@sheogorath I like the idea of calling them. How do you (personally) check if they support encrypted email?
Week 35: The Internet Freedom Festival ✊🏽
It's been a while coming...
@sheogorath Yeah totally, well in this I didn't read the article because it was easier to hit "back" than dismiss the popups, so perhaps people will just stop reading it naturally :)
@sheogorath What sort of spam was it?
@wiktor Yes indeed! I'm thinking about this too.
If I'm only concerned about *read-only* mitm then we could host the pins online somewhere rather than bake them into the app
@wiktor I was musing whether our login / challenge endpoint could provide more than just a signed token, but a session key that's *also* used to encrypt the whole session *inside* TLS
@wiktor Tunnelling: from the 1Password security whitepaper, page 45 "Transport Security":
@wiktor Yeah JWT is a great approach. Maybe we forget the tunnelling bit for now...
Engineer, maker, dreamer.
Building Fluidkeys to help teams use strong encryption
A social media community hosted in the UK; part of the Mastodon/ActivityPub federated social network, which allows you to follow users on other communities. It's a bit like Twitter but without a single company in control.
This is a volunteer-run community administered by @floppy, and hosted by Mastohost in the UK. Please support our running costs by joining the Open Collective and becoming a backer. Thanks go to our existing backers - this place exists because of them!