Re: On email and web security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 30 Dec 2015, Fred Baker (fred) wrote:

Second, many of my colleagues have asked me to remove their old keys from my database, because they have forgotten them, although the PGP repository has not. It may be necessary to purge the PGP database, obsoleting and removing keys that have been superseded, and advising holders of keys that their keys are old and should be updated. I actually cannot encrypt to the entire set of keys I downloaded, only those whose holders can still decrypt such communications.

That is one of the motivations behind:

https://tools.ietf.org/html/draft-ietf-dane-openpgpkey

You can also add a milter plugin to sendmail/postfix that will encrypt
automatically for you on outgoing/forwarding email:
https://github.com/letoams/openpgpkey-milter

You can generate openpgpkey records using hash-slinger's openpgp command:
https://github.com/letoams/hash-slinger

In other words, tools tend to work a lot better when they are used. We need to actually use our tools, not just as individuals, but as an organization, and where they are not serving us well, we need to correct that.

I agree. When I first enabled openpgpkey-milter myself, I forgot that my
email is delivered to mx.nohats.ca, and forwarded to a private IP that
is my local mailserver at home. So mx.nohats.ca dutyfully encrypted ALL
my email it forwarded. Neither I or my mail tools were ready for that.
I'm hoping mail clients will be able to receive/decrypt a lot more
easilly and store email unencrypted (depending on disk crypto for
privacy) so one does not lose the ability to read/search through old
email)

Paul




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]