Chris Knadle wrote: > On Tuesday, September 20, 2011 02:21:55 PM, Ron Guerin wrote: >> Chris Knadle wrote: >>> On 9/15/2011 8:32 AM, Joseph Apuzzo wrote: >>>> A friend of mind turned me on to https://www.google.com aka to have an >>>> encrypted conversation with Google. >>>> I've been using it, since I like as much crypt-o traffic on the net as >>>> possible. >>>> >>>> But why? Anyone have any intelligent toughs on the subject, I would like >>>> to hear your take on the service and what it's good for. >>> 1. Your search results are valuable. People can be recognized for who >>> they are based on what they search for. (There have been articles on >>> that.) >>> >>> 2. More important than your search results are your logins to Google >>> such as for GMail and other services. You would probably not appreciate >>> finding out later that someone was secretly getting CC:ed on every email >>> you send and receive, and used this information in order to change the >>> ownership on your domain name(s) via email while you were away on >>> vacation. >>> >>> 3. A natural extension of the combination above is "if it's going over >>> the 'net, it should be encrypted if possible." So if there's an >>> encrypted version of the same service available, use it. >>> >>> 4. Have a quick look at DuckDuckGo as an alternative to Google. >>> >>> https://duckduckgo.com/ >>> >>> And read about what Google does that they don't tell you. >> My original request for SSL on a mail server was from a user who, after >> I explained how one shouldn't rely on SSL to keep messages encrypted via >> e-mail, explained to me that he and I had completely different >> perspectives. > > I'm assuming in this case you were telling him that not all MTAs are able to > transfer messages over ESMTPS, rather than this being about GPG or S/MIME > encryption at the email client (MUA). One interesting note on this is that > ESMTPS transfers between MTAs encrypts the transfer of the entire message, > where as GPG, PGP, and S/MIME will all expose who the email is from, who it's > to, and what the subject line is, all in clear text. > > Or perhaps you meant SSL/TLS for email access like for POP3s or IMAPs. ;-) > 'Aint clear.
Both inbound and outbound. He didn't want his mail being sniffed by "neighbors", like if he was at a cafe on wifi. (actually his concern was about how building-wide cable networks work, iirc) He wasn't concerned that my server might pass it to another unencrypted. >> I was looking at it from an Internet perspective, he was >> looking at it from the "nosy neighbor" perspective, which is a perfectly >> valid concern that last-hop SSL does indeed address. >> >> Google has, more than Apple or Microsoft, a vested interest in the >> Internet both being more secure and appearing to be more secure than it >> is well-known to be. So I think there's that also. If "The >> Cloud"/Web2.0/etc. collapses as it has every other time its been tried, >> Microsoft and Apple have something to fall back on, Google not so much. > > Sadly the general public doesn't seem to worry much about encryption or even > about privacy or lack thereof. As a matter of fact many of the engineering > students I was in a recently in college weren't aware that there was this > thing they could put into their browser called "https://"; and what that did. > :-/ So I don't know what would cause Cloud/Web2.0 to "fail" in that sense. I don't really want to get into that here, but the weakness of Cloud/Web2.0 is the Internet, and particularly the client-side Internet. That's always been the problem with the basic concept of remote/grid/network/et al computing. I've seen what goes on in clients offices when they lose their Internet. If they were cloud-based, their heads would have exploded. - Ron _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Oct 5 - Distributed Authentication Systems Nov 2 - Nov 2011 Dec 7 - Chef
