23nov2014
- What’s New in GnuPG 2.1
- GnuPG 2.1 is out. Support for elliptic curve cryptography and
improved local key management infrastructure.
- ISPs Removing Their Customers’ Email Encryption
- STARTTLS downgrade attacks primarily against server-to-server email
communication. A good example of complexity in the whole application
infrastructure that makes it hard to guarantee privacy at any layer.
The user is the last backstop; use your own encryption like GnuPG if
privacy is important.
- IAB Statement on Internet Confidentiality
- Meanwhile, the IAB encourages designers to take a "you can’t trust
anybody else and you have to to trust everybody else" position,
which is no help at all.
- Let’s Encrypt
- At least the EFF, Mozilla, Cisco, and a few others are trying to
make transport-layer security ubiquitous by supporting a no-charge
certificate authority.
- Slack
- Lef’Jab, commercialized.
