Re: Encryption on Mailing lists sensless?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 22 November 2014 at 9:47:09 PM, in mid:1796158353.20141122214709@my_localhost, MFPA wrote: I don't know how Thunderbird+Enigmail handles this. Having asked the question on PGPNET, I am told that Thunderbird+Enigmail warns that users of some PGP Corp. products won't be able to decrypt if they are BCC recipients. If you ignore the warning, all BCC recipients' keys are included in the encryption list. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net One morning I shot an elephant in my pajamas. How he got in my pajamas, I don't know. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlR1FuZXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pwFIEALSzVk3hwiYbeuq90UEyWXfbRf0wPrsoZH03 uaRqxnKtaohAISVRw7LxtPcmwAcQZjJIZlE0FlsglN86ekSF9g7Cr2k6r7NX/SZp LjCvTI7z1uP6Tt+gewl6BMk8YRrcASdobGUS79EvzD3Q7+zKH0E9aoD9+8ZPzV4v qUCylV4FiQF8BAEBCgBmBQJUdRbmXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRp b25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZB NUEwRjU2QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwS8sH/RycmjdK8AfvzsS9 XlvfKnunVXMUcf+qyIL+UsKRjP1WCSLkgzHLgeva931xwy5SvnxGGyQuU1SY37VY uJR2dEUadY47+zJfCudYkodd3ETxpLT7MVqc8gr7BXoU8HYsl4hYGssHENoY464h gUQEj5EUj2AqNiS6gjyNID+puiiXfLlyrFKC8aXtwFVW2ViKNUNK6OfTNBSm6fjM sFo8YWB3RWfO6TwEwgIXwncflcuBq+zEqJf/5xHjxTNDckumQhIb3n7wO5CaGUap q6RuM4f2Oa8O0dddxb89EoxzOlbfSxRwIT409fzI5CmcHbajt1P52Tp7wVCJd/Y/ gaZWx8g= =BiJx -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 11/24/2014 09:57 AM, michaelquig...@theway.org wrote: MFPA 2014-667rhzu3dc-lists-gro...@riseup.net wrote on 11/22/2014 04:16:38 PM: From: MFPA 2014-667rhzu3dc-lists-gro...@riseup.net To: michaelquig...@theway.org on GnuPG-Users gnupg-users@gnupg.org Cc: michaelquig...@theway.org michaelquig...@theway.org Date: 11/22/2014 04:16 PM Subject: Re: Encryption on Mailing lists sensless? -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 19 November 2014 at 7:50:32 PM, in mid:ofbe3b7f0e.c137fe74-on85257d95.006c7c99-85257d95.006cf...@theway.org, michaelquig...@theway.org wrote: Which of course would not be possible if the public mailing list was all encrypted. Unless the search engine subscribed to the encrypted list and produced search results in the clear. - -- Best regards And I'm not sure what we would be doing there except burning extra CPU cycles encrypting everything that's now publically available because the search engine has it all decrypted. Well, membership would presumably be by invitation only. With end-to-end encryption, recipients could be confident about the integrity of messages. And messages could be uniquely watermarked for each recipient, so that leakers could be identified, and dropped from the list. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 19 November 2014 at 7:50:32 PM, in mid:ofbe3b7f0e.c137fe74-on85257d95.006c7c99-85257d95.006cf...@theway.org, michaelquig...@theway.org wrote: Which of course would not be possible if the public mailing list was all encrypted. Unless the search engine subscribed to the encrypted list and produced search results in the clear. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net However beautiful the strategy, you should occasionally look at the results. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlRw/TtXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p7DQEAIKc0KX9GOiNA8Hu/Vp0AT2zHOjVHWKecRbP uZWkhsY1m73aZJGgy54HdFhzslGwoZiePwlUxSmRSZsSId78XsXVjlNUZshadyMT uJZvo1IJw3rpqmzCt05bzD2G3BinxvIBwaf/HnOpgMvZK/ga7irq2aNdix3Mxm1K IslEsxbMiQF8BAEBCgBmBQJUcP07XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRp b25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZB NUEwRjU2QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwd+wH/2ztQ9fvkVV9Ztkn tJmRJD+ELQCMn3z+M/Yhr62wzQbTkH3bFiczD6DwLQknhr21wS01CWT5Fh6uD97K vjWFfxs+PzVlBgdjIsQHo2kDMg5wnPyAdUBjWPa5RufhsOFbJMSKr4edZAzNe5bC GHvMA5de2mfHjPrjM5hm7LagRZzvCl5FLjsf3T6Cez0r+5m/kZY4AaRTk8FS8Mty u7PP/q8eTJEwzhgRq4aWUah+34rDKdn397v4vg5aPhS7FYVBMIU/mmsmJOsl37XC +k9x80dOnyEmAK4C2RnarBcLqFreboz4P8FmKuFDQlt4edGYOpaREFu+ClYoe4LE 7z9pKuQ= =qcVd -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 20 November 2014 at 9:54:50 PM, in mid:59025860.ipmifae...