[Gpg4win-devel] [Gpg4win-commits] [git] Gpg4win - branch, master, updated. gpg4win-2.1.1-23-g030afe5
Werner Koch
wk at gnupg.org
Thu Jul 11 11:56:56 CEST 2013
On Thu, 11 Jul 2013 10:20, bernhard at intevation.de said:
> From the usabilty view we must have a bigger change of the user to see this.
Bernard, please do a reality check: Virtually nobody is using S/MIME
with Gpg4win. It just does not make sense given that almost all mail
clients support S/MIME naively. The German c't magazine ran several
article and FAQs on how to best configure encryption for everyone. For
example issue 22/2012:
Autonomes Verschlüsseln
Mail-Verschlüsselung mit selbst signierten Zertifikaten
Wer eine zuverlässige Mail-Verschlüsselung für den Privateinsatz
braucht, muss sich nicht auf SSL-Zertifikate von kommerziellen
Anbietern verlassen. Wir zeigen, wie man selbst signierte
S/MIME-Zertifikate auf OS X und Windows 7 mit Bordmitteln erzeugt und
in gängigen Mail-Clients einsetzt.
[How to create and use a self-signed certificate with standard OS X and
Windows 7 tools]
Gpg4win was not even mentioned.
> possibility, please do suggest it. But don't just remove it, this lowers the
> usability of the S/MIME part and throws away the knowledge that took a while
That entirely wrong. The whole information is still prominently
available from the menu.
While thinking about we should even consider to make
--disable-crl-checks the default. They are useless because they don't
solve a real world problem: Average users have no idea on how to report
a compromised certificate so that it will end up in a CRL. OTOH, the
major point of attack are the Root-CAs where a CRL does not help at all.
S/MIME is not usable unless deployed by experts. And some experts may
be able to read a HOWTO.
Salam-Shalom,
Werner
[1] http://www.heise.de/artikel-archiv/ct/2012/22/160_Autonomes-Verschluesseln
(paywall)
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gpg4win-devel
mailing list