On Mon, 1 Sep 2014 18:49, [email protected] said: > BTW, it all has to happen without asking for matching keys. Enigmail > does a pretty good job of that already. That's a pretty good model for > UI (I hazard a guess), and so stay focused on how to get it to function
It has been told so often in all kind of media that Enigmail is the best tool to use. I suggested its use myself up until I helped out at a crypto party and figured that the UI is still made for geeks and not for users. For example, one participant assumed that he had decrypted a mail after having entered his passphrase 3 times. Then wondered why there was only this BEGIN PGP MESSAGE and some rubbish. He didn't realized that he entered the wrong passphrase 3 times in a row. The fix would be obvious: Print the "wrong passphrase" in bold and red letters and after the 3 tries show an explanations what happened in the content window. But how can we expect to get things better with only two spare time developers for Enigmail and just me taking care of the backend stuff? Business models around solid encryption have always failed. > to scale. It may make sense to use some form of OTR for end-to-end > transit. But again I wouldn't want to count on OTR for data at rest. I fully agree. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Endymail mailing list [email protected] https://www.ietf.org/mailman/listinfo/endymail
