Excited 2 send my first encrypted pgp email… and shocked to find that the subject lines are plaintext. leakage! don't use subject lines?
-
-
Replying to @inthecloud247
@inthecloud247 PGP doesn't protect metadata at all (by design of course): sender/receiver, time, size... perfect target for traffic analysis1 reply 0 retweets 0 likes -
Replying to @kylemaxwell
@kylemaxwell Ya seems that way. it was built for a different time I guess… maybe emailing truecrypt files around is a better idea :-)2 replies 0 retweets 0 likes -
Replying to @inthecloud247
@inthecloud247 mitigates some traffic analysis but not the core (who and when)1 reply 0 retweets 0 likes -
Replying to @kylemaxwell
@kylemaxwell 'when' can be pretty easily addressed with custom email servers with new delivery logic and header rewriting.1 reply 0 retweets 0 likes -
Replying to @inthecloud247
@kylemaxwell but they sound like hacks... Not sure of the need to maintain backwards compatibility with existing mail. Maybe diff protocol?2 replies 0 retweets 0 likes -
Replying to @inthecloud247
@inthecloud247 essential:@TomRittervg's analysis of AAM presented at#DEFCON - don't design anything until digesting http://ritter.vg/blog-deanonymizing_amm.html …1 reply 0 retweets 1 like
@kylemaxwell @tomrittervg Checking out ur #defcon presentation. Can you enable https by default on ur blog :-) Cert seems to work fine…
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.