Re: [cryptography] NSA Attacks on VPN, SSL, TLS, SSH, Tor
John Young j...@pipeline.com writes: At 02:50 AM 12/30/2014, you wrote: On Tue, Dec 30, 2014 at 7:38 AM, grarpamp mailto:grarp...@gmail.comgrarp...@gmail.com wrote: On Mon, Dec 29, 2014 at 8:20 AM, John Young mailto:j...@pipeline.comj...@pipeline.com wrote: Hash this motherfucker, said math to germ. JYA, you, as the original publisher of various and valued datasets... the responsibility to calculate, sign, and publish said hashes rests with you alone. john likes to be poetic as a wall - dear john please listen to the smart people and have a small bit of humility - it will make you better at your job and we need EVERYONE to step up and be better at their jobs Visitors, readers, consumers must be skeptical of security ... Advocacy of skepticism is rendered ineffective if that advocacy extends to skepticism of logic and mathematics. -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuiteyouknowwhatgoesherenym.mixmin.net?subject=send%20stealthmonger-key pgpwT3h7OvJgk.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Silent Circle Takes on Phones, Skype, Telecoms
ianG i...@iang.org writes: On 11/07/2014 11:27 am, James A. Donald wrote: On 2014-07-11 07:45, Kevin wrote: On 7/10/2014 4:39 PM, John Young wrote: https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/ With silent circle, when Ann talks to Bob, does Ann get Bob's public key from silent circle, and Bob get Ann's public key from silent circle. If they do it that way, silent circle is a single point of failure which can, and probably will, be co-opted by governments. If they don't do it that way, how do they do it. Obviously we need a hash chain that guarantees that Ann sees the same public key for Ann as Bob sees for Ann. Does silent circle do that? While I'm interested in how they're doing that, I'm far more interested in how Ann convinces Bob that she is Ann, and Bob convinces Ann that he is Bob. We left the OpenPGP/cert building a long time ago, we need more than just 1980s PKI ideas with elegant proofs. Note there's a philosophical issue here. A very good actress could convince Bob that she's Ann no matter how high the bandwidth of their communication, such as intimate body contact. The only individual in the universe who is qualified to authoritatively deny the actress' claim is Ann. To convince Bob, she needs something the actress cannot have, such as the password to her encryption key. -- -- StealthMonger Long, random latency is part of the price of Internet anonymity. Key: mailto:stealthsuite nym.mixmin.net?subject=send%20stealthmonger-key pgpO65XFNlHIm.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] pie in sky suites - long lived public key pairs for persistent identity
In an unsigned posting, it is written: On 3/01/14 22:42 PM, coderman wrote: use case is long term (decade+) identity rather than privacy or session authorization. Long term identity is not a concept in a vacuum. Identity in software business always relates to other people, your identity is like the sum of the thoughts that *others have about you* unlike psychology where identity is a concept of how you think about yourself. There's no escape from identity being founded on how one thinks of oneself. Cogito ergo sum. There's only one individual in the universe who is qualified to know I am Alice, and it ain't you or me, it's Alice. A good actress might convince others that she is Alice, but Alice knows better, and Alice is the only individual who can know better authoritatively. But there is a way for Alice to identify herself to others, and it's public key cryptography. Alice can arrange that only she knows the private key associated with a certain public key. Alice can further arrange that the sum of the thoughts that others have about her can be founded only on expressions which are signed by her private key. She does this by signing all of her expressions and publicly declaring that any expression purporting to be from her but not signed by her private key is a forgery. On the Internet, your identity is your private key. If you have no private key, you have no Internet identity. -- -- StealthMonger stealthmon...@nym.mixmin.net who herewith declares that any expression purporting to be from Stealthmonger but not signed with the following key is a forgery. Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key pgpZUtscLXxuc.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
Greg g...@kinostudios.com writes: Also, do you enjoy not being able to edit your comments? What kind of software do you suppose people are using, that might interfere with editing comments? Also, if you're so big on editing, why don't you edit your own postings? Or is it that you're ignorant of RFC 1855, Netiquette Guidelines? There it is stated among other things that It is extremely bad form to simply reply to a message by including all the previous message: edit out all the irrelevant material. -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key pgpCCqBTcz5wD.pgp Description: PGP signature ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] prism proof email, namespaces, and anonymity
John Kelsey crypto@gmail.com writes:
In the overwhelming majority of cases, I know and want to know the
people I'm talking with. I just don't want to contents of those
conversations or the names of people I'm talking with to be revealed
to eavesdroppers. And if I get an email from one of my regular
correspondents, I'd like to know it came from him, rather than being
spoofed from someone else.
