[Enigmail] Default encryption key.

Charly Avital shavital at mac.com
Mon Jun 2 20:37:50 PDT 2008


Robert J. Hansen wrote the following on 6/2/08 6:10 PM:
> First, let me start off by agreeing with John.  This is an error in some
> documentation.  My remarks are additions, not disagreements.
> 
> | Obscuring key IDs serves little purpose for security though it does
> | hinder folks from pointing out obvious errors.
> 
> And, in a larger sense, it's a security diminishment.

As I already pointed to John, I was not trying to obscure anything, just
to indicate that was using the long key  ID format. Sorry to repeat myself.

> It seems that
> most people who throw key IDs do so out of some thought

I don't

> that it makes
> them more secure, more confidential, more... more /something/, but
> without a clearly defined security threat and throwing key IDs as a
> clearly articulated response to that threat.
> 
> This is a bigger problem than just throwing key IDs.  Pretty much
> everything in GnuPG is the same way.  People want to tweak the system
> for the "best" security profile without first establishing a threat
> model.  It just doesn't work that way.  Throwing a bunch of features
> that "feel right" at the problem is unlikely to do anything except make
> the user feel good and thus lull them into a false sense of security.

Thanks for the overview.


> For years I've said GnuPG is too large a software package for my liking.
> I would like it an awful lot if GnuPG supported only 3DES for sending
> symmetric traffic, only DSA1024/2048 for signature algorithms, only
> ElG2048 for asymmetric crypto, and only SHA1/SHA256 for digests.

I don't know enough to have an opinion.

My query has been answered 'Enigmail knows *nothing* of the options in
gpg.conf'.

Thanks,
Charly




More information about the Enigmail mailing list