Re: The Streisand imagecriminal lives 2-3 parcels away from me
That's all nice and good, but why should it be on cypherpunks? Where's the relevance to this list? Why is Ken, or his addres or helipad an interest to the cypherpunks? Why is PGE's monopolistic's actions against him relevant to the topics of this list? What's next? The Cypherpunk Equirer? IMHO, neither he, nor the Streisand creature have any relevance here - there perhaps was some relevance in terms of that lawsuit the bitch started, but, who gives a shit who your neighbors are? Should I start spamming this list with details about my neighbors? --Kaos-Keraunos-Kybernetos--- + ^ + :25Kliters anthrax, 38K liters botulinum toxin, 500 tons of /|\ \|/ :sarin, mustard and VX gas, mobile bio-weapons labs, nukular /\|/\ --*--:weapons.. Reasons for war on Iraq - GWB 2003-01-28 speech. \/|\/ /|\ :Found to date: 0. Cost of war: $800,000,000,000 USD.\|/ + v + : The look on Sadam's face - priceless! [EMAIL PROTECTED] http://www.sunder.net On Sun, 1 Jun 2003, Tim May wrote: Ken Adelman, the retired gazillionaire who has gained new fame as a photographer of the California coastline, lives a couple of parcels from me, perhaps half a kilometer.
Re: The Streisand imagecriminal lives 2-3 parcels away from me
On Tue, Jun 03, 2003 at 11:00:07AM -0400, Sunder wrote: | That's all nice and good, but why should it be on cypherpunks? Where's | the relevance to this list? Why is Ken, or his addres or helipad an | interest to the cypherpunks? Why is PGE's monopolistic's actions against | him relevant to the topics of this list? | | What's next? The Cypherpunk Equirer? We can hope they return. http://www.haven.boston.ma.us/~benji/wheels.html http://cypherpunks.venona.com/date/1997/03/msg00102.html -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: The Streisand imagecriminal lives 2-3 parcels away from me
At 11:00 AM 06/03/2003 -0400, Sunder wrote: That's all nice and good, but why should it be on cypherpunks? Where's the relevance to this list? Why is Ken, or his addres or helipad an interest to the cypherpunks? Why is PGE's monopolistic's actions against him relevant to the topics of this list? What's next? The Cypherpunk Equirer? Well sure - because not all the Black Helicopters flying over Tim's house have belonged to Feds/UN/etc. - one of them's probably been Ken's :-) I've also found Tim's comments on Pynchon living nearby interesting. IMHO, neither he, nor the Streisand creature have any relevance here - there perhaps was some relevance in terms of that lawsuit the bitch started, but, who gives a shit who your neighbors are? I'd say issues of putting aerial photography on the internet and how that changes the status of previously secret information are pretty close to our core issues - they're not directly cryptography, but neither are the guns, lots of guns discussions. I don't know if Hugh ever pulled off the export RSA by standing in a bar-code when the Russian 1-meter-resolution spy satellites fly over...