That's a good description of stealthmail [1]. My only regret is that it
badly needs an update and I don't have time these days to work on it.
But it still works out of the box. Here's the Debian description:
Package: stealthmail
Architecture: all
Pre-Depends: gnupg
Depends: procmail, esubbf, openssl, dc, libssl0.9.6 | libssl0.9.7,
fetchmail | kmail, suck, ppp, solid-pop3d, exim | exim4, dpkg (= 1.10.21),
grep (= 2.5), bash (= 2.05b), ${shlibs:Depends}, ${misc:Depends}
Description: scripts to hide whether you're doing email, or when, or with whom
Maintain on-going random cover traffic via usenet newsgroup
alt.anonymous.messages, substituting encrypted live traffic when
available. A live message is indistinguishable from a random cover
message except with the decryption keys. All potential participants
send messages to alt.anonymous.messages with rigid periodicity
uncorrelated with any live traffic, and maintain an uninterrupted
full feed from alt.anonymous.messages, so that an observer cannot
determine whether, when, or among whom live communication is
happening.
.
Members of a stealthmail group -- call it OurGroup for purposes
of this discussion -- are defined by their knowledge of the
encryption keys created for the group. With this package installed,
mail addressed to OurGroup@stealthmail does not go directly to the
Internet like ordinary mail, but gets encrypted by the OurGroup key,
given an encrypted subject intelligible only with OurGroup keys, and
queued to go to alt.anonymous.messages in place of a piece of cover
traffic at the next scheduled sending time. Meanwhile, all messages
appearing on alt.anonymous.messages are downloaded into an incoming
queue. A POP3 server runs on the local host. The mail reader is
provided with filters so that when it fetches mail from this local
server, messages having subject lines encrypted for OurGroup (or any
other stealthmail group of which this host is a member) are decrypted
by the appropriate key and presented. Other messages are discarded.
[1] See mailto URL below.
--
-- StealthMonger stealthmon...@nym.mixmin.net
Long, random latency is part of the price of Internet anonymity.
anonget: Is this anonymous browsing, or what?
http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain
stealthmail: Hide whether you're doing email, or when, or with whom.
mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html
Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key
pgpO3k_UKHHKr.pgp
Description: PGP signature
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] msft skype IM snooping stats PGP/X509 in IM?? (Re: why did OTR succeed in IM?)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steven Bellovin s...@cs.columbia.edu writes: Ever since Microsoft bought the company, these rumors have been floating around. If they're innocent, why would they not issue an unequivocal denial with supporting argument? - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlFPgR8ACgkQDkU5rhlDCl4s4QCfUXDPaRYX9ilVwkuZX66TTMq+ m3YAn17mN5R5OgE91XOR7P4yixEGDkDn =dys8 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Client TLS Certificates - why not?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James A. Donald jam...@echeque.com writes: On 2013-03-06 4:41 AM, StealthMonger wrote: 2. Prospective customer verification of merchant: Merchant includes the ID of its signing key in every advertisement and repeatedly admonishes prospects to Accept No Substitutes. The key, and the hash of the key, is a long string of random gibberish. It should not be visible to end users. Experience demonstrates that showing it repels 99% of end users. Merchant includes its telephone number in every advertisement and repeatedly admonishes prospects to call. The telephone number may be a long string of random digits. Yet end users understand that they have to use it if they want to follow up. Your only argument is that the key ID is longer or more random. A solution is redesign of the hash code so it doesn't have to be so long plus maybe merchant generating and discarding lots of keys until stumbling on one with a pronounceable hash. These are not easily accomplished, but they would enable slaying the CA dragon. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlE2+ZEACgkQDkU5rhlDCl7YdQCgqjS4QRv3XmyOgRC/Clf4pDHR V9IAnikryad50gCwnaugi6YOyslXFlNN =i1I8 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Client TLS Certificates - why not?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey Walton noloa...@gmail.com writes: Its the key distribution problem. Its the cause of all the troubles. I don't understand. Please explain. What's wrong with the following simple idea: 1. p2p: The parties opportunistically verify out-of-band after exchanging keys via public key servers or (insecure) email. 2. Prospective customer verification of merchant: Merchant includes the ID of its signing key in every advertisement and repeatedly admonishes prospects to Accept No Substitutes. 3. Merchant authentication of Customer: Merchants don't deal with people. They deal with keys. It's the key that has the purchasing power, not some person. Nobody has the illusion that correlation between key and person is any stronger than that person's security habits. 4. Etc. