Copy this bookmark:



bookmark detail

Nelson's Weblog: tech / bad / failure-of-encryption
One of the great failures of the Internet era has been giving up on end-to-end encryption. PGP dates back to 1991, 22 years ago. It gave us the technical means to have truly secure email between two people. But it was very difficult to use. And in 22 years no one has ever meaningfully made email encryption really usable. [...]

We do have SSL/HTTPS, the only real end-to-end encryption most of us use daily. But the key distribution is hopelessly centralized, authority rooted in 40+ certificates. At least 4 of those certs have been compromised by blackhat hackers in the past few years. How many more have been subverted by government agencies? I believe the SSL Observatory is the only way we’d know.

We do also have SSH. Maybe more services need to adopt that model?
ssh  ssl  tls  pki  crypto  end-to-end  pgp  security  surveillance 
august 2013 by jm
view in context