@collossus.ingo-kloecker.de, Ingo Klöcker wrote: KMail encrypts an individual copy for each BCC recipient. I thought Thunderbird+Enigmail would also do this. I don't know how Thunderbird+Enigmail handles this. The app I was thinking of encrypted an individual copy for each recipient, be they a To, a CC or a BCC. Any mail client not doing this completely subverts BCC (unless --throw-keyids or --hidden-recipient is used, I agree. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Vegetarian: Indian word for lousy hunter!!! -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlRxBGNXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5p+H8EALMXRIHCXcNfC7TE05b5R0hgMRgkMkjTkXEH eCsgvs0SAL2ai4JKraDIw28rEhLtXjLrZftcjns9y2IrIlTmJgI6S3uiar3G8srX Eo6KbkPjD/kAzRzCbYoaW2DWV1PfLuqUeYtDxYeOM/V5ejo2U0HfblzfXQ+1KrIL CVAFYajEiQF8BAEBCgBmBQJUcQRjXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRp b25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZB NUEwRjU2QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwR5wH/0cNDfTmWZCf4hG3 ITs9jrQtTvAoNmqVCJDjkmdKTK0G0vY3bkw20uzkDVik1ju1O2c6irnmLlMbHrut 7efkeIfbchxhRGGZkZXM8UhTK2NE+G47o82UrdSeGuJwKxfLYFXyPlgZzzYj4GAl sz9VbErXqrCvyI0W8yl3bid8+zH1Mg2XEbbfJZh+j0xBa5A/0r/MTKkqUWSZYNYJ zcC9UJoxtx4f8HYeQP3Ixl2McRf8tOW2xuXFh2Idj79hH+uS1KRIfjMuOQpf6jO2 TSeEwXgTa8uXLrK4HGC1oMkKRrx9yKwpG1S9QhX0Jo+g8uN6gvPTJBfeJrH6gOM0 FiyR90I= =lwpN -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Thursday 20 November 2014 14:36:35 Schlacta, Christ wrote: On Nov 20, 2014 1:58 PM, Ingo Klöcker kloec...@kde.org wrote: On Tuesday 18 November 2014 22:43:18 MFPA wrote: KMail encrypts an individual copy for each BCC recipient. I thought Thunderbird+Enigmail would also do this. Any mail client not doing this completely subverts BCC (unless --throw-keyids or --hidden-recipient is used, but even throwing the key IDs still leaks the number of hidden recipients). There's nothing preventing a list server or mail client from intentionally adding a pseudo random quantity of invalid or junk keys to the recipient list, thus obfuscating the number of additional recipients, only providing an upper bound to the estimate. Adding additional junk keys doesn't help if the recipient (or the recipients) expect a certain number of recipients. If the message is encrypted to more than (expected number of recipients)+1 (for encrypt to sender) then the recipients most likely will wonder who the other recipients are. You'll have a hard time convincing them that the other recipients are just fakes to confuse a third party intercepting the messages. Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Nov 21, 2014 8:55 PM, Ingo Klöcker kloec...@kde.org wrote: On Thursday 20 November 2014 14:36:35 Schlacta, Christ wrote: On Nov 20, 2014 1:58 PM, Ingo Klöcker kloec...@kde.org wrote: On Tuesday 18 November 2014 22:43:18 MFPA wrote: KMail encrypts an individual copy for each BCC recipient. I thought Thunderbird+Enigmail would also do this. Any mail client not doing this completely subverts BCC (unless --throw-keyids or --hidden-recipient is used, but even throwing the key IDs still leaks the number of hidden recipients). There's nothing preventing a list server or mail client from intentionally adding a pseudo random quantity of invalid or junk keys to the recipient list, thus obfuscating the number of additional recipients, only providing an upper bound to the estimate. Adding additional junk keys doesn't help if the recipient (or the recipients) expect a certain number of recipients. If the message is encrypted to more than (expected number of recipients)+1 (for encrypt to sender) then the recipients most likely will wonder who the other recipients are. You'll have a hard time convincing them that the other recipients are just fakes to confuse a third party intercepting the messages. Perhaps a future version of the pgp specification should say something akin to gpg should always add a number of junk keys, perhaps to pad the key list out to one from a list of constant sizes, just to ensure that nobody can know for sure how many recipients there are (except the sender), and can at best place an upper bound. Perhaps the valid keys should be placed pseudorandomly throughout the constant sized key table ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Tuesday 18 November 2014 22:43:18 MFPA wrote: On Tuesday 18 November 2014 at 6:15:57 PM, in mid:546b8cdd.5010...