From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Bill Ricker
And it would be even nice if the nice person doing all
that for free managed not to compromise security while doing it, but
that's
rather less likely. Easy, Secure,
We are the minority - people like your Mom are the clear majority. It doesn't
matter if we understand it, we (not literal: read techies) need to make it easy
for everyone else…
Most people can't drive a stick; imagine if we asked them to set the air/fuel
mixture as well while they are driving
On Aug 19, 2011, at 8:23 AM, Edward Ned Harvey wrote:
Agreed, but neither my Mom nor myself need to have a clue how SSL works in
order to use something like s/mime. It just so happens I am able to follow
a process, click all the right checkboxes, to create install my
certificate, and those
Date: Sun, Jun 12, 2011 at 3:29 PM
Subject: Re: [Discuss] Relevance of PGP?
To: Anthony Gabrielson agabriels...@comcast.net
If average users didn't understand the reason their front doors have locks,
they probably wouldn't bother locking their fromt doors, and risk having
their homes
easier for end users, ... and not cost money…
That would be nice! And it would be even nice if the nice person doing all
that for free managed not to compromise security while doing it, but that's
rather less likely. Easy, Secure, Free, pick two isn't guaranteed the way
quick, good, cheap -
Well I've come up with an idea to it. I'm presenting it at a conference in
Rome at the end of the next month. I'm not saying the idea is perfect in its
current form, but I do think its considerably better than SSL on all of the
fronts I mentioned.
Anthony
On Aug 18, 2011, at 9:21 PM, Bill
The September BLU meeting is our annual keysigning party; the first part
of the meeting is a discussion about PGP, and then we run through the
procedure where everyone who had preregistered for the keysigning
verifies the identities of everyone else who had preregistered.
Perhaps you could
Unfortunately classes are on Wednesday nights this semester and I will be in
Rome the week after. I do not want to miss two classes in a row...
On Aug 18, 2011, at 9:58 PM, John Abreau wrote:
The September BLU meeting is our annual keysigning party; the first part
of the meeting is a
On Jun 10, 2011, at 8:12 AM, Edward Ned Harvey wrote:
I am very surprised to hear people using the term PGP as if it were
synonymous with Email signing/encryption. As far as I'm concerned, S/MIME
has already won the war on email signing/encryption. Go get a free
certificate from
From: Derek Martin [mailto:inva...@pizzashack.org]
Sent: Monday, June 13, 2011 3:35 PM
If you don't take the time to actually verify BOTH the identity of the
person sending you messages, and the secret they've given you, then
you're right, there's no difference. Both are worthless, beyond
On 06/14/2011 09:37 AM, Edward Ned Harvey wrote:
From: Derek Martin [mailto:inva...@pizzashack.org]
Sent: Monday, June 13, 2011 3:35 PM
If you don't take the time to actually verify BOTH the identity of the
person sending you messages, and the secret they've given you, then
you're right,
From: Derek Martin [mailto:inva...@pizzashack.org]
Sent: Tuesday, June 14, 2011 7:14 PM
The upshot of that is that it doesn't matter how much you trust your
bank's online security. You gain nothing by not trusting the service,
because your info is already available to your would-be
On Jun 12, 2011, at 10:37 PM, Tom Metro wrote:
And how about if you delete all your root certificates (rather
inconvenient on a web browser, but probably minimal impact on a mail
client), and instead only use certificates that you obtain direct from
the other party or through your chosen web
|
| The same concept applies to automation. We don't want to be required
| to do something manually, or hire someone to do it for us, if it can be
| automated. But something that cannot be automated without sacrificing
| a critical part of its essence should not be automated. And my gut
On Jun 11, 2011, at 9:14 AM, Edward Ned Harvey wrote:
But you can certainly establish all the same external context using S/MIME
or PGP alike. The only difference is whether or not you HAVE TO establish
external context.
You have it backwards. PGP/GPG do not require the use of the external
The point I'm trying to make is that automation is similar to simplification.
As Albert Einstein used to say, Everything should be made as simple
as possible, but no simpler. When you oversimplify something, you
essentially destroy a fundamental part of it.
The same concept applies to automation.
From: Bill Ricker [mailto:bill.n1...@gmail.com]
Sent: Friday, June 10, 2011 9:35 AM
a signature with a free CA cert deserves no trust - it verifies the
email address was the email address on a certain date only.
Same as PGP.
The only reason you might trust PGP more is because you were
On 06/10/2011 09:34 AM, Bill Ricker wrote:
On Fri, Jun 10, 2011 at 8:12 AM, Edward Ned Harveyb...@nedharvey.com wrote:
Go get a free certificate from
a signature with a free CA cert deserves no trust - it verifies the
email address was the email address on a certain date only.
I find that
Edward Ned Harvey wrote:
I am very surprised to hear people using the term PGP as if it were
synonymous with Email signing/encryption. As far as I'm concerned, S/MIME
has already won the war on email signing/encryption.
I wish that were true, but can you name any organization that routinely
On Fri, Jun 10, 2011 at 12:05 PM, John Abreau j...@blu.org wrote:
As far as I'm concerned, using S/MIME means handing off control of
who I trust to an unknown mix of government and corporate entities
who have no vested interest in actually protecting my privacy.For the
corporate entities
On Jun 10, 2011, at 9:34 AM, Bill Ricker wrote:
On Fri, Jun 10, 2011 at 8:12 AM, Edward Ned Harvey b...@nedharvey.com wrote:
Go get a free certificate from
a signature with a free CA cert deserves no trust - it verifies the
email address was the email address on a certain date only.
