining. I notice it in many little things (like folks sending alternative HTML mails, not being able to handle CC, good inline quoting, good subjects). So where are good explanations about email practice? This is quite normal, because millions of people nowadays are using modern web based email clients and those have with Gmail etc. the option to use OpenPGP too. GnuPG with add-ons for a MUAs seems therefore a bit outdated and is probably mostly used among Mailing List members. An exception might be the new Thunderbird, with OpenPGP support. Regards Stefan smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users