this post was submitted on 24 Dec 2023
22 points (80.6% liked)

cybersecurity

3249 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

The Internet and email is old at this point.

It can be reasonably argued that email links are a significant threat vector right now.

So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.

My questions for comment:

  • Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
  • Why can't we do PKI well after a few decades?
  • Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?

I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?

Image credit: https://www.office1.com/blog/topic/email

Edit, post not related to the site or any service, just image credit.

you are viewing a single comment's thread
view the rest of the comments
[–] HubertManne@kbin.social 3 points 10 months ago (1 children)

I want a government email. I think the usps should run one that allows for official government communiction in an isolated inbox and then another isolated inbox for communication that would require a penny and an individual and a last inbox that allows for companies and such to send to you for a fee and it would be encrypted. I wold keep it separate from normal email but at least you could be sure of who the sender is and it would make government communications easier.

[–] MSgtRedFox@infosec.pub -1 points 10 months ago (1 children)

Interesting. I do wish our government identity extended to online. Instead of signing into a bunch of websites with a Google account, I think a us government or state account would be nice. One account, PKI in your driver's license or some other passkey like device.

I guess the trade would be protection of that digital ID and the system running it. We already have identity theft. I hope it would be harder if you have to digitally sign a bunch of stuff with you driver's license. Most people probably don't have experience with common access cards or tokens though.

[–] HubertManne@kbin.social 1 points 10 months ago

yes and you should never have to worry about losing it do to it being like canceled and you should be able to clear up any support issues at the post office.