On 06/10/2011 12:44 PM, Tom Metro wrote:
Edward Ned Harvey wrote:
I am very surprised to hear people using the term PGP as if it were
synonymous with Email signing/encryption. As far as I'm concerned, S/MIME
has already won the war on email signing/encryption.
I wish that were true, but
On Jun 10, 2011, at 1:05 PM, Mark Woodward wrote:
What we need is a mechanism to distribute and verify public keys.
You've just described a certificate authority: a mechanism that distributes and
verifies public keys (certificates). What we need is a verification mechanism
that is
John Abreau wrote:
As far as I'm concerned, using S/MIME means handing off control of
who I trust to an unknown mix of government and corporate entities
who have no vested interest in actually protecting my privacy.For the
corporate entities involved, their only vested interest is short-term
On 06/10/2011 02:06 PM, Richard Pieri wrote:
On Jun 10, 2011, at 1:05 PM, Mark Woodward wrote:
What we need is a mechanism to distribute and verify public keys.
You've just described a certificate authority: a mechanism that distributes
and verifies public keys (certificates). What we need
Mark Woodward wrote:
OTR encrypts an IM TCP stream so that agents between the two end points
shouldn't be able to read the data.
Technically, I believe OTR encrypts the message, which then gets handed
off to the particular IM protocol, which in turn is transported via TCP.
I imagine there is a
On 06/10/2011 08:50 PM, Tom Metro wrote:
Mark Woodward wrote:
OTR encrypts an IM TCP stream so that agents between the two end points
shouldn't be able to read the data.
Technically, I believe OTR encrypts the message, which then gets handed
off to the particular IM protocol, which in turn is
Isaac Asimov had a famous short story with that title.
I hadn't heard of Phillip K. Dick using the title.
Asimov's story was about a history professor who was
obsessed with ancient Carthage, and he was denied use
of the government's time viewer to do his research. He
then recruited a young
At last year's annual BLU PGP keysigning, Alex Brennan gave his
traditional talk,
but as I recall he was somewhat disenchanted with PGP. If I'm remembering his
statement correctly, he said something to the effect that PGP had been
an important
fight for our fundamental rights, but that we've
Every September, I have skipped the meeting. Since I am just a nerd
with a few public web sites and an open source project, I don't feel a
need to encrypt anything. I would be interested to hear why people in
BLU uses encryption.
Doug
John Abreau / Executive Director, Boston Linux Unix
AIM
On 06/09/2011 01:27 PM, Doug wrote:
Every September, I have skipped the meeting. Since I am just a nerd
with a few public web sites and an open source project, I don't feel a
need to encrypt anything. I would be interested to hear why people in
BLU uses encryption.
I make sure to use it
I make sure to use it when my wife sends me email to my work email
address. My employer doesn't need to be reading my personal email
(there are laws against employers reading personal mail, but why trust
people to abide by the law when you don't have to?). I also
opportunistically use it
On Thu, Jun 09, 2011 at 02:27:29PM -0400, Matthew Gillen wrote:
On 06/09/2011 01:27 PM, Doug wrote:
Every September, I have skipped the meeting. Since I am just a nerd
with a few public web sites and an open source project, I don't feel a
need to encrypt anything. I would be interested to
On 06/09/2011 02:48 PM, Doug wrote:
I make sure to use it when my wife sends me email to my work email
address. My employer doesn't need to be reading my personal email
(there are laws against employers reading personal mail, but why trust
people to abide by the law when you don't have to?).
On Thu, Jun 09, 2011 at 02:48:52PM -0400, Doug wrote:
This makes some sense to me: lawyers, guns and money people should be
using encryption. How do you get the key from them? I doubt they
attend the BLU meeting :-)
They hand you a business card that has their name, email
address, a key ID
On 06/09/2011 02:52 PM, Ben Eisenbraun wrote:
On Thu, Jun 09, 2011 at 02:27:29PM -0400, Matthew Gillen wrote:
On 06/09/2011 01:27 PM, Doug wrote:
Every September, I have skipped the meeting. Since I am just a nerd
with a few public web sites and an open source project, I don't feel a
need to
On Jun 9, 2011, at 2:48 PM, Doug wrote:
This makes some sense to me: lawyers, guns and money people should be
using encryption. How do you get the key from them? I doubt they
attend the BLU meeting :-)
This is exactly what Alex is on about. We, in general, see strong encryption
as
The part of it that I was most unhappy to hear was the notion
that we've already lost the battle, and that it was time to
accept defeat and give up. I'm hoping that either I misunderstood,
or that we just caught Alex on a bad day.
At the very least, I'd like to think that this sentiment is not
On Thu, Jun 09, 2011 at 09:03:25PM -0400, John Abreau wrote:
The part of it that I was most unhappy to hear was the notion
that we've already lost the battle, and that it was time to
accept defeat and give up.
Oh, yeah. I'm with Alex on that one. The cat is out of the bag, and
there's no
39 matches
Mail list logo