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlE2G5kACgkQDkU5rhlDCl5QggCdHIykKqh1NSupIu5/85okO50C fr0AoK95/a+NHJheC+78w6op8dooFuto =lSEg -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Client TLS Certificates - why not?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Gutmann pgut...@cs.auckland.ac.nz writes: str...@riseup.net writes: Can anyone enlighten me why client TLS certificates are used so rarely? It used to be a hassle in the past They're still a huge pain to work with, and probably always will be. If you don't believe me, go to your mother, sit her in front of a computer, sit behind her with your arms crossed so you can't point to anything or type stuff out for her, and walk her through the process of acquiring and using one without leaving your chair or performing any part of the operation for her. Now imagine getting her to do the same using only a sheet of instructions you've written. Mother sits down at her computer to do email. Computer notices that she does not have an encryption key (client-side certificate), starts a background process to generate one, and tells her: From now on, you will have a new email address. Starting next week, the old one will no longer work. This will be the only computer on which you can receive email. If you ever want to use another computer, press Add/Change Computer below. [Computer finishes generating key with key ID xlzoazsabewlcc.] Your new email address is xlzoazsabewlcc. It is now being broadcast worldwide. Tell your bank and all your friends. This computer is the only computer in the world that can receive messages to this new address. You should probably make a backup. Press Make Backup below. Anyone else who can log into this computer has access to all your bank accounts and email. Make sure your login password is strong. Simple as that. (Well, almost.) Admittedly, this is oriented to email, not browsing. But the browser can be told to look for the same key ring for certificate material. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlE0lwoACgkQDkU5rhlDCl4R9gCfVOs1ynBZUqmE8TGDH9HjSvt6 nhQAn3vZpOK91H+exiJf3gyoRR4OF28r =NeCP -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can there be a cryptographic dead man switch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mhey...@gmail.com mhey...@gmail.com writes: ... and the trustee (that I never really trusted) ... Actually, Trustee may prefer to have no access to the secret so as to be above suspicion if some of the gold should disappear. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEUEARECAAYFAlBd6UEACgkQDkU5rhlDCl5GZgCeIScQG+YT+FnX4swb9VpoA3r6 rLUAl1Yw38Zt7A+5ULNfbjSfYfZWN8A= =08BZ -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can there be a cryptographic dead man switch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James A. Donald jam...@echeque.com writes: On 2012-09-05 11:51 PM, StealthMonger wrote: Can there be a cryptographic dead man switch? A secret is to be revealed only if/when signed messages stop appearing. It is to be cryptographically strong and not rely on a trusted other party. Such a system cannot exist: Obviously the messages have to appear on the system that contains the secret. Pull the internet connection. Counter-measures to Donald's dilemma have so far involved servers too hidden or numerous to simply pull the internet connection. Another approach is for the server to be too big to fail, i.e. public and widely used, so that a whole business would be destroyed if the Internet connection were pulled. It wouldn't take much capability in such a server to allow Grantor to create a robot there which gives Trustee access to the secret, but only if it doesn't hear from the Grantor for some time. With suitable permissions, the Trustee can even be given read-only access the whole while to everything except to the secret itself, so that Trustee can assure herself that it's all actually there. Are there existing public servers that can provide this functionality? Google mail? Zooko's Tahoe? - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlBd+C8ACgkQDkU5rhlDCl4gmQCeNRJga4jKwFecbsYWi1LgUSv6 eYsAniTaSeZ8raCBfENb9H+hgdfZ+bxB =rty8 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can there be a cryptographic dead man switch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Natanael natanae...@gmail.com writes: I do not want to trust that single server won't be hacked, tapped by NSA or raided by FBI. I absolutely agree. But the adversary here is nothing like NSA or FBI, and the stakes are nowhere near threats to any State, and nobody has reason to believe otherwise. Remember, this is basically a friendly agreement between Grantor and Trustee and in the category of good fences make good neighbors. Of course, the Trustee, to whose key the secret is encrypted the whole while, has to use a strong key to keep third parties out. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlBeLwgACgkQDkU5rhlDCl6z4wCdFwSXhSi1FarU53U/mlJelwKX MN4AnA93gcQ5AnepfiFMq4S5l2K6KGq1 =L1pU -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Can there be a cryptographic dead man switch?