what should they give to other people, your public certificate, I hope so:) From what I have read, and there is also a post here, where this was discussed on macslash, they don't gather any more information, then your email address and your public key.
Still they should clarify that, I send fk6 a pm about it, let's see what he says.
normal people don't know how to do key-exchanges...that's why, and that won't go away with Enigmail.....though if you automate the key exchanges you have to trust the stupid central server, like the pgp keyserver. They are talking about a novel concept, the fingerprint system. That is supposed to prevent abuse by the central authority. If this is really true, then this would be a BIG improvement. You can find that system explained in their report.
harky
Did anyone read the part about the Ciphire fingerprints? That is somehow supposed to make their CA/PKI uncompromisable. Or am I seeing something wrong? It's in that review and they also say that they have invented the first PKI that they themselves cannot efficiently compromise.
So what is that darn Ciphire Fingerprint system?
Anybody care to explain?
and the security vulnerability that they found in GnuPG, where the maintainer had screwed up El-Gamal signing in there for years, was ONLY found in a COMMERCIAL AUDIT!!!
If anybody were able to read the whitepaper, they would see the new thing, they build a CA/PKI which they cannot compromise themselves. Apparently the Russ guy, some IETF security are director, as they say, reviewed their protocols and he says that they are better then the existing ones. I don't think he would say that if it weren't true, now where are the specs?
Slashdot Mirror
ask them to change that, not me;)
I forwarded this to fk6, but this has already been answered on their board. Have a look at their privacy policy.
what should they give to other people, your public certificate, I hope so:) From what I have read, and there is also a post here, where this was discussed on macslash, they don't gather any more information, then your email address and your public key. Still they should clarify that, I send fk6 a pm about it, let's see what he says.
smartass, the security review is what I was referring to, when I wrote my post.
Maybe we need a couple more of these: http://www.securityfocus.com/news/10271 before the general public wakes up
normal people don't know how to do key-exchanges...that's why, and that won't go away with Enigmail.....though if you automate the key exchanges you have to trust the stupid central server, like the pgp keyserver. They are talking about a novel concept, the fingerprint system. That is supposed to prevent abuse by the central authority. If this is really true, then this would be a BIG improvement. You can find that system explained in their report. harky
something called the Ciphire fingerprint system, which is a web of trust replacement. but I don't understand how it works, see my post.
Did anyone read the part about the Ciphire fingerprints? That is somehow supposed to make their CA/PKI uncompromisable. Or am I seeing something wrong? It's in that review and they also say that they have invented the first PKI that they themselves cannot efficiently compromise. So what is that darn Ciphire Fingerprint system? Anybody care to explain?
just found that on ciphire's forum, seems like a good reason: http://www.securityfocus.com/news/10271
and the security vulnerability that they found in GnuPG, where the maintainer had screwed up El-Gamal signing in there for years, was ONLY found in a COMMERCIAL AUDIT!!!
If anybody were able to read the whitepaper, they would see the new thing, they build a CA/PKI which they cannot compromise themselves. Apparently the Russ guy, some IETF security are director, as they say, reviewed their protocols and he says that they are better then the existing ones. I don't think he would say that if it weren't true, now where are the specs?
that I couldn't get any chicks to use it;)