[eb@comsec.com: Re: Maybe It's Snake Oil All the Way Down]
- Forwarded message from Eric Blossom [EMAIL PROTECTED] - Date: Tue, 3 Jun 2003 13:25:50 -0700 From: Eric Blossom [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Orig-To: John Kelsey [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], EKR [EMAIL PROTECTED], Scott Guthery [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.4i On Tue, Jun 03, 2003 at 10:42:01AM -0400, John Kelsey wrote: At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: ... (One doesn't hear much about crypto phones these days. Was this really a need?) Yes, I believe there is a need. In my view, there are two factors in the way of wide spread adoption: cost and ease of use. Having spent many years messing with these things, I've come to the conclusion that what I personally want is a cell phone that implements good end-to-end crypto. This way, I've always got my secure communication device with me, there's no bag on the side, and it can be made almost completely transparent. And for cellphones, I keep thinking we need a way to sell a secure cellphone service that doesn't involve trying to make huge changes to the infrastructure, ... Agreed. Given a suitably powerful enough Java or whatever equipped cell phone / pda and an API that provides access to a data pipe and the speaker and mic, you can do this without any cooperation from the folks in the middle. I think that this platform will be common within a couple of years. The Xscale / StrongARM platform certainly has enough mips to handle both the vocoding and the crypto. Also on the horizon are advances in software radio that will enable the creation of ad hoc self organizing networks with no centralized control. There is a diverse collection of people supporting this revolution in wireless communications. They range from technologists, to economists, lawyers, and policy wonks. For background on spectrum policy issues see http://www.reed.com/openspectrum, http://cyberlaw.stanford.edu/spectrum or http://www.law.nyu.edu/benklery Free software for building software radios can be found at the GNU Radio web site http://www.gnu.org/software/gnuradio Eric - End forwarded message -
Re: Maybe It's Snake Oil All the Way Down
The White House Communications Agency is also working hard to secure presidential communications, with legacy systems needing ever-increasing maintenance and upgrades, the market continuing to outpace the big-ticket legacy clunker equipment, too expensive to chuck outright, yet having flaws begging for discovery, patches galore (most relying upon obscurity and secrecy), and the operators from the four military branches which run the system turning over regularly and each new wave needing special training to work the patchwork klutz, with retiring old salts who are the only ones who know how the hybrids work and whether they are truly secure, and not least, NSA doing it damndest to get new systems installed in all the prez's habitats and vehicles and layovers around the world, deploying crypto tools partly off the shelf, partly purpose-built at Ft Meade -- and the whole precarious mess subject to a 20-year-old pulling a thumb out of the dike and letting flow proof that the leader of the free world is up to what you'd expect despite the multi-million rig to hide the obvious. Rumor is that 98% of what is handled top secretly is trivial fluff, as with most mil comm, SIGINT, cellphone, microwave, fiber-optic, so that snake oil is apt protection. If all telecomm was shut down no more would change than pulling the plug on television. The other 2% is what the billions and billions is trying to find among the EM cataract of plaintext and speak smoke and whine -- by whoever may be plotting a world of pure bugfuck. But that could also be discovered by thoughtful analysis of any singular mania, whether religion, higher-ed, sport, stock market, politics, or mil-biz. Here's a recent account from Army Communicator of what's up at ever busier and harried and thumbplugging WHCA: http://cryptome.org/whca2003.pdg (680KB) WHCA itself is recruiting thumbs: http://www.disa.mil/whca
[PaulLambert@AirgoNetworks.Com: Re: BIS Disk Full]
