Message: previous - next
Month: April 2018

Re: Re: Kmail-TDE-PM-pgp

From: deloptes <deloptes@...>
Date: Mon, 30 Apr 2018 16:07:47 +0200
William Morder wrote:

> The point is that not even the admins on ProtonMail can read the content
> of emails, or anything stored on their servers.
> This is unlike Gmail (for example), who also use SSL and TLS, but
> obviously they have some kind of automated way to read the content of our
> emails and know who are all our correspondents.

so let us take this important argument: when server sends mail, you
automatically know where it goes to - how would this happen if you don't
know the correspondents.
It would be enough to use a server under your control, so that only you know
where it goes. I am not aware that there is a way to send to recipient,
without knowing who the recipient is.
Perhaps imagine the standard post system - you put the address on the
envelope. Google as a postman is a b*tch that opens and reads your mail,
but if it is encrypted, they still will not be able to read it without your
or the recipients private key.

I still do not get the point here.

> And I don't imagine that my Zoho account (or any other) is much better in
> that regard. Zoho is better only in that they do not bother me with
> useless hoops to keep jumping through; whereas in the case of Gmail, I
> kept getting shut out of my own accounts, merely because I sometimes
> logged in from different locations.

A domain costs 10-20 US$/year - a dedicated service for this domain about
100, so if it is important to you to have secure communication channel, you
simply pay it and use it. If it is for free, then it comes on much higher
cost - because you sell your data.

>> This is the point. When you really want to trust someone, you probably
>> would meet him/her and exchange keys face to face.
> This is super-paranoid, yet also correct. I have various tricks for
> communicating, which do not depend on anything to do with computers or
> networks, but rather use items in the real physical world. (This is just
> for communicating in case of an emergency, when other means are not
> trusted.)
> I just want to be sure that some of my friends, who live in places that
> are more dangerous than the US, UK or EU, do not suddenly disappear. What
> may seem perfectly innocent here is not necessarily perceived in the same
> way where they live.

So you think US, UK, EU is more secure? I doubt it - it is everywhere the
same. The participated illusion of safety is higher, but nothing else.

> Well, at least your email came through here as an encrypted message. But
> yes, it makes no sense to use encryption for the mailing list (except for
> testing purposes, which is what I meant). All our messages here are
> published online, for anybody anywhere to read.

not encrypted, but signed - there is a difference ;-)

> I have generated my key, but somehow or other Kmail doesn't want to send
> when it is signed and/or encrypted.

I don't get it - this has no will on it's own. You need to configure knode -
it took me a while to get it. Not the general config, but for the specific
account - under identity - when you set your key there, it should work.

In kmail it is under security and it is only for mail. I am also not sure if
Slavek released the kgpg with gnupg2, or it is still somewhere in
development, but we cleaned up a bit there as well.
Anyway I was looking recently into this knode/kmail because I noticed that
knode does not process messages when they are composed as mime
encrypted/signed the same way as it does, when they are p/gpg signed, but
kmail does process such messages. It was quite of an adventure. It smells
like development work to do.