Re: [cryptography] The next gen P2P secure email solution
Message du 13/05/14 05:55 De : grarpamp A : cypherpu...@cpunks.org Copie à : p2p-hack...@lists.zooko.com, cryptography@randombit.net Objet : Re: [cryptography] The next gen P2P secure email solution On Fri, May 9, 2014 at 11:49 AM, rysiek wrote: Dnia wtorek, 22 kwietnia 2014 20:58:50 tpb-cry...@laposte.net pisze: Although technical solutions are feasible Then do it and see what happens. we ought to consider some things: - Email is older than the web itself; So is TCP/IP and the transistor. Irrelevant. You clearly did not get the point, but let's move along your argument. - Email has three times as many users as all social networks combined; And how did those nets get any users when 'email' was supposedly working just fine? E-mail not allowing one to make his ego appreciated and envied in a structured nicely formatted page maybe? - Email is entrenched in the offices, many a business is powered by it; They are powered by authorized access to and useful end use of message content, not by email. That's not going anywhere, only the intermediate transport is being redesigned. Can you recode outlook, eudora and other closed source stuff people use(d) for e-mail handling for business? No? Well, that answers why it is hard to remove. Given the enormous energy necessary to remove such an appliance and replace Removal is different from introducing competitive alternatives. Little proprietary walled gardens are absolutely not the answer for this problem. it with something better. How could we make a secure solution that plays nicely with the current tools without disturbing too much what is already established? By writing a gateway (i.e. between RetroShare and e-mail)? The gateway idea is interesting, but it has to be efficient enough and low cost enough for people to switch over. Something like bitmessage is not. MUA's become file readers and composers. They hand off to a localhost daemon that recognizes different address formats of the network[s] and does the right thing. Perhaps they compile against additional necessary network/crypto libs. Whatever it is, those are not a big change. Ditching centralized SMTP transport in the clear is... and for the better. http://arstechnica.com/security/2014/05/good-news-for-privacy-fewer-servers-sending-e-mail-naked-facebook-finds/ I think that answers your concern about SMTP transport in the clear, in less than one year the darkest bar in that chart will be close to 100%. If 80% of hosts demand strict encrypted transport, it will force the other 20% to change. Considering the snowden revelations and the fact that one year ago we barely used encrypted transport, having 1/4 already and accelerating is a good prospect. Reread the threads, forget about that old SMTP box, think new. Fixing the problem is better than overhauling all offices in the world, you clearly haven't been in may offices in your life. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Is it time for a revolution to replace TLS?
On Tue, May 13, 2014 at 4:23 PM, Phillip Hallam-Baker hal...@gmail.comwrote: In general any proposal of the form 'lets replace X with something 10% 'better'' is a losing proposition. Particularly when we are talking about systems where network effects dominate such as protocols, APIs and keyboard layouts[1]. Does that mean that JSON was more than 10% better than XML, or REST more than 10% better than SOAP? That's not to say that enterprise users don't still make extensive use of the, for lack of a better term, crappier technologies, but for the rest of us, we hopefully don't have those monstrosities in our daily lives anymore. -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Is it time for a revolution to replace TLS?
