[liberationtech] pgp and e-mail resources?

Thu Oct 28 09:07:04 PDT 2010

begin Graham Webster quotation of Thu, Oct 28, 2010 at 01:49:27AM -0700:

> I'm thinking of opinions of which GUI options are best, or of what less easy procedures might provide good security. Obviously PGP comes to mind.

Webs of trust are better than trees of trust.

The OpenPGP design is great, except for two things.

 1. Much of the difficulty is in the key management
    ritual, not the UI.

    The original PGP threat model assumes a big
    bad adversary that can root your mail server,
    do a black-bag job on your PC, and subvert your
    online social network.  So the traditional
    PGP scene strikes an extreme position in the
    security/convenience spectrum.

    Starting with a new from-scratch threat model
    might get you a more realistic, user-friendly way
    to participate in web of trust.  SASE/USPS-based
    robo-signer?

 2. This is the hard one: what's the business model
    for an email client?  Much support is going into
    ad-supported webmail, and most users don't pay
    for desktop software any more.  A free-of-charge
    web browser, even a Free Software one, can
    be ad-supported. 

-- 
Don Marti                    
http://zgp.org/~dmarti/
dmarti at zgp.org