23nov2014
November 23, 2014
- What's New in GnuPG 2.1
- GnuPG 2.1 is out. Support for elliptic curve cryptography and improved local key management infrastructure.
- ISPs Removing Their Customers' Email Encryption
- STARTTLS downgrade attacks primarily against server-to-server email communication. A good example of complexity in the whole application infrastructure that makes it hard to guarantee privacy at any layer. The user is the last backstop; use your own encryption like GnuPG if privacy is important.
- IAB Statement on Internet Confidentiality
- Meanwhile, the IAB encourages designers to take a "you can't trust anybody else and you have to to trust everybody else" position, which is no help at all.
- Let's Encrypt
- At least the EFF, Mozilla, Cisco, and a few others are trying to make transport-layer security ubiquitous by supporting a no-charge certificate authority.
- Slack
- Lef'Jab, commercialized.