[Enigmail] Default encryption key.
Charly Avital
shavital at mac.com
Mon Jun 2 20:37:50 PDT 2008
Robert J. Hansen wrote the following on 6/2/08 6:10 PM:
> First, let me start off by agreeing with John. This is an error in some
> documentation. My remarks are additions, not disagreements.
>
> | Obscuring key IDs serves little purpose for security though it does
> | hinder folks from pointing out obvious errors.
>
> And, in a larger sense, it's a security diminishment.
As I already pointed to John, I was not trying to obscure anything, just
to indicate that was using the long key ID format. Sorry to repeat myself.
> It seems that
> most people who throw key IDs do so out of some thought
I don't
> that it makes
> them more secure, more confidential, more... more /something/, but
> without a clearly defined security threat and throwing key IDs as a
> clearly articulated response to that threat.
>
> This is a bigger problem than just throwing key IDs. Pretty much
> everything in GnuPG is the same way. People want to tweak the system
> for the "best" security profile without first establishing a threat
> model. It just doesn't work that way. Throwing a bunch of features
> that "feel right" at the problem is unlikely to do anything except make
> the user feel good and thus lull them into a false sense of security.
Thanks for the overview.
> For years I've said GnuPG is too large a software package for my liking.
> I would like it an awful lot if GnuPG supported only 3DES for sending
> symmetric traffic, only DSA1024/2048 for signature algorithms, only
> ElG2048 for asymmetric crypto, and only SHA1/SHA256 for digests.
I don't know enough to have an opinion.
My query has been answered 'Enigmail knows *nothing* of the options in
gpg.conf'.
Thanks,
Charly
More information about the Enigmail
mailing list