On Thu, May 15, 2014 at 1:26 PM, Phillip Hallam-Baker hal...@gmail.comwrote: JSON is a lot more than 10% better than ASN.1 or XML because both of the latter are bjorked. XML prefixes are insane And TLS isn't? ;) -- Tony Arcieri ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The next gen P2P secure email solution
On Thu, May 15, 2014 at 8:36 AM, tpb-cry...@laposte.net wrote: - Email is entrenched in the offices, many a business is powered by it; They are powered by authorized access to and useful end use of message content, not by email. That's not going anywhere, only the intermediate transport is being redesigned. Can you recode outlook, eudora and other closed source stuff people use(d) for e-mail handling for business? No? Well, that answers why it is hard to remove. Fixing the problem is better than overhauling all offices in the world, Nobody can recode closed source but them. I would offer [pluggable] open source alternatives and let gravity move the closed ones over time. Given the enormous energy necessary to remove such an appliance and replace Removal is different from introducing competitive alternatives. Little proprietary walled gardens are absolutely not the answer for this problem. Nothing proprietary being made here, all open source, hack and use freely. it with something better. How could we make a secure solution that plays nicely with the current tools without disturbing too much what is already established? By writing a gateway (i.e. between RetroShare and e-mail)? The gateway idea is interesting, but it has to be efficient enough and low cost enough for people to switch over. Something like bitmessage is not. MUA's become file readers and composers. They hand off to a localhost daemon that recognizes different address formats of the network[s] and does the right thing. Perhaps they compile against additional necessary network/crypto libs. Whatever it is, those are not a big change. Ditching centralized SMTP transport in the clear is... and for the better. http://arstechnica.com/security/2014/05/good-news-for-privacy-fewer-servers-sending-e-mail-naked-facebook-finds/ I think that answers your concern about SMTP transport in the clear Yes, great, we're now moving towards strict and PFS encrypted transport. That's not much of a complete achievement since it does not solve any of the other snowden-ish issues recent p2p threads are meant to encompass... - [secret/trollish/illegal] orders against centralized mail servers/services to store and disclose all metadata and [unencrypted] content, including transport headers and pesky to/from/subject/etc headers. - voluntary 'cooperation' to do the same. - capability for messaging over encrypted anonymous p2p overlay networks so that the only real place left to compel is the investigated user themselves (or millions of users if you want to fight up against free speech / privacy). you clearly haven't been in may offices in your life. Don't say on others position until you are their shadow. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The next gen P2P secure email solution
Oh boy, here we go. Message du 15/05/14 23:14 De : grarpamp http://arstechnica.com/security/2014/05/good-news-for-privacy-fewer-servers-sending-e-mail-naked-facebook-finds/ I think that answers your concern about SMTP transport in the clear Yes, great, we're now moving towards strict and PFS encrypted transport. That's not much of a complete achievement since it does not solve any of the other snowden-ish issues recent p2p threads are meant to encompass... - [secret/trollish/illegal] orders against centralized mail servers/services to store and disclose all metadata and [unencrypted] content, including transport headers and pesky to/from/subject/etc headers. pesky to/from/subject/etc headers. Those are hidden by use of TLS. Regarding government wanting your data in the clear by requesting it to the ISP you use, well switch your communications to another country, problem solved. - voluntary 'cooperation' to do the same. - capability for messaging over encrypted anonymous p2p overlay networks so that the only real place left to compel is the investigated user themselves (or millions of users if you want to fight up against free speech / privacy). p2p is no panacea, it doesn't scale and it will never, ever be able to handle the latest netflixy app Joes are so much into. p2p is for techead kids like you, not for the masses. The masses do not understand it unless it brings spiderman, batman, faggotman hollywood garbage faster to their living rooms. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The next gen P2P secure email solution
pesky to/from/subject/etc headers. Oh boy, here we go. Those are hidden by use of TLS. Have you not been following the weaknesses intrinsic to SMTP discussions? Yes, they are hidden in TLS transport on the wire. No, they are not hidden in core or on disk at the intermediate and final message transport nodes. That's bad. We want all human relevant plaintext content, such pesky headers included, to be hidden from observation by anyone other than us (at our origination or final receipt nodes). There is no oh boy in that sensible new design. Regarding government wanting your data in the clear by requesting it to the ISP you use, well switch your communications to another country, problem solved. Have you ever heard of MLAT, extradition, interpol, public and private cooperation, dealings, and other such things? And maybe you simply do not trust any 'country' with carriage of your insistent plaintext. There is no such 'solved' with that. - voluntary 'cooperation' to do the same. - capability for messaging over encrypted anonymous p2p overlay networks so that the only real place left to compel is the investigated user themselves (or millions of users if you want to fight up against free speech / privacy). p2p is no panacea, it doesn't scale I believe it could. Even if requiring super aggregating nodes of some sort. Layers of service of the whole DHT space. More research is surely required. and it will never, ever be able to handle the latest netflixy app Joes are so much into. p2p is for techead kids like you, not for the masses. We are talking messaging, not bulk data. However, once you have the nodes scalable to millions of communicators, there is probably no issue transporting bulk data among a select few along their path metrics. Cathal brings up a great and tricky issue regarding choices to store-and-forward. SF is quite more complex, but possibly more useful, than realtime. The masses do not understand it unless it brings spiderman, batman, faggotman hollywood garbage faster to their living rooms. I agree such garbage is rather pointless life endeavour. I would be happy to message you via such a new messaging system though :) ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography