On 10/1/18, Daniel <d...@rubbish.albury.net.au> wrote: > Dirk Munk wrote on 30/09/2018 9:17 PM: >> meagain wrote: >>> -------- Original Message -------- >>>> EE wrote: >>>>> Dirk Munk wrote: >>>>>> When you want to send a message, you have the option to encrypt the >>>>>> message with "Security", assuming you and the other party have set >>>>>> up Digital Signing. >>>>>> >>>>>> It would be a nice feature if you could have an option "always send >>>>>> encrypted" with every address book entry. >>>>>> >>>>>> An alternative would be a general setting "always send encrypted if >>>>>> possible", which means the mail program has to look if a >>>>>> certificate has been stored, and then send encrypted if a >>>>>> certificate has been found. >>>>> >>>>> What about just having a general "Notes" section in there? Then one >>>>> could add any information of any sort in there. The MacOS contact >>>>> list has a Notes area and it is very useful. >>>>> >>>> Thank you, but that is not the point. >>>> >>>> For legal reasons, certain email traffic must be encrypted, from end >>>> point to end point. For instance emails between me and my doctor. >>>> Assuming we have both set up digital signing, any email traffic >>>> between us should *always* be encrypted, automatically. I should not >>>> have to choose Security > Encrypt This Message to get encryption. >>> >>> You want this feature setup on a per-recipient basis just like >>> "prefers to receive mail as " <html/plaintext/any>. >>> >>> >> Yes, that would be an option. >> >> However, I also have an alternative option. >> >> When you want to send each other encrypted emails, you have to exchange >> the certificates first. So I have to send the recipient a signed email >> message, and he has to send me a signed email message as well. As soon >> as I receive his signed email message, its certificate will be stored on >> my computer. My certificate will have been stored on his computer. >> >> From that moment on we can send each other encrypted email messages. >> >> Now suppose I want to send this recipient an email message. Then mail >> could look in the stored certificates for his certificate. When found, >> mail could automatically send the message encrypted. >> >> That is an even cleaner way of setting it up. No need to add an entry to >> the address book, everything is done automatically. > > The whole idea of encrypted messaging intregees me!! > > Let's say you, Dirk, and I want to talk encrypted. I might give you a > Plain language call saying lets go encrypted. You send me your key and I > send you mine, and we're off and communicating. > > However, if someone else is "watching", be it on my computer, on your > computer or somewhere in between, they also have both keys, so can "see" > what we're saying. > > Or am I mis-understanding the situation?? (That's a definite possibility!!)
Conceptually it's pretty simple. It starts with public key cryptography https://en.wikipedia.org/wiki/Public-key_cryptography where you generate your "key pair" - a public key that you give out; others use that key to encrypt messages to you - a private key that you keep secret and use for decrypting messages So far, so good, but how do you get someone's public key? Best is to exchange keys in person, but doing that can be anywhere from trivial to impossible, so somebody came up with the idea of a key signing party to build a 'web of trust'. eg https://lists.torproject.org/pipermail/tor-project/2018-September/001994.html So we're cool now - right? You've got a public key for encrypting mail to someone & a private key for decrypting received mail. But who wants to deal with creating/saving email attachments and doing command line crap like gpg -e -a -r NAME < FILE gpg -d FILE for every single msg? ick. triple ick. Way too much manual labor, so we're off to http://www.secure-my-email.com/intro_to_openpgp.php to learn how to do encryption in the email client. yay! But.. Oh Noes!! https://efail.de/ So you go looking & find stuff like https://ssd.eff.org/en/blog/how-turn-pgp-back-safely-possible and decide that it's safe to go back to automatically handling encrypted mail. Which gets us back to > It would be a nice feature if you could have an option "always send > encrypted" with every address book entry. to help prevent those Oh Noes!! moments when you send something without encryption. Regards, Lee _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey
