Facebook says it has chosen to use GNU Privacy Guard (GPG) for its implementation. Back in February, the company stepped in with a $50,000 donation when the GPG project was struggling to raise funds to secure its future. As far as the detailed implementation is concerned, Facebook`s notifications will be encrypted using the RSA or ElGamal algorithms, and the company is `investigating the addition of support for GPG`s newer elliptic curve algorithms in the near future.` Facebook is also looking at ways of offering public key management on mobile devices, not currently supported.
When encrypted notifications are enabled on an account, Facebook will sign outbound messages using its own private key to provide greater assurance that the contents of inbound e-mails are genuine—one of the chief benefits of the new feature. It means, for example, that users can be sure that password reset messages do indeed come from Facebook rather than someone masquerading as the company.
Although limited in its impact, the move is a step beyond HTTPS by default, which the company rolled out two years ago. Facebook`s example may encourage other online services to follow suit, and could also help to raise awareness of the general idea of end-to-end encryption for email.
Read original article
No comments:
Post a Comment