[NZLUG] Getting people to use GPG (was: Email Server)

Robin Sheat robin at kallisti.net.nz
Wed Jun 19 11:59:24 NZST 2013


Nevyn schreef op wo 19-06-2013 om 11:02 [+1200]:
> I'm one of those people who refuses to do it because it's a huge
> sacrifice to usability. The need for a local email client and
> configuring that, figuring out certificates and the like and expecting
> everyone else around me to also be doing the same. That compared to
> logging onto a webpage (independent of the machine I'm on) and signing
> in...

Well then use a webmail client that supports it. Unfortunately this does
seem to be one of those areas where security and usability push against
each other a fair bit.

I use it when sending credentials, or if I'm sending to someone else who
uses it. A mail client I used to use (kmail I think) would tell me if I
had the keys for all the recipients of my email, so it was a bit more
opportunistic. However, evolution doesn't seem to do that (or I haven't
found the option.)

It does concern me a bit that people expect me to send things like
credit card numbers or usernames and passwords over unsecured emails.
Fortunately where I work has GPG built into parts of the
infrastructure*, so it's normal for people to be able to use it.

Robin.

* e.g. if you're given access to a server, it'll automatically email
your account details to you in a GPG-encrypted email, and they're also
stored in your home directory as 'password.txt.gpg'.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.nzoss.org.nz/pipermail/nzlug/attachments/20130619/17df6f1c/attachment.pgp>


More information about the NZLUG mailing list