The only truly secure way to transmit something is to walk over to the
guy and whisper in his ear. I was told to never send anything in an
email or post anything on the internet that you wouldn't want to see on
page one of the New York Times. It could still be subpoenaed by a court
no matter how secure you are in transmitting it.
The problem with court isn't losing, its the high cost of winning. The
problem isn't being guilty, it's having to hire a lawyer to clear your
name. Gmail doesn't care enough about you to spend a lot of resources
fighting a subpoena, it's too much easier to comply.
The right combination of email exchanges can make it look like you are a
spy, conspiring to restrain trade or sell the corporate secrets of your
employer. They might imply that you are meeting somebody from your
employer's competition after hours, even if trade secrets or copy
righted software isn't discussed in the email.
I know you guys aren't talking about content so much as other things,
but the point is still that if you don't want people finding out, don't
put it out there in the first place.
Mark
On Tuesday, 20 August, 2013 05:25 AM, Michael Muller wrote:
Joseph Apuzzo wrote:
Ya I'm starting to understand the problem they are trying to solve, that is
how to keep the "meta-data" safe.
So assuming you encoded a message, the sender and the receiver is public
information and so is the routeing.
I think this tries to "obfuscate" sender in that all messages are moved to
all end points, you try your "key" against all messages to find yours.
An interesting idea, but the powers that be can easily just make a blanket
statement like all users of said system are "aiding and abetting" { insert
baddie name here }
That's true, but the same could be said of bit-torrent, bitcoin, TOR, or
encryption in general. The fact is, while some of these things are already
illegal in some places, p2p systems are much harder to shut down than
centralized ones. They also provide stronger guarantees of anonymity and
snoop-proofing.
Remember if your not doing something bad you have nothing to hide, and do
not need to take part in such a scheme to protect those that are doing bad
things.
So, why the sudden interest, Joe? ;-)
On Mon, Aug 19, 2013 at 5:04 PM, Michael Muller <[email protected]> wrote:
Chris Knadle wrote:
On 2013-08-17 16:24, Joseph Apuzzo wrote:
In light of the inherent flaws, lax security model of current email,
bitmessage has been suggested as an alternative. I want to see your
comment
on what you think of such a system.
Since I have never been an admin for email on a server I am not able to
say
if this is good or bad.
I don't think it's a replacement for email. Now, when it comes to
"the lax security model of email", have a look into ESMTPS, which some
email
services use. ESMTPS encrypts the email transfer, such that the user
doesn't need to do anything special for this to happen. ESMTPS is still
important even when using GPG-encrypted messages, because GPG encrypts
the body of the message but not who the message is To/From or the
Subject.
There are a bunch of email services using ESMTPS today, and you wouldn't
know it until you look at the mail headers for messages you've received.
;-) [Look for ESMTPS and/or TLS in the Received: lines.]
Sounds good, but that usually ends up meaning its not....
https://bitmessage.org/bitmessage.pdf [1]
https://bitmessage.org/wiki/Main_Page [2]
This sounds more like a "secure Twitter protocol" than an email
protocol.
Yeah, I looked into it at one point and my impression was that it was more
about secure/anonymous _broadcast_ than direct person to person
communication.
you could use it for transmission, though, assuming you have the
recipient's
public key. Encrypt a message for the recipient and then broadcast it.
Everyone gets it, but only the recipient can read it. And no one can tell
where either of you are.
-- Chris
--
Chris Knadle
[email protected]
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) Vassar College
Sep 4 - NoSQL and MongoDB
Oct 2 - OpenFlow: Open Standard for Networking Hardware
Nov 6 - November Meeting
=============================================================================
michaelMuller = [email protected] | http://www.mindhog.net/~mmuller
-----------------------------------------------------------------------------
We are explorers in the further reaches of experience: demons to some,
angels
to others. - "Pinhead" from "Hellraiser"
=============================================================================
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) Vassar College
Sep 4 - NoSQL and MongoDB
Oct 2 - OpenFlow: Open Standard for Networking Hardware
Nov 6 - November Meeting
--
/**
** Joseph Apuzzo
**/
=============================================================================
michaelMuller = [email protected] | http://www.mindhog.net/~mmuller
-----------------------------------------------------------------------------
In this book it is spoken of the Sephiroth, and the Paths, of Spirits and
Conjurations; of Gods, Spheres, Planes and many other things which may or
may not exist. It is immaterial whether they exist or not. By doing
certain things certain results follow. - Aleister Crowley
=============================================================================
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) Vassar College
Sep 4 - NoSQL and MongoDB
Oct 2 - OpenFlow: Open Standard for Networking Hardware
Nov 6 - November Meeting
--
Robert Mark Wallace
60 Delaware Road
Newburgh, NY 12550-3802
Telephone: (845) 541-7396
_______________________________________________
Mid-Hudson Valley Linux Users Group http://mhvlug.org
http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug
Upcoming Meetings (6pm - 8pm) Vassar College
Sep 4 - NoSQL and MongoDB
Oct 2 - OpenFlow: Open Standard for Networking Hardware
Nov 6 - November Meeting
