[rostigerpudel]

Some reasons why I do not like tutanota:

* They say the combination of AES-128 and 2k RSA keys is secure

* The private key is stored on their servers (password needs to be set, but if security hinges on the private key password...)

* The website contains FUD (e.g. the FAQ [1])

* They have been sending UBE with loads of FUD to promote their services

[1] https://tutanota.de/#!faq (the language switch is all the way down at the bottom)

[itistoday2]

Yep. Note also that DANE (as they mention) currently depends on the full-blown DNSSEC stack to be useful. However, the full-blown DNSSEC stack suffers from many technical and design-related problems:

http://www.thoughtcrime.org/blog/ssl-and-the-future-of-authe...

http://ianix.com/pub/dnssec-outages.html

Disclaimer: I work on DNSChain, a blockchain-based alternative to DNSSEC & X.509. Note that DNSChain does support blockchain-authenticated DANE TLSA records. In the future, DNSSEC's SIG record may be used to provide MITM-proof verification of the validity of that TLSA record for DNS-based apps.

[Buge]

Are AES-128 and 2k RSA keys not secure?

I know 1k RSA isn't secure, but I thought 2k was.

[virtue3]

"Assuming the hypothetical NSA breakthroughs don't totally break public-cryptography -- and that's a very reasonable assumption -- it's pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We're already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits."

from Schneier's post: https://www.schneier.com/blog/archives/2013/09/the_nsas_cryp...

There is some speculation that the NSA could potentially have quantum computers in which case RSA(and basically everything) is just fucked. Hopefully that's not the case (but hey, what your shadow budget is more than the rest of the world spends on crytopgrahy research combined then who knows, right?)