@riseup.net, Mirimir wrote: As long as messages were separately encrypted to each recipient, no third parties would be involved. For an email message with multiple recipients, I think most mail clients and OpenPGP encryption agents that I have looked at encrypt the message to all addressees at once. I only recall one combination that encrypted an individual copy for each addressee, and am not sure I correctly remember which it was. KMail encrypts an individual copy for each BCC recipient. I thought Thunderbird+Enigmail would also do this. Any mail client not doing this completely subverts BCC (unless --throw-keyids or --hidden-recipient is used, but even throwing the key IDs still leaks the number of hidden recipients). Regards, Ingo signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Nov 20, 2014 1:58 PM, Ingo Klöcker kloec...@kde.org wrote: On Tuesday 18 November 2014 22:43:18 MFPA wrote: KMail encrypts an individual copy for each BCC recipient. I thought Thunderbird+Enigmail would also do this. Any mail client not doing this completely subverts BCC (unless --throw-keyids or --hidden-recipient is used, but even throwing the key IDs still leaks the number of hidden recipients). There's nothing preventing a list server or mail client from intentionally adding a pseudo random quantity of invalid or junk keys to the recipient list, thus obfuscating the number of additional recipients, only providing an upper bound to the estimate. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Robert, let's try to defuse this. To quote Werner, Salam-Shalom. First, charlatan and snake oil imply deceit. Goodcrypto: * Is open source * Uses GPG for mail encryption * Links to The limits of GoodCrypto right on the front page * Has asked for audits from many people, including: * Open Crypto Audit Project * EFF * Privacy International I humbly suggest this demonstrates that we are trying very hard not to fool anyone. You made the great point that a mail server and sysadmin is a single point of failure. This is covered in our Design document referenced from our Technical FAQ. There are tradeoffs to everything. Because a mail crypto server is a tempting target, we have to protect it very carefully. Please let us know the details about any successful attacks you find. We'll have to disagree on whether we should ignore clear evidence about DSA because academics haven't published yet. I understand this is very important to you because of your NIST association. I'll try hard to let you have the last word :) Nan GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 19/11/14 01:31, Robert J. Hansen wrote: No. Client-side, you get to inspect (fully) only your data, and you have to develop a statistical model of spam based on only your data. When Gmail filters, it inspects (fully) traffic to *millions* of users, and uses that to create a model no individual user can hope to match. I agree with several other important points you raise, but this one is not a big deal. I have a highly customized mail setup. My SpamAssassin downloads rules from the internet, but trains its Bayesian filter on only the e-mail I personally receive. Everyone who has ever sent me a non-spam mail is added to a whitelist. Mail from whitelisted people never gets automatically moved to the Spam box, and my mail client shows their messages in a different color. As soon as I receive a spam mail from such an address, it is immediately (manually) deleted from the whitelist (actually moved to the greylist so it's not added to the whitelist again next time). I have an empty blacklist. It exists, though. It would cause mail to be silently deleted. Somebody once had the honour of having me create it and put him on it :). SpamAssassin throws spams in a Spam folder for me to check every few weeks. I sort them by subject line so I can quickly scan through. Checked spam that I perceived as spam is still kept around for quite a while, just in case someone writes to me I wrote you months ago and you haven't replied. Then I can go back to everything I've already written off as spam to see if I looked past their mail. This setup works great for me. If I get a few false positives in a year, it is a lot. They are so scarce that I'm completely unsure what the actual number is. I do get false negatives, but it doesn't feel like more than 10 each week. Every now and then a short surge of nearly identical spams, though.