[Cryptography] Dark Mail Alliance specs?

Jon Callas jon at callas.org
Thu Mar 27 10:01:02 EDT 2014

Hash: SHA1

On Mar 25, 2014, at 4:21 PM, Peter Fairbrother <zenadsl6186 at zen.co.uk> wrote:

> They use "cloud" and "security" in one _name_?  Wow.
> -- Peter F
> (sorry, couldn't resist)

Yeah, why try to make the world better, when it's so much fun to just laugh?

Seriously -- the CSA are a good group. When "cloud" became a big buzzword, it was started by a bunch of people who said that lots of other technologies were designed with no respect to security, and then people started to jam the security in later. The idea was that *this* time, we ought to try to get the security in the first time.

Obviously, this is hard, because there's so few of us and so many of them. However, the CSA has been out there in promoting aggressive policies. I wrote the original encryption guidelines back in '09, and I put in things like a statement that if data in the cloud is not end-to-end encrypted, then it should be considered lost (which is a significant thing, as that triggers breach disclosure notifications). I was impressed that I got backing on that.

I stopped my involvement after I was in PGP as I was in The Village, but in the post-Snowden world, I've been invited back to beat the drum for real security. In next week's meeting <https://cloudsecurityalliance.org/events/securecloud2014/>, there's going to be a lot of good work. Yes, it's slow moving, but it's going in the right direction.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list