Intervengo come parte in causa , nessuno ha pensato all'smime da noi è gratuito qui: https://www.globaltrust.it/pagina.asp. Saluti
Massimo F. Penco
GTI Group, VP Emea
The road to success is always under construction.
www.mfpenco.com Member of www.antiphishing.org
A division of GTI Group Corporation
Italy Contacts Phone +39-0746-685365 Fax +39-0746- 685368
Direct +39-348-2455976 [email protected]
www.globaltrust.it http://www.globaltrust.it/gtnetwork/
Sponsor of www.cittadininternet.org www.cittadininternet.it
Prima di stampare questa mail, pensa all'ambiente ** Think about the
environment before printing
E-MAIL FIRMATA DIGITALMENTE: Questa e-mail, se firmata digitalmente, ha valore
legale ai sensi della normativa vigente, maggiori info.
DISCLAIMER
This message and any information contained within it, including but not limited
to subject matter, addressees and their e-mail addresses and attachments hereto
are intended only for the personal and confidential use of the designated
recipients named herein. Internet communications may not be secure and may be
intercepted,re-directed or spoofed and therefore GlobalTrust does not accept
legal responsibility for the contents of this message unless independently
verified in writing or digitally certified. Any views or options presented are
solely those of the author and do not necessarily represent those of
GlobalTrust unless otherwise specifically stated. You are hereby notified that
if you have received this message in error any review, dissemination,
distribution or copying of this message is unlawful and strictly prohibited,
and you should, with normal business courtesy, immediately notify the sender of
the incident and then destroy this message by deletion and removal from your
Deleted Items folder. Any opinions, explicit or implied, are solely those of
the author and do not necessarily represent those of GlobalTrust group of
companies.
-----Original Message-----
From: matteo filippetto [mailto:[email protected]]
Sent: Monday, June 30, 2014 11:52 AM
To: [email protected]
Subject: Re: [ml] servizio email "sicuro"
Il 27 maggio 2014 20:14, Claudio Telmon <[email protected]> ha scritto:
> On 05/27/2014 09:55 AM, danimoth wrote:
>
>> Mi fa pensare che, per chi non ha PGP, venga usato un segreto che poi
>> verrà memorizzato sul server, e passato al computer client usando SSL.
>> L'approccio rende inusabile il tutto (non è più end-to-end, occorre
>> fidarsi del loro server). E' corretto?
>
> Penso di no. Non ricordo in quale parte del sito, ma mi pare che in
> quel caso prevedano una cifratura simmetrica, in cui il segreto/chiave
> dovrebbe essere concordato fra le due parti mediante un side channel
> (ovvero, si mettono d'accordo prima per telefono). Il che non è in
> contrasto con l'uso, come strumento di cifratura e codifica, di
> openpgpjs. La mia è comunque sempre una speculazione sulla base delle
> info sul sito, non l'ho provato.
>
>
> --
>
> Claudio Telmon
> [email protected]
> http://www.telmon.org
> ________________________________________________________
> http://www.sikurezza.org - Italian Security Mailing List
Ciao,
interessante articolo che magari avete già letto (perchè è parecchio
datato...) riguardo
a come altri servizi di mail sicure (lavabit in particolare) funzionavano
http://highscalability.com/blog/2013/8/13/in-memoriam-lavabit-architecture-creating-a-scalable-email-s.html
http://possibility.com/LavabitArchitecture.html
"Do you use any particularly cool technologies or algorithms?
The way we encrypt messages before storing them is relatively unique.
We only know of one commercial service, and one commercial product that will
secure user data using asymmetric encryption before writing it to disk.
Basically we generate public and private keys for the user and then encrypt the
private key using a derivative of the plain text password. We then encrypt user
messages using their public key before writing them to disk. (Alas, right now
this is only available to paid
users.)
We also think the way our system is architected, with an emphasis on being used
in a cluster is rather unique. We would like to someday release our code as
free software. We haven’t yet because a) we don’t want anyone else building a
competing system using our code, b) while we’ve moved more settings and logic
into a configuration file over the last couple of years, there is still a lot
of logic hard coded, and c) we’ve created the code specifically for Cent OS,
and don’t have the resources to test and support it on other operating systems
right now.
We’ve spent some time looking for a company to sponsor open sourcing the code,
but haven’t found one yet."
Buona giornata
--
Matteo Filippetto
http://www.op83.eu
@matteo_1983
________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List
smime.p7s
Description: S/MIME cryptographic signature
