[Mailman-Developers] Encrypted lists are still a valid GSoC project, in case you were wondering.
Stephen J. Turnbull
turnbull.stephen.fw at u.tsukuba.ac.jp
Mon Mar 27 15:48:04 EDT 2017
Terri Oda writes:
> Basically, don't just read "Why Johnny Can't Encrypt" [1] and assume the
> problem of encrypted is dead and never will be solved.
But you might want also to read JWZ's blog on Signal[2] *and all the
comments* to see why threat models matter, and how subtle it can be.
(If you're not going to read a large fraction of the comments, don't
bother, nothing to see here.) It's the disagreement among smart,
well-intentioned -- if a bit mouthy in JWZ's case ;-) -- people that's
of interest here. AFAICT, in the whole thread there are no two
individuals who agree on what threat model this particular encrypted
messaging system should try to address!
[1] https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50
[2] https://www.jwz.org/blog/2017/03/signal-leaks-your-phone-number-to-everyone-in-your-contacts/
More information about the Mailman-Developers
mailing list