[Cryptography] Cipher death notes
Randy Bush
randy at psg.com
Thu Apr 9 23:52:07 EDT 2015
> - How many people have at some point received signed email (S/MIME, PGP,
> whatever)?
>
> - Of the above, how many people have been warned about some sort of validation
> failure in said signed email (expired cert, couldn't find the key, signature
> didn't validate, couldn't find gpg for the validation, etc)?
>
> - Of the above again, how many people immediately deleted the email without
> looking at it (it could be a drive-by download/infection)?
if there is content in the text of the email in which i am supposed to
place some trust, url, info, ... i diagnose the failure, contect sender
oob, ...
but i am tinfoil heavy. if my wife emails a url, i check oob to see if
she really sent it.
it is droll that http://scanurl.net/ is not ssl enabled. same for
http://global.sitesafety.trendmicro.com/
randy
More information about the cryptography
mailing list