About document signing
defdefred
defdefred at protonmail.com
Mon May 18 15:20:27 BST 2020
On Monday 18 May 2020 15:06, kaoD <elkaod at gmail.com> wrote:
> I love cryptography so this is kinda my area of interest. Just to add to solderpunk's great reply: modern TLS with DH also adds forward secrecy, which is a very desirable property that GPG lacks.
In cryptography, regular enhancement is mandatory :-)
> Can you elaborate? What is TLS interception and how does it make TLS broken?
https://en.wikipedia.org/wiki/Transport_Layer_Security_Security#TLS_interception
> AFAIK Protonmail uses both: TLS for in-transit crypto (communication with Protonmail servers) and GPG for at-rest crypto (the actual mail contents).
They use both because the old SMTP protocol is keeping metadata impossible to encrypt.
> As a reminder: TLS is end-to-end encrypted!
Not End-to-End (Writer-to-Reader)... Only Server-to-Browser, without protection for the hosted files.
> [0] https://www.cryptologie.net/article/502/alternatives-to-pgp/, discussion in Reddit https://www.reddit.com/r/crypto/comments/ggvl2h/alternatives_to_pgp/
Maybe the blog author is forgotting that GPG signing is not useful without verifying signature...
Regards,
freD.
More information about the Gemini
mailing list