Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Communications Encryption Privacy Security

Chaos Computer Club, Others Scoff At German Email Security Move As "Marketing" 135

Posted by timothy from the es-klingt-aber-so-gut dept.
The move on the part of three large German ISPs to provide more secure email, marketed as "Email made in Germany" (Deutsche Telekom's part specifically was mentioned here yesterday), has drawn sharp criticism from security experts, according to a report at Ars. Among those experts are members of the Chaos Computing Club, and GPGMail lead Lukas Pitschl, who responded to the move from Deutsche Telekom, GMX, and Web.de to encrypt all email in transmission with SMTP TLS : "'If you really want to protect your e-mails from prying eyes, use OpenPGP or S/MIME on your own desktop and don't let a third-party provider have your data,' he told Ars. 'No one of the "E-Mail made in Germany" initiative would say if they encrypt the data on their servers so they don't have access to it, which they probably don't and thus the government could force them to let them access it.'"
This discussion has been archived. No new comments can be posted.

Chaos Computer Club, Others Scoff At German Email Security Move As "Marketing" More

Chaos Computer Club, Others Scoff At German Email Security Move As "Marketing"

Comments Filter:

  • Re:So what ever became of public key escrows? (Score:5, Informative)

    by MichaelSmith ( 789609 ) on Sunday August 11, 2013 @02:48AM (#44534205) Homepage Journal

    There is an online pool of key servers with a limited number of entry points so that each client knows which servers to search for keys. It is very reliable and I have never had to manually search for a key to exchange messages with a person. Finding the keys isn't the problem. Complacency is. I recently worked with a group of security conscious people who had PGP set up. I encrypted all the messages I sent to them initially but they sent their replies in plain text so I gave up.

    Enigmail here searches pool.sks-keyservers.net, subkeys.pgp.net, sks.mit.edu, ldap://certserver.pgp.com

  • Re:So what ever became of public key escrows? (Score:4, Informative)

    by icebike ( 68054 ) on Sunday August 11, 2013 @02:52AM (#44534217)

    The enigmail configuration has a keyserver setup UI with defaults loaded, which makes the upload of keys quite easy. If we are not at the point where my mother could do it, then we are close.

    But this requires I know the keyserver used by every person I might e-mail. How do I know that ahead of time?

    No, any key server will do.
    And there are hundreds of them, and they all talk to each other.

    Any modern email program will have a pgp plugin which will query the server for you

Slashdot Top Deals

"The one charm of marriage is that it makes a life of deception a neccessity." - Oscar Wilde

Close