PayPal cut a secure email project's funds
Classified in : Homepage, Debian, Miscellaneous, Grumble
It should be no news that PayPal have made an habit of opposing to projects that fight for the respect of freedom and democracy by cutting their funds. Anyway, they have just provided us another example of such an abuse, against the ProtonMail project.
Mutt: encrypt all messages sent to known PGP users
Classified in : Homepage, Debian, Command line, To remember
This is one thing I have wanted to do for a long time: configure Mutt to encrypt all messages sent to addresses for which I have a valid public key. Well, here is an awk-based script to generate that configuration.
(Yes, I know, a similar script was already written. But I did not see it at first, and I find mine more readable. :-) )
Read more Mutt: encrypt all messages sent to known PGP users
Encryption without a certification layer is (partly) useless
With the PRISM scandal, there has been some talk about encrypted communication systems. For instance, BitMessage is often introduced as an easy and secure message system, that would allow you to communicate with no possible eavesdropping. Apple is also making similar claims about their systems iMessage and FaceTime.
This is a good time to remind this: without direct contact or a certification layer, encryption systems are not secure! Or at least, not as secure as you would expect, as they do allow some kind of eavesdropping.
Read more Encryption without a certification layer is (partly) useless
An email header field to indicate you would like encrypted replies
As you may know, when Phil Zimmermann published PGP, his goal was to counter the wide spying possibilities the development of electronic communications offered to the authorities, by promoting the general use of encryption so that 1. governments would not be able to restrict it afterwards and 2. it becomes possible to encrypt messages for privacy without drawing suspicion.
Now, cryptography has made its way and is widely use, but mostly for commercial website and only sparsely for mail. Indeed, contrary to signing, encrypting a message requires that the recipient has a crypto key and is able and willing to use it to decrypt your message.
To alleviate this problem, I thought that it would be useful to have a way, when sending a message, to tell your recipients that you would like that they encrypt their answers, because you are able and willing to get encrypted mail. I think the most relevant way to do that would be by adding a dedicated header field:
Encryption-Desired: PGP
In that header, one would be able to indicate what protocols he accepts. I suggest a comma-separated list, with the following possible values: PGP (or PGP/MIME and PGP/traditional for people that only accept one of these two PGP formats), S/MIME. For instance:
Encryption-Desired: PGP/MIME, S/MIME
It may be useful to be able to indicate that you either always wish your
messages to be encrypted, or that it is only for this message's replies. If this
is really relevant, it would take two distinct headers: Encryption-Desired and Reply-Encryption-Desired.
Any thought about that proposal? Next thing to do, determine how to have that standardized at IANA and how to promote it.