[1] I still think your overall point stands, and stands tall. But the spam filtering issue; from personal experience, I don't think that's a really major issue. If it were, I'm sure we can think of some way to have publicly available training data that can be refined by individuals who can feed it back to the publicly available data. It might need some thought: you don't want to have a really classified mail which got qualified as spam to upload new words to the public data. So probably most individuals would only adjust existing weights, and only some setups would contribute new words. This could come from spamtraps and organisations or even individuals who send in complete training mails. And perhaps this all is even not necessary, and the system would be just as effective with a big corpus of data where only weights are changed by submissions. But this is all a bit beside the point. The point is that spam filtering works just fine on an individual level, for me. And if it would create problems, I'm sure we can think of things that would solve that specific issue. Peter. PS: By the way, some mail is already denied at the mailserver and never enters the system. The most important instance of this is mail purporting to come from myself, but not originating from within my own network. Lots of spammers send you spams from your own address, be it in the envelope or in the headers. I run my own webmail server, so even if I need to send myself a message and I didn't bring my laptop, it would still originate from my own webmail server. [1] Actually that is a case where the distributed solution truely excels: quickly homing in on the latest mass mailing. The sheer number of identical mails alone is a big warning sign, and a lot of people will start reporting them as spam. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 19/11/14 09:54, Nan wrote: First, charlatan and snake oil imply deceit. They often do, don't they? I doubt that is what is meant, though. If I look in the Oxford online dictionary: Definition of charlatan in English: noun A person falsely claiming to have a special knowledge or skill Definition of snake oil in English: noun [mass noun] informal , chiefly North American 1 A substance with no real medicinal value sold as a remedy for all diseases 1.1 A product, policy, etc. of little real worth or value that is promoted as the solution to a problem These all seem to definitely be how I interpreted Rob's messages. I personally never read any implication of wilfull deceit, but I'm famous for missing nastiness sometimes.[1] I can completely understand you read an implication of wilfull deceit. I doubt it is actually there, though. Does this help in defusing? We'll have to disagree on whether we should ignore clear evidence about DSA because academics haven't published yet. I understand this is very important to you because of your NIST association. I hope you've already defused by now, because this looks like lighting the fuse. Hopefully by now it's just a bit of fizzing wire, kept well away from the bomb. Peter. [1] Okay, in light of a recent event: sometimes I see nastiness that's not there! ;) -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://digitalbrains.com/2012/openpgp-key-peter ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Le 19/11/2014 à 12h17, Peter Lebbing a écrit : On 19/11/14 01:31, Robert J. Hansen wrote: No. Client-side, you get to inspect (fully) only your data, and you have to develop a statistical model of spam based on only your data. When Gmail filters, it inspects (fully) traffic to *millions* of users, and uses that to create a model no individual user can hope to match. I agree with several other important points you raise, but this one is not a big deal. I have a highly customized mail setup. My SpamAssassin downloads rules from the internet, but trains its Bayesian filter on only the e-mail I personally receive. And you can even share within a F2F meshed system the bayesian-trained rules. For example everybody could send her “friends” her set of rules, including the one of her friends, dividing the “credibility” of rules according number of hops they made (with a logarithmic progression). You could even define more categories than just “looks-like spam (ads)”, but also the same about insults/troll (comparing the number of exclamation marks with the size of message or this kind of details can be useful to gain a *lot* of time), shaming messages, menace messages (so useful if each MUA in the world could automatically