LWN: Comments on "Thinking about email security (NewsForge)" https://lwn.net/Articles/189644/ This is a special feed containing comments posted to the individual LWN article titled "Thinking about email security (NewsForge)". en-us Thu, 09 Oct 2025 09:22:24 +0000 Thu, 09 Oct 2025 09:22:24 +0000 https://www.rssboard.org/rss-specification lwn@lwn.net Thinking about email security (NewsForge) https://lwn.net/Articles/189858/ https://lwn.net/Articles/189858/ kdart I do use public key infrastruct to sign emails, but not to encrypt them. I started doing this when I discovered that spammers were using my own email address as a spoofed source address. So the issue for me is not just privacy, but authentication. Now, I can say to people that if an email does not have a signature signed by my GPG key, it's not from me. <br> <p> Sun, 02 Jul 2006 20:20:37 +0000 Thinking about email security (NewsForge) https://lwn.net/Articles/189787/ https://lwn.net/Articles/189787/ b7j0c public-key-infrastructure for email seems like a non-starter, as it has been for many years. its a great idea with proven technology, but who uses it? <br> <p> i also think the authors cited in this article are wrong on one count. they cite webmail accounts as a bad idea. but it should be noted that google, yahoo etc were likely using technologies like domain keys, phishing detection, and decent antivirus before your ISP. it is these technologies that seem to be of more everyday practical value than signing and encrypting casual messages. while it is true that your webmail inbox is on someone else's server, the legal and security issues here are no different than a normal hosting provider or ISP. even if you are encrypting your outgoing email, your incoming messages (presuming they are plaintext) are still fodder for interested parties along the way.<br> Fri, 30 Jun 2006 20:31:03 +0000