[Cryptography] Cipher death notes

Randy Bush randy at psg.com
Thu Apr 9 23:52:07 EDT 2015

> - How many people have at some point received signed email (S/MIME, PGP,
>   whatever)?
> - Of the above, how many people have been warned about some sort of validation
>   failure in said signed email (expired cert, couldn't find the key, signature
>   didn't validate, couldn't find gpg for the validation, etc)?
> - Of the above again, how many people immediately deleted the email without
>   looking at it (it could be a drive-by download/infection)?

if there is content in the text of the email in which i am supposed to
place some trust, url, info, ... i diagnose the failure, contect sender
oob, ...

but i am tinfoil heavy.  if my wife emails a url, i check oob to see if
she really sent it.

it is droll that http://scanurl.net/ is not ssl enabled.  same for


More information about the cryptography mailing list