[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cp-global] Up-to-date material for email encryption
[Thread Prev] | [Thread Next]
[Date Prev] | [Date Next]
- Subject: [cp-global] Up-to-date material for email encryption
- From: yanosz (cp-global yanosz.net) via <global@xxxxxxxxxxxxxx>
- Reply-to: yanosz <cp-global@xxxxxxxxxx>
- Date: Thu, 1 Dec 2022 12:59:19 +0100
- Cc: global@xxxxxxxxxxxxxx
Hei folks,I've to admit that I'm lost an email encryption nowadays and I don't feel qualified to teach this topic anymore. Beside that, I'm a little bit concerned that its usable security has declined in the last months.
So - do you know any material which "good" nowadays? The problems I see with most my classical best-practice I taught are-> Ditching classical sks-keyservers network and introducing hagrid / https://keys.openpgp.org/ the typical web-of-trust model is no longer applicable, i.e. hagrid does not publish any signatures on keys.
* How should user exchange any verify keys noways? * Which key-verification workflows made usable by Thunderbird? => Do you know of material?-> If security (and not privacy) is a concern, Preventing attackers from reading sensitive E-Mails is a usual concerns. This should also hold, when an attacker gains access to a mailbox (e.g. by social engieering at the provider) and uses hagrid to distribute malicious keys. * What is the typical way to protect against a scenario? E.g. how are journalists supposed to exchange keys using thunderbird?
=> Do you know of good material to illustrate best practices?-> Beside Thunderbird, there are various tools for key-management. However, it looks to me like these tools are no longer usable for thunderbird's keys, due to Thunderbird's decision to utilize its own keyring.
=> Do know know of other good tools that can manage Thunderbird's keyring? Thanks in advance, Greetz, yanosz _______________________________________________ CryptoParty global mailing list global@xxxxxxxxxxxxxx https://cryptoparty.is/lists/global/