Pegasus Mail & Mercury

Welcome to the Community for Pegasus Mail and
The Mercury Mail Transport System, the Internet's longest-serving PC e-mail system!
Welcome to Pegasus Mail & Mercury Sign in | Join | Help
in
Home Blogs Forums Downloads Pegasus Mail Overview Mercury Overview Wiki

PMPGP / OpenPGP security issues?

Last post 09-26-2019, 2:27 by Euler GERMAN. 7 replies.
Sort Posts: Previous Next
  •  08-26-2019, 13:39

    PMPGP / OpenPGP security issues?

    Hi Michael,
    are the recently reported security issues on OpenPGP of any relevance to PMPGP?
    (perhaps because of using some dlls on both?)

    I only ask for assurance that it's not a problem.

    Stefan  aka  PMAIL NINJA

     
    --
    Lyssa Deradi : "Did they live happily every after?"
    [Babylon5, In the Beginning]

     

  •  09-22-2019, 21:43

    • idw is not online. Last active: Thu, Oct 17 2019, 21:57 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,330
    • BetaTeam

    Re: PMPGP / OpenPGP security issues?

    Pmail Ninja:
    I only ask for assurance that it's not a problem.

    There have been so many reports (unfortunately only in German) about security issues with OpenPGP recently that security experts even recommend to completely drop it and replace it with other solutions (except for email). I don't think this is the answer you wanted to read, is it? And yes, all OpenPGP implementations are affected by all of this, PMGP depends on PGP (i.e. Symantec) with regard to fixes. But since I haven't updated PMPGP to work with the most recent versions of PGP anyway for several years it certainly will stay affected no matter what Symantec did inbetween at all. I'm sorry to say this, but my living conditions simply didn't allow for staying up-to-date with regard to PGP and S/MIME ...


    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 94 c6 b4 71 0c 62 30 88 a5 b2 77 01 74 2b 86 66 3b 7e 65 7c
  •  09-23-2019, 15:25

    Re: PMPGP / OpenPGP security issues?

    To put this at first: I'm NOT a pgp expert at all.

    Hi Michael,
    thanks for your answer.
    But I'm still puzzeled.

    I did read the "Latacora" article (thanks for the link), where this text about email encryption popped up:
    "Encrypting email is asking for a calamity. Recommending email encryption to at-risk users is malpractice. Anyone who tells you it’s secure to communicate over PGP-encrypted email is putting their weird preferences ahead of your safety."

    So, what does this mean for us Pmail users?
    If the (any) pgp use is quite dangerous, your PGP Pmail-AddOn shouldn't be offered anymore. Should it?
    (Or at least there should be explicit warnings at the download page.)

    When You say: "But since I haven't updated PMPGP ... for several years", what's about Your 04-18-2018 post:
    http://community.pmail.com/forums/thread/49019.aspx

    And -not to bother You- is Your SIG still appropriate, if PMPGP shouldn't be used anymore?

    Stefan  aka  PMAIL NINJA

    --
    First of all Pooh said to himself:
    'That buzzing-noise means something. You don't get a buzzing-noise like that, just buzzing and buzzing, without its meaning something.' 
    [Winnie-the-Pooh, Chapter 1]

    Filed under:
  •  09-23-2019, 23:04

    • idw is not online. Last active: Thu, Oct 17 2019, 21:57 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,330
    • BetaTeam

    Re: PMPGP / OpenPGP security issues?

    Pmail Ninja:
    When You say: "But since I haven't updated PMPGP ... for several years", what's about Your 04-18-2018 post:

    http://community.pmail.com/forums/thread/49019.aspx

    And -not to bother You- is Your SIG still appropriate, if PMPGP shouldn't be used anymore?

    That was just for maintenance purposes of still existing users. PMPGP is simply obsolete since it does not work anymore with up-to-date PGP versions which also means that it doesn't work in strictly 64-bit environments and certainly not on Windows 10 which we all will be forced to use from next year on if we want to be really safe. And with really safe I mean people living under life threatening conditions which certainly have found more secure ways of communiction not only recently (such as TOR browser and messengers like Signal, e.g.).

