[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cp-global] Up-to-date material for email encryption


Hei folks,

I've to admit that I'm lost an email encryption nowadays and I don't feel qualified to teach this topic anymore. Beside that, I'm a little bit concerned that its usable security has declined in the last months.

So - do you know any material which "good" nowadays?

The problems I see with most my classical best-practice I taught are

-> Ditching classical sks-keyservers network and introducing hagrid / https://keys.openpgp.org/ the typical web-of-trust model is no longer applicable, i.e. hagrid does not publish any signatures on keys.
* How should user exchange any verify keys noways?
* Which key-verification workflows made usable by Thunderbird?

=> Do you know of material?

-> If security (and not privacy) is a concern, Preventing attackers from reading sensitive E-Mails is a usual concerns. This should also hold, when an attacker gains access to a mailbox (e.g. by social engieering at the provider) and uses hagrid to distribute malicious keys. * What is the typical way to protect against a scenario? E.g. how are journalists supposed to exchange keys using thunderbird?

=> Do you know of good material to illustrate best practices?

-> Beside Thunderbird, there are various tools for key-management. However, it looks to me like these tools are no longer usable for thunderbird's keys, due to Thunderbird's decision to utilize its own keyring.

=> Do know know of other good tools that can manage Thunderbird's keyring?

Thanks in advance,
Greetz, yanosz



_______________________________________________
CryptoParty global mailing list
global@xxxxxxxxxxxxxx
https://cryptoparty.is/lists/global/