|
Posted by Speechless on August 13, 2006, 4:10 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Speechless wrote:
>
>>>> a) Download the software from their web site. (Everyone knows how
>>>> to download stuff from the web.)
>>>>
>>>> b) Install the software by clicking on the .exe file you've
>>>> downloaded. (Everyone knows click a mouse button.)
>>> Fine. Now FreeBSD tells me that it doesn't know what kind of file
>>> it is.
>>
>> If you are smart enough to know what FreeBSD is, you ought to be
>> smart enough know that it wouldn't run on FreeBSD. (I do run FreeBSD
>> on some of my machines.)
>
>Fine, so how could I read your proprietary stuff? Why doesn't it follow
>public, open, well-analyzed standards like OpenPGP or S/MIME?
I'm just an end user trying to implement a solution for a group of
about 20 close knit people. If you can't read it, so much the better.
>
>> The question is, are you, or anyone else in the crypto community,
>> smart enough to come up with a crypto system that will work for a
>> user who isn't quite sure what Microsoft Windows is?
>
>No, and this isn't the goal either. A crypto system is only secure if
>the user understands at least the important require stuff.
I can assure you that your idea of "important" is not congruent with
what the user thinks is important.
>
>> PGP has been available to the masses for a very long time. Most
>> people have no clue what it is, and those that do, would rather avoid
>> using it at all costs. I wonder why? Could you enlighten me?
>
>It's no true. I would like if everyone used OpenPGP. Damn, I got a
>signature from Werner Koch himself, I'd be easily trusted all the way.
OpenPGP is a specification, not a product.
>
>> a) Why don't people like using PGP?
>
>Don't ask me. Median computer users are totally stupid when it comes to
>computers.
Walk into a corporate environment with an attitude like that where all
the median computer users are found and even you will be amazed at the
velocity you will exit the premises to look for a new employer.
>
>> b) Does it matter how secure PGP is if people refuse use it?
>
>Yes.
>
>> Or, is crypto intended for use by swelled heads in academia only?
>
>No. It's supposed to be used by intelligent people, which don't know
>anything much more about computers than the basic important things, but
>are reasonable and understand what and why they're doing.
Oh, they understand precisely what they are doing and why they are
doing it...when it comes to using group dynamics to deflate someone's
swelled head.
>
>And actually Thunderbird with EnigMail+GnuPG is a quite userfriendly
>OpenPGP eMail implementation.
Thank you. This is the most useful thing you've said so far. I will
have a look at this software combination.
>
>>>> c) Move the POP3 and SMTP server entries from your MUA to
>>>> SecExMail.
>>> You're not serious, are you?
>>
>> I am. SecExMail is a Mail Relay that will work with any MUA. To
>> configure it, you enter the POP3 and SMTP server addresses into
>> SecExMail, and then enter 127.0.0.1 as the server addresses in your
>> MAU for both POP3 and SMTP.
>
>Yes, I know, the DTD allows to omit the IRONY tags. You, how does it
>handle SSL and TLS? If it does, how does it react to
>outdated/revoked/invalid server certificates? Yes, I better prepare my
>laughter.
>
>> It works quite well on Microsoft Windows. Due to user revolt against
>> PGP, the option was to either let the e-mails float through in clear
>> text, or to have them scrambled.
>
>Common mail exchange between MTAs is SSL-encrypted. And it's real
>encryption, not just scrambling.
>
>> SecExMail scrambles them so that anyone casually running a packet
>> sniffer on the network, is not able to read them.
>
>Outlook Express hides header lines by default so no stupid attacker can
>fake headers !!!!!1112
>
>> this might be an opportunity for you to come up with a better user
>> driven distribution system and have it incorporated into an Open
>> Source product, if you are smart enough to do this. Are you smart
>> enough?
>
>I'm smart enough not not waste my time with trying the wrong things.
| 
XML site map