Follow

Technical background for end-to-end crypto emails: Cryptographic Message Syntax (CMS) is to S/MIME what OpenPGP is to OpenPGP/MIME. Those are the two major open standards. But on May 2018 most S/MIME clients were found to be vulnerable to a Cipher Block Chaining (CBC) malleability-gadget attack (CVE-2017-17689) for unsigned mails, because they did not use modern CMS variants specs. One takeway: Sign all your encrypted emails. Don't load external contents.

Sign in to participate in the conversation
Mastodon

One of the first Mastodon instances, there is no specific topic we're into, just enjoy your time!