 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Jun 10, 2011, at 8:12 AM, Edward Ned Harvey wrote: > > I am very surprised to hear people using the term "PGP" as if it were > synonymous with "Email signing/encryption." As far as I'm concerned, S/MIME > has already won the war on email signing/encryption. Go get a free > certificate from startssl.com, and voila. For those a bit slower than I on the slashdot feed: http://news.netcraft.com/archives/2011/06/22/startssl-suspends-services-after-security-breach.html https://www.startssl.com/ The text: > Maintenance > > Due to an attack on our systems and a security breach that occurred at the 15th of June, issuance of digital certificates and related services have been temporarily suspended as a defensive measure. Our services will be gradually reinstated as the situation allows. > > Subscribers and holders of valid certificates are not affected in any form. > > Visitors to web sites and other parties relying on valid certificates are not affected. > > We apologize for the temporary inconvenience and thank you for your understanding. Little useful information there. Nothing there to indicate what constitutes an *in*valid certificate. The front page was updated on 21 June, nearly a week after the attack. That's a week's worth of possibly compromised certificates. Regardless, this is just another example of the biggest flaw in SSL and S/MIME, that they are only as good as the certificate authorities. --Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
