Re: [DNG] default signing Re: [ann] heads 0.0 is out!
On Fri, 2017-03-03 at 10:09 -0500, Hendrik Boom wrote: > What default cryptographic identity would it use? > > -- hendrik My notion is an email client should look for a keyring and if it can't find one it should default to creating a basic key and publishing it to one or more keyservers. Imagine if every message from $foobar mail client always had a signature attached. Now imagine that it also attached the public key on 1-1 emails. Just that would raise awareness of signed and encrypted email, creating a demand for other clients to chase the feature. Now harvest any keys it gets by that method or by looking up in the keyservers. Then instead of just signing it can start signing and encrypting by default once it has a key for the receiver. Once all clients had adopted the feature most personal email would be encrypted by default, combined with the current trend toward mail servers encrypting traffic between themselves you get a lot of virtually untrackable traffic that would give the NSA fits. No, normies with keys generated by default and no care put into protecting it would not be as secure as hard core types with their key material on external devices. But it would improve general security greatly at almost no expense. Here is the kicker. It is an obvious idea yet exactly zero mail clients have ever did it. Not the big commercial ones like Outlook, Lotus Notes or Eudora, not the big free ones like Thunderbird or Evolution. Not even Pine or GNU's Emacs Mail. Zero is a magic number, when you see zero or infinity you always take another look at your figures to see if you made a mistake. Well here is a suspicious zero. signature.asc Description: This is a digitally signed message part ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [ann] heads 0.0 is out!
On Fri, Mar 03, 2017 at 12:03:02AM -0500, Steve Litt wrote: I haven't yet gotten to the point of using privacy I don't need personally, as is obvious by this unsigned email. I always sign my messages. From what I understand, if my message is signed (and the signature is valid), then it is proof that I actually wrote the message, and it isn't a fake created by someone else with a spoofed address or something. I once left my laptop unlocked and my little brother decided to play a practical joke on me by sending some messages that resulted in me getting banned from a forum. That was a long time ago, but now that I sign everything, I can simply say that anything that is not signed is (probably) not from me. I guess it is stupid to be paranoid about GPG signatures, yet completely transparent with everything else I do... After reading your reply, as well as a few others, I have decided that I will switch to using Tor for most of my online work. I still think that unencrypted communication is faster since the data doesn't have to be en/decrypted (I have no proof of this), but after reading this quote: On Thu, Mar 02, 2017 at 10:15:21PM +0100, Alessandro Selli wrote: Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. I have decided that a few (possibly imaginary) milliseconds is a fair trade-off. (Besides, cloning the linux kernel takes all night regardless.) Thank you everyone for the information, and for putting things in perspective for me. I wish I had joined a mailing list like this 10 years ago, as Google will never be an adequate substitute for just asking someone when the question is not simple. (And unlike IRC, you don't need a constant connection.) -- GPG Key: 0769 AFCF 681E F61E 2137 F4CB 5044 1726 610D 5AE0 signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] default signing Re: [ann] heads 0.0 is out!
On Fri, Mar 03, 2017 at 08:52:41AM -0600, ja...@beau.org wrote: > > And then there's what Jamie said: By all being private, we make the > > truly private stand out less. I haven't yet gotten to the point of > > using privacy I don't need personally, as is obvious by this unsigned > > email. > > > SteveT > > A friend of mine has a bit of a conspiracy theory going - asking why there > is no e-mail program that defaults to at *least* signing messages > cryptographically, if not using encryption as a default. He has a point: > none of the major distros set up their e-mail clients to default to > signing, or anything - why not? > > Sure, it's not the super-privacy-protective that heads or tails provides, > but signing at least provides some confirmation that things haven't been > changed along the way. What default cryptographic identity would it use? -- hendrik > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [ann] heads 0.0 is out!
> And then there's what Jamie said: By all being private, we make the > truly private stand out less. I haven't yet gotten to the point of > using privacy I don't need personally, as is obvious by this unsigned > email. > SteveT A friend of mine has a bit of a conspiracy theory going - asking why there is no e-mail program that defaults to at *least* signing messages cryptographically, if not using encryption as a default. He has a point: none of the major distros set up their e-mail clients to default to signing, or anything - why not? Sure, it's not the super-privacy-protective that heads or tails provides, but signing at least provides some confirmation that things haven't been changed along the way. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Browsers
On Thu, Mar 02, 2017 at 11:46:22PM -0500, Steve Litt wrote: [cut] > > I wonder if Devuan had the foresight in config.h to set > > static Bool enableplugins = FALSE; > > Straight from Suckless, it's set to TRUE. If the Devuan developers set > it to FALSE, that has the same effect as always using -p. > Hi Steve, I don't see why it should be set to false, and in any case it is set to TRUE in the devuan package. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - GLUGCT -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