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Can there be a cryptographic dead man switch? A secret is to be revealed only if/when signed messages stop appearing. It is to be cryptographically strong and not rely on a trusted other party. The motivating application is a Living Trust wherein the Grantor wants to keep secret, even from the Trustee, the locations of his caches of gold until such time as he is no longer able to send signed messages. Each signed message has to somehow avert revelation of the secret for another time period (three months, say). - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAlBF1ecACgkQDkU5rhlDCl5omQCgpcuTWhFuojJkkgUOLeZwnYIf TlwAnAhrxdyeLMccamIAZ8CbLZKn2jyb =MaVJ -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] World-class protracted social engineering [was: Re: Key escrow 2012]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ianG i...@iang.org writes: The crypto wars were about opening up that battlefield so that open source could start to experiment with lots and lots of alternatives. The reason we lost the war was because we thought we'd won it. We were tricked. What actually happened was a high profile weapon - the export control - was loosened up enough just enough to make many think we'd won. All the low-profile weapons were left in place. It's world-class protracted social engineering. Orchestrated by whom? - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAk966TIACgkQDkU5rhlDCl66JgCeI1PW1ILSEnAwBkpcShILkfkl nLgAnRmSYYe/csO9kWrDwk4uUX0Cvawa =/JP9 -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Key escrow 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Back a...@cypherspace.org writes: Not sure that we lost the crypto wars. US companies export full strength crypto these days, and neither the US nor most other western counties have mandatory GAK. Seems like a win to me :) Nope. If we had won, crypto would be in widespread use today for email. As it is, enough FUD and confusion was sown to avert that outcome. Even on geek mailing lists such as this, signatures are rare. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAk91kPoACgkQDkU5rhlDCl58ZgCffAItxMY6oq0R0Nv7X3B0cLuU qe8An3wm0CxzN2FAe/8oMDWmSFW1wTfd =sLzT -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Key escrow 2012
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James A. Donald jam...@echeque.com writes: On 2012-03-31 1:51 AM, Nico Williams wrote: We don't encrypt e-mail for other reasons, namely because key management for e-mail is hard. Key management is hard because it involves a third party, which third party is also the major security hole. We have been doing key management the wrong way. Yep. It should be no harder than maintaining a personal telephone directory. Would-be telephone correspondents somehow manage to get each other's phone numbers into their personal directories. Similarly, would-be email correspondents can get each other's public keys. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAk92hscACgkQDkU5rhlDCl7P3ACgzIrjdR7q+a/66ce5t3KncUR2 No4AnR4mpx0UhsvbKepzbPYJDlD82w+0 =Im6I -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Tell Grandma to remember the Key ID and forget the phone number.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Levine jo...@iecc.com writes: What am I missing here? This all boils down to the introduction problem, how do you persuade one party that a second party who they don't know yet is OK. Something or somebody decides Grandma to take an interest in some product. The idea is that the Key ID be an integral part of that something, whether that something is a web site found by search, or a print advertisement, or word-of-mouth from a friend. Perfect cryptographically-strong introduction. No CA. Whether the merchant is Amazon or FakeAmazon doesn't matter. What matters is that Grandma took an interest in the product associated with that Key ID. She enters that key into her local key book (like a phone book) and refers to it when she wants to learn more about the product, or to buy it. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAk6AwJUACgkQDkU5rhlDCl4gLQCggS6Cvz5KuIm66G99/OoQleb/ QyIAoIXlZ/VxBJmKuJD8Rgt3tD3rwOst =+29+ -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] crypto security/privacy balance (Re: Digital cash in the news...)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nico Williams n...@cryptonector.com writes: crypto has a place ... to protect us ... from foreign powers, and from casual inspection by one's state Some folks do not choose to have a state. For them, all states are foreign powers. You must participate in ... politics you must change [your society's] culture No, you may simply go your own way in peace. - -- -- StealthMonger stealthmon...@nym.mixmin.net Long, random latency is part of the price of Internet anonymity. uinmyn: Is this anonymous browsing, or what? http://groups.google.com/group/alt.privacy.anon-server/msg/59a1d785aaa19de5?dmode=sourceoutput=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsu...@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsu...@nym.mixmin.net?subject=send%20stealthmonger-key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ http://mailcrypt.sourceforge.net/ iEYEARECAAYFAk342yoACgkQDkU5rhlDCl7j0wCghWZg3XK75QnouNT3Lup8KSCx ohsAn1jqEm3amszVrUElcmfoTMG/lFDi =ZPhI -END PGP SIGNATURE- ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
