Mike Ashley

23nov2014

November 23, 2014

What's New in GnuPG 2.1
GnuPG 2.1 is out. Support for elliptic curve cryptography and improved local key management infrastructure.
ISPs Removing Their Customers' Email Encryption
STARTTLS downgrade attacks primarily against server-to-server email communication. A good example of complexity in the whole application infrastructure that makes it hard to guarantee privacy at any layer. The user is the last backstop; use your own encryption like GnuPG if privacy is important.
IAB Statement on Internet Confidentiality
Meanwhile, the IAB encourages designers to take a "you can't trust anybody else and you have to to trust everybody else" position, which is no help at all.
Let's Encrypt
At least the EFF, Mozilla, Cisco, and a few others are trying to make transport-layer security ubiquitous by supporting a no-charge certificate authority.
Slack
Lef'Jab, commercialized.