[Enigmail] Usability issues
Robert J. Hansen
rjh at sixdemonbag.org
Tue Dec 11 16:23:30 PST 2007
LeRoy Cressy wrote:
> This is one of the fallacies that should be addressed.
It is not a fallacy. There is no flaw of logic in the assertion that
"what OpenPGP allows people to do is not the same as what we think
people should do, and people will deliberately do what we think
shouldn't be done, especially if it will facilitate an attack."
> As a member of the Philadelphia Linux Users Group
> http://www.phillylinux.org/keys/ has a simple method of signing keys at
> the end of our monthly meeting.
This works fine as long as people do what they should.
Security engineering requires you consider what happens if people do
what they shouldn't.
> Thus it seems that you can protect what is in the public side of your
> key pair or certificate.
Only if people do what they should, as opposed to what they can.
More information about the Enigmail
mailing list