Subject: A better approach to security
List archive
- From: "Pim Veld" <pim.veld AT hetnet.nl>
- To: <cacert AT lists.cacert.org>
- Subject: Re: E-Mail Security Blog Post
- Date: Tue, 21 Aug 2012 23:15:41 +0200
Hello Don,
I have read your blog-post.
In principle you are right. If someone with a network sniffer monitors your
network line at the right time he/she can see your mail password. And not only
your password but also the whole contents of your email. That is not a very
likely event unless it is worth a lot for someone to learn you ‘secrets’. The
same is true for anybody with sufficient rights on the in-between mail servers
relaying the message. Fortunately most people with sufficient rights have busy
jobs and not enough time (nor reason) to go specifically after you.
This is true since the beginning of e-mail and I see no special reason now
to go mad about the plain text password. And certainly not blame Roadrunner
because mail servers with encoded passwords are a very small minority. In fact I
would sooner be worried about paranoia government-body’s reading my mail.
If you are worried about ‘third parties’ reading your e-mail than it is a
very good idea to encode it. The decoding can only be done on the computer
containing the right certificate and so you are certain that nobody can read it
under way. It’s not complicated, it only involves (apart from getting the
certificates – from CaCert for example) a few mouse-clicks.
But to my surprise I read in your blog:
“Oh, sure, you can use tools like GPG or PGP to encrypt your e-mail
messages. Apparently, though, that stuff is only for paranoid geeks and
spies. After all, how frequently do you exchange encrypted e-mail messages
with your family and friends. And, if you are silly enough to suggest
encrypting e-mail messages, you will probably be considered paranoid, if nothing
else.”
And therefore I wonder why you are looking for support from us ”silly
paranoid geeks and spies”.
Finally, if you are so worried about your plain text password, why don’t
you use Gmail exclusively. Gmail also works with local clients and there is no
need to use Roadrunners email service at all.
Kind regards,
Pim Veld.
-
E-Mail Security Blog Post,
Don Parris, 08/21/2012
-
Re: E-Mail Security Blog Post,
Pim Veld, 08/21/2012
-
Re: E-Mail Security Blog Post,
Faramir, 08/22/2012
-
Re: E-Mail Security Blog Post,
Don Parris, 08/22/2012
-
Re: E-Mail Security Blog Post,
Arno Welzel, 08/22/2012
- Re: E-Mail Security Blog Post, Pete Stephenson, 08/22/2012
-
Re: E-Mail Security Blog Post,
Arno Welzel, 08/22/2012
-
Re: E-Mail Security Blog Post,
Don Parris, 08/22/2012
-
Re: E-Mail Security Blog Post,
Faramir, 08/22/2012
-
Re: E-Mail Security Blog Post,
Pim Veld, 08/21/2012
Archive powered by MHonArc 2.6.24.