[Crypto-chi] Follow up on March 14 crypto meeting at PS1
Brian Kroll
brian at fiberoverethernet.com
Thu Apr 23 22:01:56 CDT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi Me Too,
Can you explain what you are referencing?
//Brian
ME TOO:
> I thought someone made it clear. No fucking picture!
>
> On Sat, Apr 11, 2015 at 12:10 AM, joe fuentes
> <joseph.fuentes at live.com> wrote:
>
>> hello All
>>
>> The problem as I see it with using POP3 and stuff like this is
>> that it will clutter up your hard drive. I recall whilst I was
>> an Outlook user, my PST file was approaching its max file size
>> limit. Also there were limits on the size of the mailbox at the
>> server side. When using Earthlink I had to delete a bunch of
>> files on the server simply cuz I was running out of space.
>>
>> These drove me in part to move to webmail. Plus if you download
>> via POP your emails to your email client, such as Outlook or
>> Thunderbird, the messages will disappear from the server, thus
>> inaccessible via webmail. The downloaded emails will only be
>> visible on the device you downloaded it to, most likely a PC. So
>> you want to see those messages from another laptop, a tablet or
>> smartphone - you're out of luck. You'll have to dig up those
>> downloaded messages on the very device you downloaded them to.
>>
>> Making things worse, if you start downloading messages to your
>> tablet or worse yet your smartphone, you'll max out its storage
>> capacity lickety split like if you use K-9 or another email
>> client. on my Asus phablet I'm already facing space issues and
>> I'm not even downloading emails.
>>
>> So for practical terms looks like open source PGP plugins may be
>> our only solution for now unless someone builds a secure webmail
>> system from the ground up that has no opt out for encryption. The
>> trick there for its widespread adoption is that is must be easy
>> to use.
>>
>> Thoughts anyone?
>>
>> Joe
>>
>> Crypto-chi] Follow up on March 14 crypto meeting at PS1
>>>
> "Whilst usingplug ins like enigmail for Thunderbird is great and
> everything , we need to be cognizant touhhat quite often we are
> using
>>>
> webmail of one sort or another."
>
> Most, if not all web-mail providers give you mailbox access via
> POP3, or IMAP protocols which you can use with Thunderbird keeping
> the content both plaintext and encrypted on your local system which
> is more secure then browser based applications.
>
> "Especially for those of on our mobile devices."
>
> On Android, there is K-9 Mail and OpenKeyChain-- both work quite
> well, but as I said in my talk mobile platforms are severely broken
> in many ways. I would not store my private keys on a mobile phone
> ever. Mobile devices are very easy to loose too.
>
> "Fortunately there are various bowser extensions that facilitate
> this. For gpg we can count on the following..."
>
> Counting on software that has not passed community audits by
> security professionals or professional cryptographers is dangerous
> and should be avoided for sensitive use.
>
> "Google has yet to release its own Chrome plug in"
>
> I'm looking forward to this project, however I do wonder what
> Google will do to continue scanning your email to serve you ads
> based on the content so they can make money.
>
> "It's alpha not yet ready for prime time.."
>
> Don't trust early stage software especially new crypto to
> sensitive needs, it may harm you.
>
> "..don't know wot's taking them so long."
>
> Strong cryptography, and good code is not a rush job as any
> oversight can possibly compromise the security of the project in
> turn your safety.
>
> "Even Windows has support for GPG through VisualGPF."
>
> "..Windows app that does key management stuff like sign, decrypt
> and key maintenance. It's GUI based so you don't have to use the
> CLI to perform these tasks."
>
> GPG4Win has a nice interface and support for Windows.
>
> http://www.gpg4win.org/
>
> "...even MS Outlook has its own GnuPG plugin. Though there are
> some grumblings about Outlook being closed source, I think this can
> overcome that objection."
>
> Just using a plug-in that is open source does not make the client
> less susceptible to compromise. This plug-in is also not written by
> Microsoft.
>
> ".. let's not forget our smartphones. Chatsecure, Textsecure,
> Redphone.."
>
> Yes, you should use all of these! They use strong crypto and have
> been audited by professionals. 10/10!
>
>
>
> All the best,
>
> -Brian
>>> _______________________________________________ cryptoparty-chi
>>> mailing list cryptoparty-chi at groups.sshchicago.org
>>> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>>
>> _______________________________________________ cryptoparty-chi
>> mailing list cryptoparty-chi at groups.sshchicago.org
>> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>>
>>
>
>
>
> _______________________________________________ cryptoparty-chi
> mailing list cryptoparty-chi at groups.sshchicago.org
> http://groups.sshchicago.org/listinfo/cryptoparty-chi
>
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJVObIcAAoJEFjBjkteF9VaPNcP/2ZF13qlzmH25/cRa+fdwK1G
NJXJO4/asUNr9qk0Bxcx92aFiTzLd+h0CYwGMleusW+He5DnJ7pmGO+we4pG8/1a
/DjIoc1I8f/44gjxHAHqfzhcidPeeLW/dKkJ5vTrCVm21zAUE6Vkry9RgV5cbAJA
O/3PnbQd6tBWDdj/iXjcz5XsNIkUZ+kxgjIYI4FxWZKHIASFV4kKacZRxSTBqm22
WwU3pa5JmI7uV7NBIBYybfwBCzZwKQfM0W4wMatxoB+J8GQCrj6ynuevzIV0rG2n
P/9Jx3RZOL3snvKbomDP0e3MXv6F/4gVSio5y6luHmWoTe9m+GqPYEfjDhhm4d2Q
p47ADDIFEVWXpjfQB72NS/+Gro20mRfstuknL+C82IzMMSX3/yxGBV6gx7ySKJZL
lkgSCySRkNdCWxQEWrfijq/FNjeVJYtoV7iNfaFte+Im4gsYBYUf2rcYxw1GLzAY
qBJEXyrQhlEhhqNHeRr88i4KaxJIUdKpXX/aGg3O7Y4PM9E0xSxks4wVj3tOjvUf
c6ajlswU18UWIs3QUniahmryPxbNxFKpWeZt6LyrmnLQNmPM3B0lskQtyUw9EiQU
TZ9MCIh5U63ZqPfwzf4RjRD/jNdB1D7dPE8LdTbybKCcIZPDzbcf8QyE0aqZVwah
rpRONoYe5Ha9yvN2tKsr
=mecl
-----END PGP SIGNATURE-----
More information about the cryptoparty-chi
mailing list