filter rape menaces feminist activists receive, for instance, or for any other particulary dangerous/rude activism), racism (“'nigger' = -10 000”, for instance) , LGBTIA-phobia, fascism (“'(natural|objective) differences' = -100”, “'not like us' = -100”, etc.), etc. And all that could be shared in a point-to-point and F2F manner, so that you’re sure activists of a certain struggle will have their common rules really perfectionned against certain things, and you’ll be sure all that will automatically adapt according people and their milieus, and language/expression evolution (antisemitism, for instance, is not expressed today the same way than yesterday). Oh, and imagine that everything of that could be used not only in email, but in common on every type of asynchronous communication. *Everywhere*. Including blogs/comments, microblogging, mailing-lists (you could even imagine the F2F rules sharing extend to mailing-lists themself so some could contain “advisory rules” for clients), etc. That would avoid horrible situations like “transexual people don’t using anymore the Internet to discuss”, “feminists don’t allowing comments anymore —loosing a great amount of potential really interesting analysis— and even developping plugins to automatically mask comment systems on blogs“, or “having someone who’s psychologically hurting a lot of people, wanting a safe space for them but also wanting to have a collaborative space to debate with her to try to fix that and make her able to speak peacefully with others so we can reintegrate her”. Of course good luck if you expect from an authoritarian centralization to become nice and struggle for people rights against the system of inequalities, classes, races or patriarchy… Oh yeah, they /tried/ “nice centralization to free people” in the East. Didn’t work. Quite the opposite (ostracizing gays and foreigners, forcing women to found families, workers to work, what a success…). However: if you expect freedom from centralization, good luck. [1] Actually that is a case where the distributed solution truely excels: quickly homing in on the latest mass mailing. The sheer number of identical mails alone is a big warning sign, and a lot of people will start reporting them as spam. And that’s why I spoke about cryptography, and notably about “hashes”. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 19 Nov 2014 12:28:04 Peter Lebbing wrote: looks like lighting the fuse *Not* my intent. Just acknowledging that I understand it's important to you, Robert. Feel free to ignore the paragraph. If there's a blast, we'll all survive :) Nan GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
First, charlatan and snake oil imply deceit. From Google: A product, policy, etc. of little real worth or value that is promoted as the solution to a problem. So let me say it clearly: your product is of little real worth or value. It's snake oil. It doesn't appear to bring anything to the table that SMTP+TLS+DNSSEC doesn't already (as M. Garreau already observed before me). I humbly suggest this demonstrates that we are trying very hard not to fool anyone. Except the people you want to sell this service to at $5,000 a year. You want them to believe you are a knowledgeable expert about communications and computer security issues. As near as I can tell, you are not, nor do you recognize that you are not. I don't think you're malicious. I think you're foolish and are trying to sell your foolishness to the scared and the desperate at a high price. I am urging, begging, you to stop. It's socially irresponsible. You made the great point that a mail server and sysadmin is a single point of failure. This is covered in our Design document referenced from our Technical FAQ. There is no design document referenced from your technical FAQ. There's an entry, What is GoodCrypto's design?, that says nothing of your design. It's a marketing document, not something that an engineer can use to get a grip on how the application stack is architected. For that matter, even as marketing material it's rife with errors. Just reboot to remove Advanced Persistent Threats. If getting rid of it is that simple, it's neither persistent nor advanced. To avoid forensics, most malware is volatile. Malware, especially poorly-written malware, writes to disk frequently and leaves behind many traces. This is the _raison d'etre_ of the antivirus industry: that's