- Forwarded message from Paul Lambert [EMAIL PROTECTED] - Subject: Re: BIS Disk Full Date: Mon, 2 Jun 2003 22:50:20 -0700 Thread-Topic: Re: BIS Disk Full Thread-Index: AcMpAGDW0rLn6AHCQFSmRRWCM9LG7QAkdTWg From: Paul Lambert [EMAIL PROTECTED] To: [EMAIL PROTECTED] X-Orig-To: Declan McCullagh [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] X-MIME-Autoconverted: from quoted-printable to 8bit by gw.lne.com id h535oULl001507 Is it this? http://snap.bis.doc.gov/ The correct URL is: http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html This site contains the full process to export encryption source code that would be considered publicly available The site has you e-mail to three addresses: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] You can also send a disk to both to 14th Street and Pennsylvania Avenue and Fort Meade I've submitted twice and never gotten an acknowledgement ... can't imagine that they are that busy. Paul -Original Message- From: Declan McCullagh [mailto:[EMAIL PROTECTED] Sent: Sunday, June 01, 2003 8:52 PM To: Anonymous Cc: [EMAIL PROTECTED] Subject: Re: BIS Disk Full URL? Is it this? http://snap.bis.doc.gov/ Email to [EMAIL PROTECTED] does not bounce, at least not immediately. -Declan On Sat, May 31, 2003 at 01:34:00PM -0700, Anonymous wrote: I tried to notify the BIS that I was posting some code and I got this error back: [EMAIL PROTECTED]: 170.110.31.61 failed after I sent the message. Remote host said: Can't create transcript file ./xfh4VJhUa02511: No space left on device [EMAIL PROTECTED]: 170.110.31.61 failed after I sent the message. Remote host said: Can't create transcript file ./xfh4VJhVC02512: No space left on device Are our rights suspended until they get their system fixed? :-) - End forwarded message -
Re: The Streisand imagecriminal lives 2-3 parcels away from me
On Tuesday, June 3, 2003, at 11:48 AM, Bill Stewart wrote: At 11:00 AM 06/03/2003 -0400, Sunder wrote: That's all nice and good, but why should it be on cypherpunks? Where's the relevance to this list? Why is Ken, or his addres or helipad an interest to the cypherpunks? Why is PGE's monopolistic's actions against him relevant to the topics of this list? What's next? The Cypherpunk Equirer? Well sure - because not all the Black Helicopters flying over Tim's house have belonged to Feds/UN/etc. - one of them's probably been Ken's :-) I've also found Tim's comments on Pynchon living nearby interesting. IMHO, neither he, nor the Streisand creature have any relevance here - there perhaps was some relevance in terms of that lawsuit the bitch started, but, who gives a shit who your neighbors are? I'd say issues of putting aerial photography on the internet and how that changes the status of previously secret information are pretty close to our core issues - they're not directly cryptography, but neither are the guns, lots of guns discussions. And neither are the 15th or 23rd essentially duplicative discussions of PGP or Mondex or SSL or crypto exports very interesting or useful. I have no idea who pissed in Sunder's Wheaties, but he is of course free to skip any articles and concentrate on the ones that interest him. Volume on the list is now a fraction of what it once was...and yet still much repetitiousness dominates. Sunder could consider subscribing to a Best of list...wait, doesn't he _run_ one? Problem solved. I was not the one who brought up the Streisand sut...that was a posting by Major Variola on Friday. I thought it was pretty interesting that the aerial photographer is a neighbor of mine. This is, after all, not the same as listing neighbors who have not been mentioned...this is more akin to there being some talked-about crime case here and having John Young or Declan say That guy is my neighbor across the way. Interesting to know where people live, with even less techno/privacy relevance (such as hearing that Gary Condit lived near where Declan lives). Added to the fact that I see his helicopters circling low over my property (which explains some of the close encounters of the chopper kind in recent years), and the privacy/Brinworld implications (mentioned by M. Variola), and the sheer coincidence that I had just returned from my first flying lesson, I felt the need to post. Also, about 50-60 people were at the meeting/party at my house last September, so they have some (perhaps slight) awareness of which hills and nearby areas I'm mentioning. Sunder should put me in his killfile for a while...I am doing that for his posts, for a while. By the way, the Adelman situation also has a few other interesting tidbits. The company Adelman and his partner formed was called TGV. Located in Santa Cruz, the names suggested _speed_, as in the French train of the same name. Lore has it that the real origin was Two Guys and a Vax. Adelman also founded Network Alchemy. TGV was sold at the peak of the Internet boom to Cisco and Network Alchemy was sold to Nokia. Adelman cleared at least a few hundred million dollars. --Tim May He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. -- Nietzsche
