commit: 298791b45d202800a78409c6d334d34420f2e629
parent 5490b02ae911d086ba6636cd2156e2b840e1da5d
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 7 Mar 2019 02:06:04 +0100
articles/Pretty Bad Privacy: New Draft Article
Diffstat:
4 files changed, 49 insertions(+), 0 deletions(-)
diff --git a/articles/Pretty Bad Privacy.shtml b/articles/Pretty Bad Privacy.shtml
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+<!--#include file="/templates/head.shtml" -->
+ <meta property="og:type" content="article"/>
+ <meta property="og:title" content="Pretty Bad Privacy"/>
+ <title>Pretty Bad Privacy — Cyber-home of lanodan</title>
+ </head>
+ <body>
+<!--#include file="/templates/en/nav.shtml" -->
+<!--#include file="/articles/Pretty Bad Privacy.xhtml"-->
+ <a href="/articles/Pretty%20Bad%20Privacy">article only(plain XHTML)</a>
+<!--#include file="/templates/en/footer.html" -->
+ </body>
+</html>
diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml
@@ -0,0 +1,22 @@
+<article lang="en">
+<a href="/articles/Pretty%20Bad%20Privacy"><h1>Pretty Bad Privacy</h1></a>
+<span class="warn">This article is in early drafting process, made public so I get comments and more people can be aware</span>
+<dl>
+ <dt>OpenPGP</dt>
+ <dd>Pretty Good Privacy standard, derives from the original PGP implementation</dd>
+ <dt>GnuPG / GPG</dt>
+ <dd>Gnu Privacy Guard, main/only implementation of OpenPGP</dd>
+</dl>
+<h2>OpenPGP standard</h2>
+<p>The OpenPGP standard mandates that some ciphers must be present in the implementation, they are now broken and well known to be (<abbr title="As Far As I Remember">AFAIR</abbr> it’s stuff like SHA1, 3DES, …).</p>
+<p>It leaks a pile of metadata (time, implementation name+version, …)</p>
+<p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p>
+<p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p>
+<h2>OpenPGP in real life</h2>
+<p>Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).</p>
+<h2>See also</h2>
+<ul>
+ <li><a href="https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html">Pretty Bad {Protocol,People}</a></li>
+ <li><a href="https://neopg.io/">NeoPG</a>, a fork of GnuPG, found SigSpoof probably more to come</li>
+</ul>
+</article>
diff --git a/feed.atom b/feed.atom
@@ -10,6 +10,17 @@
</author>
<entry>
+ <title>Pretty Bad Privacy</title>
+ <link rel="alternate" type="text/html" href="/articles/Pretty%20Bad%20Privacy"/>
+ <id>https://hacktivis.me/articles/Pretty%20Bad%20Privacy</id>
+ <published>2019-03-07T01:00:04Z</published>
+ <updated>2019-03-07T01:00:04Z</updated>
+ <content type="xhtml"><div xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+<!--#include file="/articles/Pretty Bad Privacy.xhtml"-->
+ </div></content>
+ </entry>
+
+ <entry>
<title>AtlASSian: The Bullshit Factory</title>
<link rel="alternate" type="text/html" href="/articles/AtASSian"/>
<id>https://hacktivis.me/articles/AtASSian</id>
diff --git a/home.shtml b/home.shtml
@@ -6,6 +6,7 @@
</head>
<body>
<!--#set var="transPageUrl" value='accueil' --><!--#set var="feedURL" value='/feed.atom'--><!--#include file="templates/en/nav.shtml" -->
+<!--#include file="/articles/Pretty Bad Privacy.xhtml"-->
<!--#include file="/articles/AtASSian.xhtml"-->
<!--#include file="/articles/I’m removing defaults to eternal cryptographic signatures.xhtml"-->
<!--#include file="/articles/Email to graphics-dev@chromium.org about nouveau blacklisting.xhtml"-->