why periodically your AV software scans your hard disk looking for signatures. Elliptic curve [cryptography] is known [to be] compromised. I would love to see references for this. Again, peer-reviewed papers in reputable journals, please. Virtual machine attacks are not yet well known. In fact, they're so well known they've broken out of the high-end forensics world and into DEFCON. (Seriously. At DEFCON 20 Alex Minozhenko gave a talk on How To Hack VMWare In 60 Seconds.) I could go on, but ... I trust my point is made clear. We'll have to disagree on whether we should ignore clear evidence about DSA because academics haven't published yet. I've asked for your clear evidence several times and the only thing you've got is, in 2000, NIST specified using 1024-bit keys for DSA. Obviously DSA is compromised. And you haven't even offered that much for your claim that elliptical curve cryptography is compromised. I understand this is very important to you because of your NIST association. It's important to me because I despise snake oil, especially when it's sold to desperate and scared people. I am not associated with NIST in any respect other than I wrote a piece of software for the forensics community which helps facilitate hash lookups against a NIST dataset. Anyway. I'm finished here. I think there's now enough of a record associated with this that when people thinking of dropping $5K on GoodCrypto do a Google search for it, they'll find my objections. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
I agree with several other important points you raise, but this one is not a big deal. I have a highly customized mail setup. My SpamAssassin downloads rules from the internet, but trains its Bayesian filter on only the e-mail I personally receive. I don't mean to sound like I'm dismissing your experience, because -- well -- your experience shouldn't be dismissed. (Nobody's should.) But I do think you might be overlooking something: you already experience a significant benefit from the aggressive, God's-eye-view anti-spam efforts of Google, Yahoo!, Microsoft, and more. The things they do for their users have a ripple effect in making your own anti-spam fight a little easier. A couple of months ago Mike Hearn wrote a brilliant treatise on end-to-end cryptography and anti-spam technologies, with a long digression on how anti-spam technologies work at Google. It's worth every second it takes to read. https://moderncrypto.org/mail-archive/messaging/2014/000780.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-19 at 18:17, Robert J. Hansen wrote: N I agree with several other important points you raise, but this one is not a big deal. I have a highly customized mail setup. My SpamAssassin downloads rules from the internet, but trains its Bayesian filter on only the e-mail I personally receive. I don't mean to sound like I'm dismissing your experience, because -- well -- your experience shouldn't be dismissed. (Nobody's should.) But I do think you might be overlooking something: you already experience a significant benefit from the aggressive, God's-eye-view anti-spam efforts of Google, Yahoo!, Microsoft, and more. The things they do for their users have a ripple effect in making your own anti-spam fight a little easier. A couple of months ago Mike Hearn wrote a brilliant treatise on end-to-end cryptography and anti-spam technologies, with a long digression on how anti-spam technologies work at Google. It's worth every second it takes to read. https://moderncrypto.org/mail-archive/messaging/2014/000780.html He’s mainly explaining how do you fight spam in a centralized way, and then explain how all the centralized techiques are unusable when using crypto. That’s normal, crypto and decentralization comes together. You need to think according other paradigms. It’s like when you live in society. You can either think the autoritarian way “if I were the Great King Controlling Everything what could I do to fix the problem?”, or the social/free way “what should I do so that if everybody did like me the problem would get fixed?”