1 |
On Mon, Dec 28, 2015 at 10:07 AM, Kristian Fiskerstrand <k_f@g.o> wrote: |
2 |
>> On 28 Dec 2015, at 15:58, James Le Cuirot <chewi@g.o> wrote: |
3 |
>> |
4 |
>> On Mon, 28 Dec 2015 09:42:40 -0500 |
5 |
>> Rich Freeman <rich0@g.o> wrote: |
6 |
> |
7 |
>>> And this would be why I don't bother to sign my emails any longer. |
8 |
>>> The FOSS world is still stuck in the days when people ran X11-based |
9 |
>>> MUAs and stored their mail in conventional folders. I've yet to see a |
10 |
>>> decent browser-based MUA or Android client which does signing. |
11 |
>>> Squirrelmail does, but it is really lacking compared to something like |
12 |
>>> Gmail. |
13 |
>> |
14 |
>> I haven't tried the feature myself but K9 Mail, which is highly |
15 |
>> regarded, does it via APG on Android. |
16 |
> |
17 |
> iirc k9 doesnt support PGP/MIME (RFC3156), but some interesting things happening with OpenKeychain |
18 |
> (https://www.openkeychain.org/k-9/ ) in that regard. We actually discussed it a bit during last OpenPGP summit in zurich. |
19 |
> |
20 |
|
21 |
K9 also doesn't support email tagging as far as I'm aware, and I don't |
22 |
believe there is a browser version of it either (I do require an MUA |
23 |
accessible by a browser, as this is how I compose 99% of my emails - I |
24 |
read this email on androids, and am replying from a browser right |
25 |
now). To some extent they can be forgiven for not supporting tagging, |
26 |
as I don't believe IMAP supports it either, so we need standards as |
27 |
well as FOSS clients to make it work. |
28 |
|
29 |
But, it isn't like I'm paying anybody to solve the problem, so we all |
30 |
make do, either living without features or without signatures as the |
31 |
case may be. |
32 |
|
33 |
> The main issue is key storage, though. For signatures you can use a dedicated |
34 |
> signing subkey, however you get in problem with encrypted emails as mobile devices |
35 |
> are not really secure devices and should never have cryptographic material. What could |
36 |
> work in this case is a NFC (or for that matter bluetooth, although it needs to be properly |
37 |
> paired etc etc) channel with a separate device with a separate keychain and display so |
38 |
> you can verify the request, and never actually expose private key material to the cellphone. |
39 |
|
40 |
That concern is hardly unique to phones. PCs suffer just as much from |
41 |
this problem. The solution could potentially be the same. For |
42 |
signing it is a straightforward problem since there is nothing to be |
43 |
kept secret except the key material itself (just send the message to |
44 |
the signing device, and return the signature back). For encryption |
45 |
you have additional challenges if you want to be able to make any use |
46 |
of the plaintext without it getting stolen - once decrypted it is only |
47 |
secure as any device that comes in contact with it. And there is no |
48 |
reason that mobile and browser frameworks couldn't talk to such |
49 |
devices with the right standards. |
50 |
|
51 |
If it were up to me the government would hand out signing devices just |
52 |
as they hand out passports. It seems kind of silly in this day and |
53 |
age that we haven't solved the key-management problem and half of our |
54 |
commerce involves giving 16-digit numbers to everybody we do business |
55 |
with and asking them to keep them secret for us. |
56 |
|
57 |
-- |
58 |
Rich |