[quote user="Euler GERMAN"]I think is worth mention that I found Pegasus Mail because I was after an e-mail client that could work with PGP. I'm a big fan of both. Maybe that's why I found the post at https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html much more palatable than that from Bruce Schneier. Note that I said "palatable". I'm in no way to contradict Bruce's expertise, but I prefer to disagree.[/quote]

Well, that's from three years ago, a pretty long time with regard to Internet and cryotography developments, and things haven't been getting better since then, unfortunately ... we would really need someone or something as good as Phil Zimmermann and his (mostly unknown) co-workers when PGP started its world wide distribution in 1991.

Hi Michael,
are the recently reported security issues on OpenPGP of any relevance to PMPGP?
(perhaps because of using some dlls on both?)

I only ask for assurance that it's not a problem.

Stefan  aka  PMAIL NINJA

 
--
Lyssa Deradi : "Did they live happily every after?"
[Babylon5, In the Beginning]

[quote user="Pmail Ninja"]I only ask for assurance that it's not a problem.[/quote]

There have been so many reports (unfortunately only in German) about security issues with OpenPGP recently that security experts even recommend to completely drop it and replace it with other solutions (except for email). I don't think this is the answer you wanted to read, is it? And yes, all OpenPGP implementations are affected by all of this, PMGP depends on PGP (i.e. Symantec) with regard to fixes. But since I haven't updated PMPGP to work with the most recent versions of PGP anyway for several years it certainly will stay affected no matter what Symantec did inbetween at all. I'm sorry to say this, but my living conditions simply didn't allow for staying up-to-date with regard to PGP and S/MIME ...

To put this at first: I'm NOT a pgp expert at all.

Hi Michael,
thanks for your answer.
But I'm still puzzeled.

I did read the "Latacora" article (thanks for the link), where this text about email encryption popped up:
"Encrypting email is asking for a calamity. Recommending email encryption to at-risk users is malpractice. Anyone who tells you it’s secure to communicate over PGP-encrypted email is putting their weird preferences ahead of your safety."

So, what does this mean for us Pmail users?
If the (any) pgp use is quite dangerous, your PGP Pmail-AddOn shouldn't be offered anymore. Should it?
(Or at least there should be explicit warnings at the download page.)

When You say: "But since I haven't updated PMPGP ... for several years", what's about Your 04-18-2018 post:
http://community.pmail.com/forums/thread/49019.aspx

And -not to bother You- is Your SIG still appropriate, if PMPGP shouldn't be used anymore?

Stefan  aka  PMAIL NINJA

--
First of all Pooh said to himself:
'That buzzing-noise means something. You don't get a buzzing-noise like that, just buzzing and buzzing, without its meaning something.' 
[Winnie-the-Pooh, Chapter 1]

[quote user="Pmail Ninja"]When You say: "But since I haven't updated PMPGP ... for several years", what's about Your 04-18-2018 post:

http://community.pmail.com/forums/thread/49019.aspx

And -not to bother You- is Your SIG still appropriate, if PMPGP shouldn't be used anymore?[/quote]

That was just for maintenance purposes of still existing users. PMPGP is simply obsolete since it does not work anymore with up-to-date PGP versions which also means that it doesn't work in strictly 64-bit environments and certainly not on Windows 10 which we all will be forced to use from next year on if we want to be really safe. And with really safe I mean people living under life threatening conditions which certainly have found more secure ways of communiction not only recently (such as TOR browser and messengers like Signal, e.g.).

There would be better ways for using encryption in Pegasus Mail but ther is a very important precondition: Pegasus Mail v5 with its cleaner interface and better integration of encryption. I've already suggested to make Pegasus Mail become a part of the Autocrypt project and David Harris agreed in doing so (that was almost two years ago). He is also integrating S/MIME support directly into Pegasus Mail v5. The only remaining question is how long it will take until we'll get to see any of this in real life. And, BTW: There's absolutely no interest in PGP or S/MIME anymore since years, you're the only one, so what for should I do anything with regard to maintaining support and development or even public statements? You can be sure I'm trying to stay up-to-date with what's going on in this field, but since email lost very much of its importance in general it might be a lost case anyway to put too much energy into it. Here's what Bruce Schneier says about PGP, and he's one of the best security specialist not only with regard to IT - just if you're interested in some modern insights.

OK, since I'm now subject to moderation (I wonder which one of my words triggered it?) I cannot provide the promised links where I intended to, so here they come in a separate post:

1. Autocrypt;
2. Bruce Schneier, No1 (2016) & No2 (2018).

The links behind "no.1" and "no.2" are identical. But anyway.
Thanks. And it's done.

 Stefan  aka  PMAIL NINJA

 
--
Franklin: "Excuse me, where I come from, one man from three leaves two."
Marcus: "Where I come from is a far more interesting place."
[Babylon5, Exogenesis]

[quote user="Pmail Ninja"]

The links behind "no.1" and "no.2" are identical. But anyway.[/quote]

I think is worth mention that I found Pegasus Mail because I was after an e-mail client that could work with PGP. I'm a big fan of both. Maybe that's why I found the post at https://www.mailpile.is/blog/2016-12-13_Too_Cool_for_PGP.html much more palatable than that from Bruce Schneier. Note that I said "palatable". I'm in no way to contradict Bruce's expertise, but I prefer to disagree.

So let's wait for v5 encryption solutions in some future time, hoping not too future.