Re: NAI pulls out the DMCA stick
-BEGIN PGP SIGNED MESSAGE- Lucky Green [EMAIL PROTECTED] writes: PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude. Your confidence in this is not universally shared. Can you please make the case again? Pointers would be fine. -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQBVAwUBPOzSFfPsjZpmLV0BAQHFeQH/btnBBUdbfdpt1+rJ/d8Q7LhdPylsl+aM AxwJL5cy7645npVdPlIczUc7FkyhcVSe3/WI5D3MR4j8GW4NyDtXWw== =qxZa -END PGP SIGNATURE-
Re: Testing..
On Wed, 22 May 2002, Steve Furlong wrote: No problem --- I was just waxing my bikini line. (This disgusting mental image courtesy of the Janet Reno Full Frontal Nudity Collection.) (That disgusting mental image courtesy of me.) That depends on the gender preference of the reader I think - might not be disgusting to the right state of mind :-) That's not sick, it's funny! Patience, persistence, truth, Dr. mike
Re: NAI pulls out the DMCA stick
At 12:43 AM 05/22/2002 -0400, R. A. Hettinga wrote: At 11:49 PM -0400 on 5/21/02, Luis Villa wrote, on FoRK: Well, yes, but you seem to be implying some sinister motive that not all of us are reading between the lines clearly enough to see :) I mean, otherwise, this just seems like a fairly garden-variety silly use of the DMCA by a large software company. What am I missing? Not much. -BEGIN PGP UNSIGNED MESSAGE NAI is trying to sell off the remains of PGP Inc., and rather than try to get money for a twisted empty shell of a dot-com-era software company, they're probably hoping to have a less-empty shell by maximizing the remaining value of their intellectual property. So yes, it's in Bob's second category of history. :-) -BEGIN PGP UNSIGNED MESSAGE
RE: NAI pulls out the DMCA stick
Adam wrote: Which is too bad. If NAI-PGP went away completely, then compatability problems would be reduced. I also expect that the German goverment group currently funding GPG would be more willing to fund UI work for windows. Tell me about it. PGP, GPG, and all its variants need to die before S/MIME will be able to break into the Open Source community, thus removing the last, but persistent, block to an instant increase in number of potential users of secure email by several orders of magnitude. Here's to hoping, --Lucky
Testing..
Sorry for the intrusion.
Analysis of Neural Cryptography
Analysis of Neural Cryptography Alexander Klimov, Anton Mityaguine, and Adi Shamir Computer Science Department The Weizmann Institute, Rehovot 76100, Israel {ask,mityagin,shamir}@wisdom.weizmann.ac.il Abstract. In this paper we analyse the security of a new key exchange protocol proposed in [3], which is based on mutually learning neural networks. This is a new potential source for public key cryptographic schemes which are not based on number theoretic functions, and have small time and memory complexities. In the first part of the paper we analyse the scheme, explain why the two parties converge to a common key, and why an attacker using a similar neural network is unlikely to converge to the same key. However, in the second part of the paper we show that this key exchange protocol can be broken in three different ways, and thus it is completely insecure. 3. Ido Kanter, Wolfgang Kinzel, Eran Kanter, Secure exchange of information by synchronization of neural networks'', Europhys., Lett. 57, 141, 2002. http://cryptome.org/neuralsub.ps (11 pages. 366KB)
Re: Testing..
Bill O'Hanlon wrote: Sorry for the intrusion. No problem --- I was just waxing my bikini line. (This disgusting mental image courtesy of the Janet Reno Full Frontal Nudity Collection.) (That disgusting mental image courtesy of me.) -- Steve FurlongComputer Condottiere Have GNU, Will Travel Vote Idiotarian --- it's easier than thinking
Re: NAI pulls out the DMCA stick
On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: | Adam wrote: | Which is too bad. If NAI-PGP went away completely, then | compatability problems would be reduced. I also expect that | the German goverment group currently funding GPG would be | more willing to fund UI work for windows. | | Tell me about it. PGP, GPG, and all its variants need to die before | S/MIME will be able to break into the Open Source community, thus | removing the last, but persistent, block to an instant increase in | number of potential users of secure email by several orders of | magnitude. Are you claiming that S/mime no longer has the enourmous compatability problems it used to have? Is there any Open source implementation of the protocol? Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: NAI pulls out the DMCA stick
At 10:34 AM -0400 5/23/02, Adam Shostack wrote: On Thu, May 23, 2002 at 12:24:00AM -0700, Lucky Green wrote: | Adam wrote: | Which is too bad. If NAI-PGP went away completely, then | compatability problems would be reduced. I also expect that | the German goverment group currently funding GPG would be | more willing to fund UI work for windows. | | Tell me about it. PGP, GPG, and all its variants need to die before | S/MIME will be able to break into the Open Source community, thus | removing the last, but persistent, block to an instant increase in | number of potential users of secure email by several orders of | magnitude. Are you claiming that S/mime no longer has the enourmous compatability problems it used to have? Is there any Open source implementation of the protocol? Try http://www.imc.org/imc-sfl/index.html. For some definitions of open source, it qualifies. -- -- Marshall Marshall Clow Idio Software mailto:[EMAIL PROTECTED] My name is Bobba Fett. You killed my father, prepare to die!
Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software
Open-Source Fight Flares At Pentagon Microsoft Lobbies Hard Against Free Software http://www.washingtonpost.com/wp-dyn/articles/A60050-2002May22.html By Jonathan Krim Washington Post Staff Writer Thursday, May 23, 2002; Page E01 Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign. In what one military source called a barrage of contacts with officials at the Defense Information Systems Agency and the office of Defense Secretary Donald H. Rumsfeld over the past few months, the company said open source software threatens security and its intellectual property. But the effort may have backfired. A May 10 report prepared for the Defense Department concluded that open source often results in more secure, less expensive applications and that, if anything, its use should be expanded. Banning open source would have immediate, broad, and strongly negative impacts on the ability of many sensitive and security-focused DOD groups to protect themselves against cyberattacks, said the report, by Mitre Corp. text deleted Microsoft also said open-source software is inherently less secure because the code is available for the world to examine for flaws, making it possible for hackers or criminals to exploit them. Proprietary software, the company argued, is more secure because of its closed nature. A master of the security half-truth chimes in... I've never seen a systematic study that showed open source to be more secure, said Dorothy Denning, a professor of computer science at Georgetown University who specializes in information warfare. John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said Microsoft has said using free software with commercial software might violate the intellectual-property rights of companies such as Microsoft. Stenbit said the issue is legally murky. much deleted Stenbit said the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested. This should present no problem for open source software. No purchase takes place since the software is free by definition. steve
RE: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DM CA stick)
Adam Back[SMTP:[EMAIL PROTECTED]] On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote: So what if we create the Cypherpunks Root CA, which (either) signs what you submit to it via a web page, or publish the secret key? [...] We then get the Cypherpunks Root CA key added to the browsers--it can't be that hard, the US postal service managed it... I think you'd have to do it in reverse to stand a chance if you literally published the private key -- they're never going to add the public key for a known compromised private key. Also it costs lots of money, and takes some time to take effect. Adam I can't speak for mail-only clients, but it's easy (for moderately geekish or carefully instructed people) to add new trusted roots to IE or Netscape. Peter Trei
RE: why OpenPGP is preferable to S/MIME
Self-signed and CA x.509 certificates cannot be used in Outlook even when they are added to the Trusted Root CA's. Apparently Outlook is able to distinguish between these and CA-issued x.509 certificates. --- Trei, Peter [EMAIL PROTECTED] wrote: I can't speak for mail-only clients, but it's easy (for moderately geekish or carefully instructed people) to add new trusted roots to IE or Netscape. Peter Trei = end LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com
Future of commercial PGP? [was NAI gets out the DMCA stick]
As mentioned by others, NAI currently seems bent on discouraging proliferation of existing PGP desktop packages. Part of this seeming strategy includes a refusal to sell any further licenses for commercial PGP 7.X. Strangely, the June 2002 PC Magazine (at least where I live) includes a CDROM containing McAfee PGP 6.5.8. The CDROM pop-up says the software is worth $XX, so I assume this is the commercial version or some variant thereof. (I haven't tried installing it since I won't have suitable sacrificial machine for a few days.) Strange timing. Perhaps an earlier contractual arrangement had to be honored. As far as a future commercial version of PGP, at the moment this seems to be the McAffee E-Business Server and Client, which appear to be the successors to PGP Server and PGP Desktop, respectively. The desktop product now appears to depend on the presence of a Server instance in order to function. I believe the Server licenses for ~$2K US. Reference: http://www.mcafeeb2b.com/products/ebusiness.asp Puzzling that these products are not being more actively trumpeted as the worthy successors to PGP. Or have I missed a recent marketing campaign? If there are whitepapers describing a migration strategy, or the technical details of E-Business Client/Server interaction, I am not aware of them. However, I'd be happy to be proven wrong on that point, or further enlightened regarding any of the above.
Re: why OpenPGP is preferable to S/MIME (Re: NAI pulls out the DMCA stick)
On Thu, 23 May 2002, Adam Back wrote: On Thu, May 23, 2002 at 03:05:49PM -0400, Adam Shostack wrote: So what if we create the Cypherpunks Root CA, which (either) signs what you submit to it via a web page, or publish the secret key? This won't achieve the desired effect because it will just destroy the S/MIME trust mechanism. S/MIME is based on the assumption that all CAs are trustworthy. Which is, of course, a major flaw. S/MIME is of some value for internal corporate email for companies who can run their own CA. (The sort of people who used to be Xcert's customers.) S/MIME is of very little value outside of a closed intranet environment, for the simple reason that public CAs are mostly incompetent, untrustworthy, or both. -MW-
Re: Joe Sixpack doesn't run Linux
On Thu, 23 May 2002, Curt Smith wrote: This is a fairly accurate description of the situation, but neglects to emphasize that the reason [1-cypherpunk] bothers convincing [2-coerced associate] to use encrypted e-mail is because [1] understands its importance and is attempting to share/spread that understanding. Yes, [1] understands its importance. I think you overestimate the amount of effort put forth by [1] to spread the Word, though. While evangelizing strong crypto might be second-nature to a cypherpunk, the other members of [1] are standards-setters because they must be. They require [2] to use strong crypto, because it is their asses if they don't. They don't care, and don't need to care, if [2] understands the value of strong crypto, as long as [2] uses it in communication with [1]. Although [3-Joe Sixpack] may not understand or appreciate encryption, [3]'s support is helpful to protect [1]'s cryptography rights. Furthermore once [3] has crypto, [3] will resist attempts to take it away (along with his six pack, etc.). With this, I fully agree. The challenge is to design a system that satisfies the security requirements for [1]'s threat model and the usability requirements for [3]'s attention span. It has yet to be done. All attempts thus far have been lucky if they only fail at one of those two goals. Most fail at both. -MW-