commit: 45036fc0516d55ebf30fe8a6cf1e6a91a4c4c1e4
parent ce5c589c2a5a9c24689e7ec92c93835fe7b74f75
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 7 Mar 2019 02:35:15 +0100
articles/Pretty Bad Privacy: Add note on NetPGP, link to What’s the matter with PGP?
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml
@@ -12,12 +12,15 @@
<p>It leaks a pile of metadata (time, implementation name+version, …)</p>
<p>There is no deniability possible, there is quite a difference between no-authentication and deniability, to be elaborated on</p>
<p>Your public key/identity <strong>will</strong> end up on the keyservers at some point, no exception.</p>
+<p>There is no forward secrecy</p>
<h2>OpenPGP in real life</h2>
<p>Real Name policy and other stuff that should be optionnal in the Public Key Verification process (An ID card? Seriously?).</p>
<h2>See also</h2>
<ul>
<li><a href="https://blog.patternsinthevoid.net/pretty-bad-protocolpeople.html">Pretty Bad {Protocol,People}</a></li>
<li><a href="https://neopg.io/">NeoPG</a>, a fork of GnuPG, found SigSpoof probably more to come</li>
+ <li><a href="http://www.netpgp.com/">NetPGP</a>, an implementation of OpenPGP by NetBSD, seems quite unmaintained to me</li>
+ <li><a href="https://blog.cryptographyengineering.com/2014/08/13/whats-matter-with-pgp/">What’s the matter with PGP? - A Few Thoughts on Cryptographic Engineering</a></li>
</ul>
<p><a href="https://queer.hacktivis.me/notice/9gVn61L9VGPosmXRQG">Fediverse post for comments</a></p>
</article>