    There would be better ways for using encryption in Pegasus Mail but ther is a very important precondition: Pegasus Mail v5 with its cleaner interface and better integration of encryption. I've already suggested to make Pegasus Mail become a part of the Autocrypt project and David Harris agreed in doing so (that was almost two years ago). He is also integrating S/MIME support directly into Pegasus Mail v5. The only remaining question is how long it will take until we'll get to see any of this in real life. And, BTW: There's absolutely no interest in PGP or S/MIME anymore since years, you're the only one, so what for should I do anything with regard to maintaining support and development or even public statements? You can be sure I'm trying to stay up-to-date with what's going on in this field, but since email lost very much of its importance in general it might be a lost case anyway to put too much energy into it. Here's what Bruce Schneier says about PGP, and he's one of the best security specialist not only with regard to IT - just if you're interested in some modern insights.


    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 94 c6 b4 71 0c 62 30 88 a5 b2 77 01 74 2b 86 66 3b 7e 65 7c
  •  09-23-2019, 23:07

    • idw is not online. Last active: Thu, Oct 17 2019, 21:57 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,330
    • BetaTeam

    Re: PMPGP / OpenPGP security issues?

    OK, since I'm now subject to moderation (I wonder which one of my words triggered it?) I cannot provide the promised links where I intended to, so here they come in a separate post:

    1. Autocrypt;
    2. Bruce Schneier, No1 (2016) & No2 (2018).
     
    Does anyone care?

    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 94 c6 b4 71 0c 62 30 88 a5 b2 77 01 74 2b 86 66 3b 7e 65 7c
  •  09-24-2019, 19:31

    Re: PMPGP / OpenPGP security issues?

    The links behind "no.1" and "no.2" are identical. But anyway.
    Thanks. And it's done.

     Stefan  aka  PMAIL NINJA

     
    --
    Franklin: "Excuse me, where I come from, one man from three leaves two."
    Marcus: "Where I come from is a far more interesting place."
    [Babylon5, Exogenesis]

  •  09-25-2019, 17:10

    • idw is not online. Last active: Thu, Oct 17 2019, 21:57 idw
    • Top 10 Contributor
    • Joined on 03-25-2007
    • Germany
    • SuperStar
    • Points 47,330
    • BetaTeam

    Re: PMPGP / OpenPGP security issues?

    Pmail Ninja:

    The links behind "no.1" and "no.2" are identical. But anyway.

    Sorry, corrected, it's a good one titled "Giving Up on PGP" ... (No.1)

    Michael

    --
    PGP Key ID (RSA 2048): 0xC45D831B
    PGP Plugin for Pegasus Mail: <http://www.pmpgp.de/pmpgp/>
    S/MIME Certificate Fingerprint: 94 c6 b4 71 0c 62 30 88 a5 b2 77 01 74 2b 86 66 3b 7e 65 7c
  •  09-26-2019, 2:27

    Re: PMPGP / OpenPGP security issues?

    I think is worth mention that I found Pegasus Mail because I was after an e-mail client that could work with PGP. I'm a big fan of both. Maybe that's why I found the post at https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html much more palatable than that from Bruce Schneier. Note that I said "palatable". I'm in no way to contradict Bruce's expertise, but I prefer to disagree.

    So let's wait for v5 encryption solutions in some future time, hoping not too future.


    Best,
    Euler

    euler f german
    sete lagoas, mg, brazil
    Pegasus Mail 4.73.639 - Windows 7 Ultimate
    BearHTML 4.9.9.6 IERenderer 2.6.2.12
    Operating mode: Standalone
    WINPMAIL.EXE directory: c:\pmail\programs
    Home mailbox location: c:\pmail\mail\german
View as RSS news feed in XML

Contact | Advertise | Host provider: PraktIT | Terms of Use | Privacy Statement
Copyright © 2007-2011 David Harris / Peter Strömblad. | Pegasus Mail Home Page