Re: NPR : E-Mail Encryption Rare in Everyday Use
Peter Saint-Andre writes: http://www.saint-andre.com/blog/2006-02.html#2006-02-27T22:13 1. Anonymity does matter. You might have heard of a little thing called the First Amendment. ;) It's great that you're proud of what you say, but no matter how proud you are, there could be bad, unfair consequences if you say certain things and/or if you have a certain identity. A little wisely-used anonymity can further an honest debate (such as debating what should be in the Constitution!) and protect people from low-power groups. 2. Email signing, alone, gives you only pseudonymity. 3. I see on your site you use and advertise for CACert. I hope CACert's signing cert(s) are never trusted by my browser, because then my browser would trust any cheap-ass random pseudonym in the world. Which brings us to my next point... 4. Identity is not, and can never be, a substitute for a real judgement about goodness. That I sign my messages doesn't make them any smarter; many good and helpful comments come from such forgeable identities as Steven Bellovin and Ben Laurie. Even fake names that look ridiculously fake, like StealthMonger, sometimes send useful information. When you immediately discount what that person says, you are doing yourself an unfavor. -- https://www.eff.org/about/staff/#chris_palmer pgp3QSxLKKGry.pgp Description: PGP signature
Re: NPR : E-Mail Encryption Rare in Everyday Use
-- Victor Duchovni wrote: My claim is that, while indeed it is easier to set the initial barriers higher when you design with greater hindsight, and some of the tractable, but not widely deployed email security measures will be there in IM systems from the start, never the less IM systems if they are to encroach on the ubiquity of email for ad-hoc communications between strangers (it is far easier to address strangers via email today) will encounter exactly the same intrinsic issues, and that technical measures will have equally partial efficacy. Total perfect and complete solutions will never be possible, but stopping the most flagrant and inconvenient abuses is perfectly feasible, and not even remarkably difficult. These days you see little spam on most Usenet groups, and one of the primary uses of Usenet is ad hoc communication between strangers. SSL works fine, PKI has serious problems. Usenet for the most part works fine, Jabber works fine, email has serious problems The federated structure of jabber, where random people connect to any one of a very large number of privileged servers is similar to the Usenet structure - and the Usenet structure works because for your server to retain your privileges, you need to control spam. I am willing to speculate that people will continue to unfairly tarnish the competence of the email RFC writers, without regard to the intrinsic properties of the medium. It is not so much that they were incompetent, but that they were writing for a more trusting and trustworthy world. Today, we have to do things differently. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG PRRq2Za8iG5qzD2wX3ug3xGXEWyekUqHQTZAspUQ 4Mjw8nFOqtf9erylBgQZo+5aUTVPzgKVdij0TQUDs - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: bounded storage model - why is R organized as 2-d array?
At 10:37 AM 3/9/2006, Chris Palmer wrote: Right, but even though a 1.5GHz machine is a bit old (heh...) for a workstation, my dinky little Linksys WRT54GC wireless AP still needs to AES-encrypt a theoretical maximum of 54Mbps when I turn on WPA. Unless you're using your Linksys for file-sharing between machines at home, you're not likely to be encrypting more than about 6 Mbps (or whatever DSL and Cable Modem do these days in better cities.) Thus, something faster than AES, but still strong, would be nice. Your point about CPU cache size vs. pad size is well-taken, though. I'd trust RC4-used-correctly before trusting Tri-Strata, if there weren't so much bad history of people misusing RC4... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]