-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In message fdd34a58-6ce6-497a-a177-b940d36d0...@lrw.com, Jerry Leichter
leich...@lrw.com writes
On the flip side, mail systems like gMail or Yahoo mail are complex and
difficult to run *exactly because they are immense*.
The mail systems part is
On Sun, 25 Aug 2013 23:40:35 -0400 Phillip Hallam-Baker
hal...@gmail.com wrote:
There has to be a layered approach.
Traffic analysis is probably going to demand steganography and that
is almost by definition outside standards work.
I'm unaware of anyone who has seriously proposed
On Sun, 25 Aug 2013 23:32:32 -0400 Jerry Leichter leich...@lrw.com
wrote:
I think the goal to aim for is no patches! Keep the device and its
interfaces simple enough that you can get a decent formal proof of
correctness, along with a ton of careful review and testing (per
Don Knuth's comment
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
rich...@highwayman.com wrote:
If you run your own emails system then you'll rapidly find out what
2013's spam / malware problem looks like.
This is slightly off topic, but...
As it happens, I run my own email system (and run email for a few
On Sun, 25 Aug 2013 18:04:13 -0700 Christian Huitema
huit...@huitema.net wrote:
Bottom line, anonymous DHT are fragile.
Though it appears that Tor uses them for its hidden service
directory. How does it do that robustly (or does it do it robustly)?
How do other users of DHTs handle attacks in
I don't think you need all that much to get good secure private email.
You need a client that can make PEM pretty seamless; reduce it to a
button that says encrypt when possible. You need the client to be
able to generate a keypair, upload the public half, and pull down
(seamlessly) recipient
Hi,
Can you rephrase whether you want info about DHT systems that are
related to some kind of mix system (e.g. GNUnet), or whether you
simply want to know about common DHT systems. If the latter, what
kind of attacks are you after? Eclipse?
My knowledge of the field is pretty spotty in
Hi,
On 26.08.2013 00:28, Perry E. Metzger wrote:
We probably don't want any sort of central service running this
network that could be easily disrupted, so identifier to IP address
information should probably be stored in some big honking DHT, signed
in the ID's key. Access to the DHT
On Aug 26, 2013, at 10:14 AM, Perry E. Metzger pe...@piermont.com wrote:
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
rich...@highwayman.com wrote:
If you run your own emails system then you'll rapidly find out what
2013's spam / malware problem looks like.
This is slightly off
On Sun, Aug 25, 2013 at 7:42 PM, Christian Huitema huit...@huitema.netwrote:
My knowledge of the field is pretty spotty in general as I've never paid
much
attention up until now -- mostly I know about how people have built DHTs
in
non-hostile environments. I'm close enough to starting
This is everything *but* PRISM-proof : it doesn t solve the metadata issue
and your directory server containing public keys could very well be forced
by a law enforcement agency ( in the best case scenario because it could
also be the mafia) to answer the fbi/mafia public key on any request made
A3: Please.
Q3: Should I avoid top posting on this mailing list?
A2: Because, by reversing the order of a conversation, it leaves the
reader without much context, and makes them read a message in an
unnatural order.
Q2: Why is top posting irritating?
A1: It is the practice of putting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 26, 2013, at 4:12 AM, Richard Salz rich.s...@gmail.com wrote:
I don't think you need all that much to get good secure private email.
You need a client that can make PEM pretty seamless; reduce it to a
button that says encrypt when
On 08/26/2013 04:12 AM, Richard Salz wrote:
You need the client to be
able to generate a keypair, upload the public half, and pull down
(seamlessly) recipient public keys. You need a server to store and
return those keys. You need an installed base to kickstart the network
effect.
