logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: 8ded325269f02ba1f24eb54e9160a28cdc6ccfb2
parent 5f954ec01d06363507c4a8d5aa6ab99b26264455
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu,  7 Mar 2019 02:35:15 +0100

articles/Pretty Bad Privacy: Add note on NetPGP, link to What’s the matter with PGP?

Diffstat:

Marticles/Pretty Bad Privacy.xhtml3+++
1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml @@ -12,12 +12,15 @@ <p>It leaks a pile of metadata (time, implementation name+version, …)</p> <p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p> <p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p> +<p>There is no forward secrecy</p> <h2>OpenPGP in real life</h2> <p>Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).</p> <h2>See also</h2> <ul> <li><a href="https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html">Pretty Bad {Protocol,People}</a></li> <li><a href="https://neopg.io/">NeoPG</a>, a fork of GnuPG, found SigSpoof probably more to come</li> + <li><a href="http://www.netpgp.com/">NetPGP</a>, an implementation of OpenPGP by NetBSD, seems quite unmaintained to me</li> + <li><a href="https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/">What’s the matter with PGP? - A Few Thoughts on Cryptographic Engineering</a></li> </ul> <p><a href="https://queer.hacktivis.me/notice/9gVn61L9VGPosmXRQG">Fediverse post for comments</a></p> </article>