Security Blog
The latest news and insights from Google on security and safety on the Internet
E2EMail research project has left the nest
24. veljače 2017.
Posted by KB Sriram, Eduardo Vela Nava, and Stephan Somogyi, Security and Privacy Engineering
Whether they’re concerned about insider risks, compelled data disclosure demands, or other perceived dangers, some people prudently use end-to-end email encryption to limit the scope of systems they have to trust. The best-known method, PGP, has long been available in command-line form, as a plug-in for IMAP-based email clients, and it clumsily interoperates with Gmail by cut-and-paste. All these scenarios have demonstrated over 25 years that it’s too hard to use. Chromebook users also have never had a good solution; choosing between strong crypto and a strong endpoint device is unsatisfactory.
These are some of the reasons we’ve continued working on the
End-To-End research effort
. One of the things we’ve done over the past year is add the resulting
E2EMail
code to GitHub: E2EMail is not a Google product, it’s now a fully community-driven open source project, to which passionate security engineers from across the industry have already contributed.
E2EMail offers one approach to integrating OpenPGP into Gmail via a Chrome Extension, with improved usability, and while carefully keeping all cleartext of the message body exclusively on the client. E2EMail is built on a proven, open source
Javascript crypto
library developed at Google.
E2EMail in its current incarnation uses a bare-bones central keyserver for testing, but the recent
Key Transparency announcement
is crucial to its further evolution. Key discovery and distribution lie at the heart of the usability challenges that OpenPGP implementations have faced. Key Transparency delivers a solid, scalable, and thus practical solution, replacing the problematic
web-of-trust
model traditionally used with PGP.
We look forward to working alongside the community to integrate E2EMail with the Key Transparency server, and beyond. If you’re interested in delving deeper, check out the
e2email-org/e2email
repository on GitHub.
Nema komentara :
Objavi komentar
Oznake
#sharethemicincyber
#supplychain #security #opensource
AI Security
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2026
tra
ožu
velj
sij
2025
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2024
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2023
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2022
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2021
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2020
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2019
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2018
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2017
pro
stu
lis
ruj
srp
lip
svi
tra
ožu
velj
sij
2016
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2015
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
sij
2014
pro
stu
lis
ruj
kol
srp
lip
tra
ožu
velj
sij
2013
pro
stu
lis
kol
lip
svi
tra
ožu
velj
sij
2012
pro
ruj
kol
lip
svi
tra
ožu
velj
sij
2011
pro
stu
lis
ruj
kol
srp
lip
svi
tra
ožu
velj
2010
stu
lis
ruj
kol
srp
svi
tra
ožu
2009
stu
lis
kol
srp
lip
ožu
2008
pro
stu
lis
kol
srp
svi
velj
2007
stu
lis
ruj
srp
lip
svi
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
Nema komentara :
Objavi komentar