Who has
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into keys
with reasonable trust) and part 2 (most users having some sort of
long lived $40 device attached to their home
On 08/25/2013 08:32 PM, Jerry Leichter wrote:
Where
mail servers have gotten into trouble is when they've tried to provide
additional services - e.g., virus scanners, which then try to look
inside of complex formats like zip files. This is exactly the kind
of thing you want to avoid - another
On Aug 26, 2013, at 1:16 PM, Ray Dillinger b...@sonic.net wrote:
Minor point in an otherwise interesting message:
Even a tiny one-percent-of-a-penny payment
that is negligible between established correspondents or even on most email
lists would break a spammer. Also, you can set your client to
On Sun, Aug 25, 2013 at 12:12 PM, Perry E. Metzger pe...@piermont.comwrote:
Anyone care to shed some light? Pointers to literature are especially
welcome
Check out this paper: Security Considerations for Peer-to-Peer Distributed
Hash Tables
On Mon, 26 Aug 2013 10:40:17 -0700 Ray Dillinger b...@sonic.net
wrote:
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into
keys with reasonable trust) and part 2
This is everything *but* PRISM-proof
I wasn't trying to be PRISM proof, hence my subject line. The client
and keyserver could help thwart traffic analysis by returning a few
extra keys on each request. The client then sends a structure
message to some of those keys that the receiving client
On 08/26/2013 10:39 AM, Jerry Leichter wrote:
On Aug 26, 2013, at 1:16 PM, Ray Dillinger b...@sonic.net wrote:
Even a tiny one-percent-of-a-penny payment
that is negligible between established correspondents or even on most email
lists would break a spammer.
This (and variants, like a
On Mon, Aug 26, 2013 at 02:44:32PM -0400, Perry E. Metzger wrote:
My main issue with this proposal is that somebody identifiable is
going to manufacture these boxes. Maybe several somebodies, but
IMO, that's an identifiable central point of control/failure.
Recently there's a trend for at
I really like RPis as a cryptographic tool. The only thing that would make
them better is a second Ethernet interface so they could be used as a
firewall type device.
However that said, the pros are:
* Small, cheap, reasonably fast, has ethernet and even a monitor output
* Boot from an SD card
On Mon, 26 Aug 2013 14:53:54 -0400 Richard Salz rich.s...@gmail.com
wrote:
Traffic analysis is the problem
Do you really think that for most people on the planet, that it is?
Probably. If one's threat model is mass dragnet surveillance, traffic
analysis is far too useful a way for the enemy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/25/2013 09:04 PM, Christian Huitema wrote:
If we want something robust, we have to forgo the mathematical
elegance of the DHT, and adopt a network structure in which nodes
only connect to peers that they trust. You could call that
networks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
Which is why I think Ted Lemon's idea about using Facebook type
friending may be necessary.
Or Gchat-style contacts.
I don't think we can rely on that for Key distribution. But I think
it
On 8/26/13 8:14 AM, Perry E. Metzger wrote:
there is a good reason that I proposed that in the
long run, whitelist only systems like Jabber and Facebook messaging
are a better model.
As one of those Jabber guys, I agree. :-)
Perry, thanks for starting some very interesting threads here --
On Mon, Aug 26, 2013 at 4:12 PM, Phillip Hallam-Baker hal...@gmail.com wrote:
I really like RPis as a cryptographic tool. The only thing that would make
them better is a second Ethernet interface so they could be used as a
firewall type device.
Two things to look at. Onion Pi turns one into a
On Mon, Aug 26, 2013 at 5:43 PM, Perry E. Metzger pe...@piermont.comwrote:
On Mon, 26 Aug 2013 16:12:22 -0400 Phillip Hallam-Baker
hal...@gmail.com wrote:
I really like RPis as a cryptographic tool. The only thing that
would make them better is a second Ethernet interface so they could
be
I was pointed to this list by a friend of mine who thought I'd be
interested in this discussion, and indeed I am. I intended to lurk for
a while before posting, but this discussion so perfectly fits with a
SkyTalk I gave at DefCon last year (DC20, not just a few weeks ago)
where I proposed this
On Tue, 27 Aug 2013 12:06:47 +1200 Peter Gutmann
pgut...@cs.auckland.ac.nz wrote:
Perry E. Metzger pe...@piermont.com writes:
Custom built hardware will probably be the smartest way to go for
an entrepreneur trying to sell these in bulk to people as home
gateways anyway -- you want the nice
Ralph Holz ralph-cryptometz...@ralphholz.de writes:
There is a host of older literature, too - P2P research, however, has become
a cold topic. Although I expect that it will see a revival in the face of
surveillance.
For people who are interested, the list I have (for a year or two back) is:
32 matches
Mail list logo