Re: Message security; protected header fields

[Derek Martin]

On Fri, May 10, 2024 at 02:16:12AM +0200, Eike Rathke wrote:
> Hi,
> 
> On Thursday, 2024-05-09 19:15:59 -0400, Derek Martin wrote:
> 
> > Probably fine for preventing casual eavesdropping, but for genuinely
> > sensitive applications, should not be considered good enough, unless
> > I'm missing some important detail...
> 
> If you can't trust but need to, then verify. The fingerprint over
> a trusted channel. This has been part of PGP since the beginning.

Indeed, but that's what I've been saying.  The use of autocrypt (or
similar features) downplays the need for this, and encourages naive
users to skip this important step.

-- 
Derek D. Martinhttp://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.



signature.asc
Description: PGP signature

Re: Message security; protected header fields

[Alejandro Colomar]

Hi Derek,

On Mon, May 13, 2024 at 10:10:50AM GMT, Derek Martin wrote:
> On Fri, May 10, 2024 at 02:16:12AM +0200, Eike Rathke wrote:
> > If you can't trust but need to, then verify. The fingerprint over
> > a trusted channel. This has been part of PGP since the beginning.
> 
> Indeed, but that's what I've been saying.  The use of autocrypt (or
> similar features) downplays the need for this, and encourages naive
> users to skip this important step.

Just to clarify, the feature I'm proposing was designed by autocrypt
people (in parallel to me), but is orthogonal to it.  It's not related
at all, and doesn't encourage skipping this important step.  I'm myself
not an autocrypt user, and agree with you on that.

Have a lovely day!
Alex

-- 



signature.asc
Description: PGP signature