Re: pgp signing in van

Ted Lemon <Ted.Lemon@nominum.com> Mon, 09 September 2013 20:17 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50BD611E81A5 for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 13:17:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.325
X-Spam-Level:
X-Spam-Status: No, score=-106.325 tagged_above=-999 required=5 tests=[AWL=0.274, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a+SBLmoKE3E3 for <ietf@ietfa.amsl.com>; Mon, 9 Sep 2013 13:17:39 -0700 (PDT)
Received: from exprod7og125.obsmtp.com (exprod7og125.obsmtp.com [64.18.2.28]) by ietfa.amsl.com (Postfix) with ESMTP id 59E0F11E813B for <ietf@ietf.org>; Mon, 9 Sep 2013 13:17:38 -0700 (PDT)
Received: from shell-too.nominum.com ([64.89.228.229]) (using TLSv1) by exprod7ob125.postini.com ([64.18.6.12]) with SMTP ID DSNKUi4s4SltCbfN3GQp2BA9u5h4Fy7steiy@postini.com; Mon, 09 Sep 2013 13:17:38 PDT
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 4C4681B8040 for <ietf@ietf.org>; Mon, 9 Sep 2013 13:17:37 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTPS id 449E2190074; Mon, 9 Sep 2013 13:17:37 -0700 (PDT) (envelope-from Ted.Lemon@nominum.com)
Received: from MBX-01.WIN.NOMINUM.COM ([64.89.228.133]) by CAS-02.WIN.NOMINUM.COM ([64.89.228.132]) with mapi id 14.02.0318.004; Mon, 9 Sep 2013 13:17:37 -0700
From: Ted Lemon <Ted.Lemon@nominum.com>
To: Dan York <dan-ietf@danyork.org>
Subject: Re: pgp signing in van
Thread-Topic: pgp signing in van
Thread-Index: AQHOqpqEB3VH/4NMm0OmqkHjUm9ALJm5aiMAgABaqYD//9WJAIAARlSA///KM4CAAFZ3gIAC1QGAgAAEoYCAAPmWgIAAFPEAgABoNQCAAAGxAA==
Date: Mon, 09 Sep 2013 20:17:36 +0000
Message-ID: <8D23D4052ABE7A4490E77B1A012B63077527D64A@mbx-01.win.nominum.com>
References: <m2zjrq22wp.wl%randy@psg.com> <2309.1378487864@sandelman.ca> <522A5A45.7020208@isi.edu> <CA2A6416-7168-480A-8CE1-FB1EB6290C77@nominum.com> <522A71A5.6030808@gmail.com> <6DE840CA-2F3D-4AE5-B86A-90B39E07A35F@nominum.com> <CAPv4CP_ySqyEa57jUocVxX6M6DYef=DDdoB+XwmDMt5F9eGn1A@mail.gmail.com> <18992.1378676025@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527BC7A@mbx-01.win.nominum.com> <13787.1378730617@sandelman.ca> <8D23D4052ABE7A4490E77B1A012B63077527C8AB@mbx-01.win.nominum.com> <3CC64F25-183D-4E8D-868F-A0AAC2B2D04F@danyork.org>
In-Reply-To: <3CC64F25-183D-4E8D-868F-A0AAC2B2D04F@danyork.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.1.10]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <A8D0BC3DEC2CD949BA3BB466E4C0112A@nominum.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: IETF discussion list <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 20:17:46 -0000

On Sep 9, 2013, at 4:11 PM, Dan York <dan-ietf@danyork.org> wrote:
> Even in the groups where PGP was (and is) being used, usage is inconsistent in part because people are now accessing their email using different devices and not all of them have easy access to PGP/GPG.  If you receive an encrypted message... but can only read it on your laptop/desktop and not your mobile device, and you are not near your laptop/desktop, how useful is the encryption if you need to read the message?  You have to either wait to get back to your system or ask the person to re-send unencrypted.

It might be worth thinking about why ssh and ssl work so well, and PGP/GPG don't.

On Sep 9, 2013, at 4:09 PM, Brian E Carpenter <brian.e.carpenter@gmail.com> wrote:
> True story: Last Saturday evening I was sitting waiting for a piano
> recital to start, when I overheard the person sitting behind me (who
> I happen to know is a retired chemistry professor) say to his
> companion "Email is funny, you know - I've just discovered that when
> you forward or reply to a message, you can just change the other
> person's text by typing over it! You'd have thought they would
> make that impossible."
> 
> Yes, they should have made that impossible.

Oh my, I _love_ this!   This is actually the first non-covert use case I've heard described, although I'm not convinced that PGP could actually do this without message format tweaks.