[pmmail-list] Feature Request: Encrypt when key present

[John Bridges]

On Thu, 25 Jan 2001 22:12:45 -0800 (PST), Kris Sorem Sr wrote:

>Why be selective? Turn on PGP for all messages if PGP present and bar
>replies to PGP messages if PGP not present. Some users don't use PGP at
>all. Some use it selectively. Some use it all the time.

Because few people have PGP keys for all recipients, in fact I don't know
anyone who has PGP keys for even 1/4 of their recipients.

Always defaulting to on when replying to a PGP'd message is non-intrusive and
intuitive.

>>Simple, but a BRUTAL problem, every week I get back a reply to some
>>confidential message with my full text quoted, and the reply is not encrypted
>>because someone forgot to click on the PGP button....
>
>I believe that PMMail currently lets you view an encrypted message even if
>PGP not present.

Although PMMail for Windows does include a PGP DLL, it's not fully functional
(for instance you cannot create a key).

PMMail for OS/2 must have PGP.EXE, it will not function without PGP, it
includes no PGP code.

>>Credit card numbers, email account logins, personal memos, salary info, root
>>passwords you name it, and I've seen it spilled out into the open, over and
>>over and over!!  All because PMMail always defaults to uncrypted when
>>replying to an encrypted message.
>
>Such sensitive information should be sent as an encrypted attachment. It
>would be more difficult to include it in any reply and inclusion would not
>be by inadvertent failure of the sender to select encryption. Remember
>though that once you transmit such information it is no longer within your
>control.

PGPing of attachments doesn't work in PMMail, it would have to be encrypted
outside. (kind of defeats the whole point of it being integrated into your
mail program).

But again, if PGP reply defaulted to on, this would not be an issue.

>>This has always been my #1 complaint in PMMail, and it's never been fixed,
>>even though the fix is trivial!  What excuse do I get?  Duh, what if the
>>message was from someone you don't have a key for!  Guess what!  You can
>>unclick the PGP button, you get a warning!  You would likely want to get that
>>persons key before replying anyway!  Why would you ever quote a PGP'd message
>>in open text by default!!
>
>Some people never use PGP. If you send an encrypted message to them, they
>can only reply unencrypted or not at all.

Now I'm convinced, you've never used PGP.  At least not with Public Keys, or
with PMMail.




- pmmail-list - The PMMail Dicussion List ---------------------------
To POST to the list, send your message to
pmmail-list@blueprintsoftwareworks.com

To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...

UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------