|
Size: 3747
Comment: Link to EFF's secure Messaging Scorecard
|
Size: 3778
Comment: better phrasing of comment on EFF scorecard
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 6: | Line 6: |
| ** Encrypted in transit? Yes ** Encrypted so the provider can’t read it? Yes //Comment: with most messagers, the server provider also provides the software.// ** Can you verify contacts’ identities? Yes ** Are past comms secure if your keys are stolen? No //Comment: forward secrecy means an extra key-exchange before a message can be send. ~OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the subkeys, it is gone.// ** Is the code open to independent review? Yes ** Is security design properly documented? Yes ** Has the code been audited? No //Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.// |
** Encrypted in transit? Yes. ** Encrypted so the provider can’t read it? Yes. //Comment: with most messagers, the server provider also provides the software.// ** Can you verify contacts’ identities? Yes. ** Are past comms secure if your keys are stolen? No. //Comment: forward secrecy means an extra key-exchange before a message can be send. ~OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the used subkeys, the communication is "secure".// ** Is the code open to independent review? Yes. ** Is security design properly documented? Yes. ** Has the code been audited? No. //Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.// |
Gpg4win in the press
English
- EFF's Secure Messaging Scorecard , accessed 2014-11-06. Lists Gpg4win with "PGP for Windows" with the following attributes (With early comments from -- bernhard 2014-11-06 16:42:19))
- Encrypted in transit? Yes.
- Encrypted so the provider can’t read it? Yes. Comment: with most messagers, the server provider also provides the software.
- Can you verify contacts’ identities? Yes.
- Are past comms secure if your keys are stolen? No. Comment: forward secrecy means an extra key-exchange before a message can be send. OpenPGP works offline, thus cannot provide it without losing this ability. And if you delete the used subkeys, the communication is "secure".
- Is the code open to independent review? Yes.
- Is security design properly documented? Yes.
- Has the code been audited? No. Comment: This is a wobbly argument, why would someone demand a fresh design audit, if an unchanged design is older than 12 month. Also code audits do not cover or find everything, you could also demand a high automatic test coverage or fuzzy testing with similiar wobbly results. Given that GnuPG is around a long while, many independent people looked at the code.
German
- 2014-08-29 Heise.de In eigener Sache: So können Sie die Redaktion per PGP kontaktieren (German)
- 2014-04-30 Golem.de Kryptoparty bei Golem.de (German)
- 2014-02-27 c't Sonderheft (Heise Zeitschriften Verlag) c't wissen Sichere E-Mail (German)
- 2013-09-09 c't 2013, Heft 20, Seite 50 Mail-Verschlüsseler Gpg4win aufgefrischt (Short news item in German)
- 2013-08-23 PC Magazin Gpg4win 2.2 verschlüsselt auch mit Outlook 2013 (German)
- 2013-08-21 Heise.de Gpg4win 2.2 verschlüsselt E-Mails und Dateien (German)
- 2013-08-10 DIE WELT: So schützen Sie Ihre Daten im Netz (German)
- 2013-08-09 Kölnische Rundschau: Mail-Verschlüsselung macht den Unterschied (German)
- 2013-07-23 impulse - Das Unternehmer-Magazin (08/2013): Schlüssel fürs Postfach (German)
- 2013-07-21 heise.de: Verschlüsselungssoftware GPG4Win unterstützt Outlook 2010 (German)
- 2013-07-21 golem.de: Gpg4win 2.2.0 soll Outlook 2013 unterstützen (German)
- 2013-07-10 ZDF-Morgenmagazin: E-Mails-richtig-verschluesseln (German)
- 2013-07-05 WDR: Hier haben Spione keine Chance (German)
- 2013-07-04 Spiegel-Online: Schutz gegen Internet-Spione: So verschlüsseln Sie Ihre E-Mails (German)