[eay@pobox.com: Re: Maybe It's Snake Oil All the Way Down]
- Forwarded message from Eric Young [EMAIL PROTECTED] - Date: Wed, 04 Jun 2003 01:05:24 +1000 From: Eric Young [EMAIL PROTECTED] User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en To: [EMAIL PROTECTED] X-Orig-To: [EMAIL PROTECTED] CC: EKR [EMAIL PROTECTED], Eric Murray [EMAIL PROTECTED], Scott Guthery [EMAIL PROTECTED], Rich Salz [EMAIL PROTECTED], Bill Stewart [EMAIL PROTECTED], cypherpunks [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Maybe It's Snake Oil All the Way Down In-Reply-To: [EMAIL PROTECTED] Ian Grigg wrote: It's like the GSM story, whereby 8 years down the track, Lucky Green cracked the crypto by probing the SIMs to extract the secret algorithm over a period of many months (which algorithm then fell to Ian Goldberg and Dave Wagner in a few hours). In that case, some GSM guy said that, it was good because it worked for 8 years, that shows the design was good, doesn't it? And Lucky said, now you've got to replace hundreds of millions of SIMs, that's got to be a bad design, no? Well the point here is that the data encryption in GSM is not relevant to the people running the network. The authentication is secure, so there is no fraud, so they still get the money from network usage. Privacy was never really there since the traffic is not encrypted once it hit the base station, so the relevant government agencies can be kept happy. The encryption was only relevant to protect the consumers from each other. eric (hopefully remembering things correctly) - End forwarded message -
Re: SIGINT planes vs. radioisotope mapping
At 05:28 PM 6/3/03 -0700, Tim May wrote: Possibly for construction of baseline maps of existing radioisotopes in university labs, hospitals, and private facilities. Then deviations from baseline maps could be identified and inspected in more detail with ground-based vans and black bag ops. Good call. I wonder if folks getting PET scans will have to kick back longer in the waiting areas lest they be snatched by delta teams... hopefully the .mils can distinguish Tc99 et al from other 'topes.. similarly with mobile industrial inspection rigs --except that they have the good stuff a RD gadget-maker would want. Maybe GPS + IFF beacons will be added to those. --- SAFETY RULES FOR US STRATEGIC BOMBERS 5.1. Don't use nuclear weapons to troubleshoot faults. http://cryptome.org/afi91-111.htm
Re: Maybe It's Snake Oil All the Way Down
Ian Grigg [EMAIL PROTECTED] writes: It's also very much oriented to x.509 and similar certificate/PKI models, which means it is difficult to use in web of trust (I know this because we started on the path of adding web of trust and text signing features to x.509 before going back to OpenPGP), financial and nymous applications whereby trust is bootstrapped a different way. That's a red herring. It happens to use X.509 as its preferred bit-bagging format for public keys, but that's about it. People use self-signed certs, certs from unknown CAs [0], etc etc, and you don't need certs at all if you don't need them, blatant self-promotionI've just done an RFC draft that uses shared secret keys for mutual authentication of client and server, with no need for certificates of any kind/blatant self-promotion, so the use of certs, and in particular a hierarchical PKI, is merely an optional extra. It's no more required in SSL than it is in SSHv2. Has anyone read Ferguson and Schneier's _Practical Cryptography_ ? Does it address this issue of how an outsider decides how to make or buy? I just read the reviews on Amazon, they are ... entertaining! They spend a nontrivial portion of the book reinventing SSL/SSHv2. I guess they lean towards the roll-your-own side of the argument :-). I'm firmly in the opposite camp (see Lessons Learned in Implementing and Deploying Crypto Software, links off my home page at http://www.cs.auckland.ac.nz/~pgut001/). I think that providing an abstract description of a fairly complex security protocol *in a book targeted at security novices* and then hoping that they manage to implement it correctly is asking for trouble. OTOH it's fun going through the thought processes involved in designing the protocol. I just wish they'd applied the process to SSL or SSHv2 instead, so that at the end of it they could tell the reader to go out and grab an implementation that someone else has got right for them. Peter. [0] The vendor of one widely-used MTA once told me that 90% of the certs they saw used in STARTTLS applications were non-big name CA-issued ones (self- signed, etc etc).
