Encryption on Mailing lists sensless?

Nan nan at goodcrypto.com
Wed Nov 19 09:54:01 CET 2014

Robert, let's try to defuse this.

To quote Werner, Salam-Shalom.

First, "charlatan" and "snake oil" imply deceit. Goodcrypto:

  * Is open source
  * Uses GPG for mail encryption
  * Links to "The limits of GoodCrypto" right on the front page
  * Has asked for audits from many people, including:
    * Open Crypto Audit Project
    * EFF
    * Privacy International

I humbly suggest this demonstrates that we are trying very hard not to fool anyone.

You made the great point that a mail server and sysadmin is a single point of failure. This is covered in our Design document referenced from our Technical FAQ. There are tradeoffs to everything. Because a mail crypto server is a tempting target, we have to protect it very carefully. Please let us know the details about any successful attacks you find.

We'll have to disagree on whether we should ignore clear evidence about DSA because academics haven't published yet. I understand this is very important to you because of your NIST association.

I'll try hard to let you have the last word :)


GoodCrypto warning: Anyone could have read this message. Use encryption, it works.

More information about the Gnupg-users mailing list