Comments on: Encryption tutorial for Mail.app http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/ Tips and add-ons to make Apple Mail / Mail.app even better Fri, 09 Jan 2009 04:28:21 +0000 http://wordpress.org/?v=2.5.1 By: TenaciousMC http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-141155 TenaciousMC Wed, 16 May 2007 18:59:36 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-141155 I've read that the certificate is only good for the computer it was issued on. Does this mean that I can't use it on another Mac with the same user profile and settings? I was able to sync my keychain between 2 Macs using .Mac and see my public/private keys on the other Mac's keychain. Should it still be able to work on the other Mac? I would like to be able to encrypt/sign email from a portable Mac when I'm away from home. Thanks! I’ve read that the certificate is only good for the computer it was issued on. Does this mean that I can’t use it on another Mac with the same user profile and settings? I was able to sync my keychain between 2 Macs using .Mac and see my public/private keys on the other Mac’s keychain. Should it still be able to work on the other Mac? I would like to be able to encrypt/sign email from a portable Mac when I’m away from home. Thanks!

]]> By: Michael http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-107240 Michael Sun, 18 Mar 2007 10:15:12 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-107240 PGP is another nice option, but it won't interface it with Mail. Sente's have written a plugin: http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html But, as they say, it taps into a "private internal API", so it's not an ideal solution. There's also a little more for the user to do in setting up PGP; and there's a passphrase to remember. I don't know that the latter is too great a handicap, since if you follow one recommendation and make up a "shocking nonsense" phrase - http://www.informationweek.com/management/showArticle.jhtml?articleID=164303537&pgno=2&queryText= - you can have a very long but quite memorable passphrase. Lines out of Lewis Caroll or Lear are probably memorable partly _because_ they're nonsensical. Similarly, you're not likely to forget a silly sentence you make up (not that you shouldn't write it down and lock it away somewhere). PGP is another nice option, but it won’t interface it with Mail. Sente’s have written a plugin:

http://www.sente.ch/software/GPGMail/English.lproj/GPGMail.html

But, as they say, it taps into a “private internal API”, so it’s not an ideal solution.

There’s also a little more for the user to do in setting up PGP; and there’s a passphrase to remember. I don’t know that the latter is too great a handicap, since if you follow one recommendation and make up a “shocking nonsense” phrase -

http://www.informationweek.com/management/showArticle.jhtml?articleID=164303537&pgno=2&queryText=

- you can have a very long but quite memorable passphrase. Lines out of Lewis Caroll or Lear are probably memorable partly _because_ they’re nonsensical. Similarly, you’re not likely to forget a silly sentence you make up (not that you shouldn’t write it down and lock it away somewhere).

]]> By: Peter http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-104953 Peter Wed, 14 Mar 2007 17:20:21 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-104953 I went ahead and wrote a short write up on installing GnuPG and all its other goodies in Mail.app... I personally prefer GnuPG for my email encryption... since its based on PGP a lot of people are familiar with it. In any case my short write up is <a href="http://www.threehorsemen.org/2007/03/14/gnupg-and-mailapp-plus-other-assorted-gnupg-goodies/" rel="nofollow">here</a>. I went ahead and wrote a short write up on installing GnuPG and all its other goodies in Mail.app… I personally prefer GnuPG for my email encryption… since its based on PGP a lot of people are familiar with it. In any case my short write up is here.

]]> By: Gibbons Burke http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-99312 Gibbons Burke Fri, 09 Mar 2007 19:06:53 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-99312 My only problem using encryption is that some of my correspondents have mail systems that don't know S/MIME from a hole in the ground, and in some case are openly hostile to them - treating them as potential malware. In other cases, posting a 'signed' message to some mailing lists will munge the message so the recipient sees a warning about a possible man in the middle attack, which is perfectly justified - it's doing exactly what a signed message is intended to do - let the user know the message has been tampered with en route to the destination. So, given the current technological reality, it would be great if Apple Mail would allow you to specify signature and encryption preferences on a per user basis. Currently Mail defaults to the setting for your most recent email sent. That way if I'm sending an email to a Yahoo Group or a Google Group mailing list it will be sent unsigned. To recipients whose certificates I have it would automatically encrypt those messages, etc. IF I know that so and so uses a particularly brain-dead version of some mail program that doesn't recognize them, or folks who don't understand the technology and think it is suspicious, I can elect not to sign messages to them - but I'd like to be able to make that determination once and not have to remember to change my encryption settings with each email I send. My only problem using encryption is that some of my correspondents have mail systems that don’t know S/MIME from a hole in the ground, and in some case are openly hostile to them - treating them as potential malware.

In other cases, posting a ’signed’ message to some mailing lists will munge the message so the recipient sees a warning about a possible man in the middle attack, which is perfectly justified - it’s doing exactly what a signed message is intended to do - let the user know the message has been tampered with en route to the destination.

So, given the current technological reality, it would be great if Apple Mail would allow you to specify signature and encryption preferences on a per user basis. Currently Mail defaults to the setting for your most recent email sent. That way if I’m sending an email to a Yahoo Group or a Google Group mailing list it will be sent unsigned. To recipients whose certificates I have it would automatically encrypt those messages, etc.

IF I know that so and so uses a particularly brain-dead version of some mail program that doesn’t recognize them, or folks who don’t understand the technology and think it is suspicious, I can elect not to sign messages to them - but I’d like to be able to make that determination once and not have to remember to change my encryption settings with each email I send.

]]> By: jrk http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-97897 jrk Fri, 09 Mar 2007 00:02:20 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-97897 I used just such a setup for some time, but found that some servers -- notably, I believe, some Exchange configurations (all of Nokia, for example) -- filtered the 100% of Mail.app S/MIME-signed messages as likely virus/spam. In a time when it's already worrying enough, wondering if your messages are ever arriving at the intended recipient, having unexpected per-recipient (rather than per-message) black holes is much worse, still. Has anyone had any better luck or noticed if this issue has generally been resolved? I used just such a setup for some time, but found that some servers — notably, I believe, some Exchange configurations (all of Nokia, for example) — filtered the 100% of Mail.app S/MIME-signed messages as likely virus/spam. In a time when it’s already worrying enough, wondering if your messages are ever arriving at the intended recipient, having unexpected per-recipient (rather than per-message) black holes is much worse, still.

Has anyone had any better luck or noticed if this issue has generally been resolved?

]]> By: Elwing http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-96930 Elwing Thu, 08 Mar 2007 14:53:40 +0000 http://www.hawkwings.net/2007/03/08/encryption-tutorial-for-mailapp/#comment-96930 One thing I'll warn people about if they really get into using (S/MIME) encrypted e-mail is a "bug" in Tiger. In order to check the revocation information of the certificate, Tiger downloads CRLs into a local database for caching. Only problem is that it doesn't clear this cache, and after a year (or so) of using certificates, it will appear that Mail is crawling. The solution to this is to run /usr/bin/crlrefresh r p on a "regular" basis. I have it in my /etc/weekly.local file because I use certificates so much, but it could probably go in monthly.local just as easily (or run manually from time to time). One thing I’ll warn people about if they really get into using (S/MIME) encrypted e-mail is a “bug” in Tiger. In order to check the revocation information of the certificate, Tiger downloads CRLs into a local database for caching. Only problem is that it doesn’t clear this cache, and after a year (or so) of using certificates, it will appear that Mail is crawling. The solution to this is to run
/usr/bin/crlrefresh r p
on a “regular” basis. I have it in my /etc/weekly.local file because I use certificates so much, but it could probably go in monthly.local just as easily (or run manually from time to time).

]]>