On Jan 10, 2020, at 2:36 PM, Paul Heinlein wrote:
>
> On Fri, 10 Jan 2020, John Sechrest wrote:
>
>> Since the keys are a security issue on several fronts, it would be wise to
>> keep it as a separate service that you can maintain with somewhat high
>> security monitoring.
>
> And here's the
On Fri, 10 Jan 2020, John Sechrest wrote:
Since the keys are a security issue on several fronts, it would be
wise to keep it as a separate service that you can maintain with
somewhat high security monitoring.
And here's the rub. Identity assurance is a hard problem to solve.
That's one of th
I've had a Protonmail account (paid) since they started. Encryption aside,
it's nice to just have an account where your emails are not being read to
serve up custom advertising. The problem with Protonmail is although they
are in Switzerland the U.S. Can still seize theur servers due to Verisign
b
Just to be clear, I was not suggesting that DNS be the mechanism, just that
there was a dns-like service that drove the process.
Mail servers could run this service.
However, they would not have to.
Since the keys are a security issue on several fronts, it would be wise to
keep it as a separate
I do not think DNS is the correct kitchen sink for user's public key
distribution. The infrastructure and service costs would not be scalable.
Email servers are the obvious target for this - it is distributed, owner
bears costs and does not need middle man.
Just my 2c,
Tomas
On Fri, Jan 10, 2020
If you had a key registry of some kind, then just like DNS gives you an IP
number for a name, you could get a key for a user, and you would have a
mechanism for sharing the encryption as it changes. Since you articulated
earlier that my keys are likely going to be changing over time. So then I
need
On Fri, 10 Jan 2020, John Sechrest wrote:
I have the feeling that the PGP process is not more widely adopted because
of the user experience. You have to go out of your way to get things up and
going. And then you have to be attentive.
It would be interesting to take this "idea toolchain" and co
>
> Beyond all that is the problem of data retention. It's likely that a
> secure system will encourage key expiration, if for no other reason
> than to keep moving away from once-secure techniques that become
> insecure due to increased computing power, clever algorithm
> developments, or whatever
I have the feeling that the PGP process is not more widely adopted because
of the user experience. You have to go out of your way to get things up and
going. And then you have to be attentive.
It would be interesting to take this "idea toolchain" and come at it from a
perspective of the user exper
>
> The ideal toolchain would I think be something like this.
>
> 1. End users generate a keypair (ala PGP) and publish public keys.
> 2. Bob uses MUA-level hooks to encrypt body of message using
> Carol's public key, signing the message with his private key.
> 3. MUA submits message to MTA using T
On Fri, 10 Jan 2020, Rich Shepard wrote:
On Fri, 10 Jan 2020, Paul Heinlein wrote:
The ideal toolchain would I think be something like this.
1. End users generate a keypair (ala PGP) and publish public keys.
2. Bob uses MUA-level hooks to encrypt body of message using Carol's
public key, si
On Fri, 10 Jan 2020, Paul Heinlein wrote:
The ideal toolchain would I think be something like this.
1. End users generate a keypair (ala PGP) and publish public keys.
2. Bob uses MUA-level hooks to encrypt body of message using Carol's
public key, signing the message with his private key.
3.
On Fri, 10 Jan 2020, Rich Shepard wrote:
On Thu, 9 Jan 2020, Ben Koenig wrote:
Ideally, end-to-end encryption will become an industry standard, meaning
all email clients will agree to implement it. Until that happens,
universal encryption on all platforms and devices will not be possible.
Is
On Thu, 9 Jan 2020, Ben Koenig wrote:
Ideally, end-to-end encryption will become an industry standard, meaning
all email clients will agree to implement it. Until that happens,
universal encryption on all platforms and devices will not be possible.
Is this end-to-end encryption implemented at
And if you're not familiar with or don't understand how Swiss privacy laws
benefit you, here's some info.
https://protonmail.com/blog/yahoo-us-intelligence/
Not too mention that they talk about Big Data & Surveillance Capitalism
right on their web site. They even directly link to Shoshana Zuboff'
>
> Protonmail is only encrypted if both parties communicating, are using
> Protonmail. If you use Protonmail to communicate with someone not using
> Protonmail, it is not encrypted.
>
These statements are incorrect.
"We support sending encrypted communication to non-ProtonMail users via
symmet
Protonmail is definitely email and not IM, but there are some educational
problems regarding PGP encryption. End-to-End encryption only works when
both parties agree to a standard protocol. if the way you encrypt your data
does not match the way I decrypt, it falls apart. Protonmail is misleading
i
Protonmail is a great service, as long as you keep in mind that it's more
like an encrypted instant messaging service than email. The reason I say
that is because, as I understand it, Protonmail is only encrypted if both
parties communicating, are using Protonmail. If you use Protonmail to
commun
On Wed, Jan 08, 2020 at 05:13:46PM -0800, Rich Shepard wrote:
> Free email account sign up - ProtonMail
> [Search domain protonmail.com/signup] https://protonmail.com/signup
> Select Your ProtonMail Account Type. ProtonMail is a free email service for
> the public good. You can help support online
19 matches
Mail list logo