Re: Maybe It's Snake Oil All the Way Down
Ian Grigg [EMAIL PROTECTED] writes: Eric Rescorla wrote: True, although, that begs the question as to how they learn. Only by doing, I'd say. I think one learns a lot more from making mistakes and building ones own attempt than following the words of wise. One learns by *practicing*. That said, though, there's next to no need for people to know how to design their own communications security protocols, so it's not really that important for them to learn. OK. Then I am confused about the post that came out recently. It would be very interesting to hear the story, written up. The rough version of it is in my book. -Ekr -- [Eric Rescorla [EMAIL PROTECTED] http://www.rtfm.com/
RE: Maybe It's Snake Oil All the Way Down
At 09:11 AM 6/3/2003, Peter Gutmann wrote: Lucky Green [EMAIL PROTECTED] writes: Given that SSL use is orders of magnitude higher than that of SSH, with no change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by your assertion that ssh, not SSL, is the only really successful net crypto system. I think the assertion was that SSH is used in places where it matters, while SSL is used where no-one really cares (or even knows) about it. Joe Sixpack will trust any site with a padlock GIF on the page. Most techies won't access a Unix box without SSH. Quantity != quality. I have my own opinion on what this assertion means. :-) I believe it intends to state that ssh is more successful because it is the only Internet crypto system which has captured a large share of its use base. This is probably true: I think the ratio of ssh to telnet is much higher than the ratio of https to http, pgp to unencrypted e-mail, or what have you. However, I think SSL has been much more successful in general than SSH, if only because it's actually used as a transport layer building block rather than as a component of an application protocol. SSL is used for more Internet protocols than HTTP: it's the standardized way to secure POP, IMAP, SMTP, etc. It's also used by many databases and other application protocols. In addition, a large number of proprietary protocols and custom systems use SSL for security: I know that Certicom's SSL Plus product (which I originally wrote) is (or was) used to secure everything from submitting your taxes with TurboTax to slot machine jackpot notification protocols, to the tune of hundreds of customers. I'm sure that when you add in RSA's customers, those of other companies, and people using OpenSSL/SSLeay, you'll find that SSL is much more broadly used than ssh. I'd guess that SSL is more broadly used, in a dollars-secured or data-secure metric, than any other Internet protocol. Most of these uses are not particularly visible to the consumer, or happen inside of enterprises. Of course, the big winners in the $-secured and data-secured categories are certainly systems inside of the financial industry and governmental systems. - Tim
Re: Maybe It's Snake Oil All the Way Down
At 10:09 AM 6/2/03 -0400, Ian Grigg wrote: (One doesn't hear much about crypto phones these days. Was this really a need?) As a minor aside - most laptops can manage pgpfone using only onboard hardware these days, either using an integrated modem or (via infrared) a mobile phone.
Re: Maybe It's Snake Oil All the Way Down
Tim Dierks wrote: At 09:11 AM 6/3/2003, Peter Gutmann wrote: Lucky Green [EMAIL PROTECTED] writes: Given that SSL use is orders of magnitude higher than that of SSH, with no change in sight, primarily due to SSL's ease-of-use, I am a bit puzzled by your assertion that ssh, not SSL, is the only really successful net crypto system. I think the assertion was that SSH is used in places where it matters, while SSL is used where no-one really cares (or even knows) about it. Joe Sixpack will trust any site with a padlock GIF on the page. Most techies won't access a Unix box without SSH. Quantity != quality. I have my own opinion on what this assertion means. :-) I believe it intends to state that ssh is more successful because it is the only Internet crypto system which has captured a large share of its use base. This is probably true: I think the ratio of ssh to telnet is much higher than the ratio of https to http, pgp to unencrypted e-mail, or what have you. Certainly, in measureable terms, Tim's description is spot on. I agree with Peter's comments, but that's another issue indeed. However, I think SSL has been much more successful in general than SSH, if only because it's actually used as a transport layer building block rather than as a component of an application protocol. SSL is used for more Internet protocols than HTTP: it's the standardized way to secure POP, IMAP, SMTP, etc. It's also used by many databases and other application protocols. In addition, a large number of proprietary protocols and custom systems use SSL for security: I know that Certicom's SSL Plus product (which I originally wrote) is (or was) used to secure everything from submitting your taxes with TurboTax to slot machine jackpot notification protocols, to the tune of hundreds of customers. I'm sure that when you add in RSA's customers, those of other companies, and people using OpenSSL/SSLeay, you'll find that SSL is much more broadly used than ssh. Design wins! Yes, indeed, another way of measuring the success is to measure the design wins. Using this measure, SSL is indeed ahead. This probably also correlates with the wider support that SSL garners in the cryptography field. I'd guess that SSL is more broadly used, in a dollars-secured or data-secure metric, than any other Internet protocol. Most of these uses are not particularly visible to the consumer, or happen inside of enterprises. Of course, the big winners in the $-secured and data-secured categories are certainly systems inside of the financial industry and governmental systems. That would depend an awful lot on what was meant by dollars-secured and data-secured ? Sysadmins move some pretty hefty backups by SSH on a routine basis. -- iang
