On 02/12/16 14:57, Duane Whitty wrote: > > I believe that outside of the lack of awareness that their privacy is > being ignored, the problem is mostly private key management and the > unfortunate fact that most of the email clients that most people use > on the most popular platforms don't support encrypting and decrypting > mail.
Yes. Secret key generation, backups, and portability. Also, the fact that so many people now use webmail rather than a local client. > Sure you can use a smart card reader to > solve the availability issues but then you have to deal with all the > software issues. Most people have no knowledge about any of this let > alone the existence of tools like smart card readers. Yep. I've been using a smart card reader for a while, and although I'm comfortable with it now, initially it was daunting. I ended up writing a tool to automate the key generation and backup process (https://andrewg.com/frith.html). There is a similar project under development in Debian (https://danielpocock.com/outreachy-gsoc-2017-pki-clean-room). I wouldn't ask my mother to use either of them. Enabling the smart card for use across multiple machines was a long, trial and error process. Once it is working the convenience is great. But I wouldn't expect anyone else to do it. > I realize there is an argument to be made that people need to exercise > personal responsibility when it comes to their security. But I > believe adoption will be limited to the technically adept until we can > make using encryption and decryption an understandable and short > process for people who only use their computers to run "canned" > applications and send mail. Yes. Arguing "personal responsibility" is too often a means of passing the buck. If it is too difficult or time consuming to be a responsible citizen, people won't. This applies across all walks of life, not just computer security. The best systems make Good Things easy, and Bad Things more trouble than they're worth. Poor systems make Bad easier than Good and then spend all their energy chasing up people who took the lazy way out - which in extreme cases can mean literally everyone. > (Thinking out loud) > I wonder if a solution akin to what the password managers do is > possible? Maybe storing a private key in a password manager would > work for a lot of users. GPG's secret keyring is a password protected database, just like a password manager. The main thing it does not do that many password managers provide is automatically store the encrypted secret in the cloud for easy synchronisation. This is a questionable practice however. Much better to store your secret key material on a smart card. Of course that buggers up mobile. > Still doesn't solve the problem of having gnupg available and > integrated on all the different platforms. Exactly. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users