. So that involves way much complex maths (well, actually, *different*: in the centralized world it’s already really complex, but the complexity you need to decentralize is compensated by the local private data you can access and the crypto techniques you become used to), DHTs, meshes, crypto, symmetric communication, political thought, users education, etc. I don’t consider that an issue. Quite the opposite: the result —and we always end finding it— is *beautifull*. It’s like admiring the almost perfectness of the way human body chemical biology works. It’s like admiring a fractal. You just end with something approaching what you observe within organic structures, something more resilient, perennial, big, free, flexible… Also he speaks about using bitcoin, which is not a good point bitcoin not being really secure: you just need more computational power than the half of the network and you can takeover it. Big government can do it. Also bitcoin needs anyway a lot of computational power, worse, it *encourage* it by competition. That’s really catastrophic ecologically. And finally it suffers from the problem of globalizing everything, contrarily to the Internet (and GNUnet) historical architecture where everything is the most local possible (within the Internet only IP attribution and DNS are global, within GNUnet *nothing* is, so you could transparently divide, join and grow GNUnets without any problem). Yet proof-of-work can be effectively used to prevent abuse. GNUnet use it to prevent spamming its global DHT with lot of revok’ certs it will store for a while. It could be made on messages if we didn’t need a certain fastness (merging all asynchronous communication means even microblogging will have the same requirements) and we didn’t already had concepts of mesh, WoT, bayesian filtering, F2F and cryptographic signature. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Gnupg-users gnupg-users-boun...@gnupg.org wrote on 11/19/2014 02:30:40 PM: - Message from Robert J. Hansen r...@sixdemonbag.org on Wed, 19 Nov 2014 12:08:42 -0500 - To: Nan n...@goodcrypto.com, gnupg-users@gnupg.org Subject: Re: Encryption on Mailing lists sensless? . . . . . . . . . Anyway. I'm finished here. I think there's now enough of a record associated with this that when people thinking of dropping $5K on GoodCrypto do a Google search for it, they'll find my objections. . . . . . . . . . Which of course would not be possible if the public mailing list was all encrypted. I can't count how many times I find relevant and information that helps with the task on which I'm working by using a search engine. At times, the helpful results are from mailing lists I've never heard of much less subscribed to. Other times the information is on a mailing list I'm familiar with, but don't have the time to follow on a regular basis. I get too much in my inbox as it is. But be able to find the information from a general search engine can be of immense aid.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
He’s mainly explaining how do you fight spam in a centralized way, and then explain how all the centralized techiques are unusable when using crypto. That’s normal, crypto and decentralization comes together. You need to think according other paradigms. And the point I'm making is this: this setup, which works, is what we will have to discard and replace if we move to E2E crypto. I'm not saying decentralized systems can't work. I'm saying that before we throw out our current system, we need to look long and hard at what it does, why it does it, and how effective it is -- because as soon as we adopt E2E crypto this thing goes completely away and we're going to need to rebuild it in a quite different way. I don’t consider that an issue. Quite the opposite: the result —and we always end finding it— is *beautiful*. No, you don't always end up finding it (where 'it' is 'a decentralized algorithm that offers efficiency equivalent to a centralized algorithm'). There are many algorithms that have no known equivalently-performing decentralized alternative, algorithms where global knowledge is strictly necessary. Decentralized algorithms also have really interesting failure modes. Back in 2008, a one-bit error in Amazon's S3 cloud propagated from one node to the next and ultimately brought the entire thing down for several hours. It was a brilliant example of both error propagation and the limits of Byzantine fault tolerance.[1] I'm a firm believer that decentralized algorithms are a good thing, but let's keep our sense of perspective, all right? They're not magic and they don't always beat centralized algorithms. [1] http://status.aws.amazon.com/s3-20080720.html -- a really fascinating read if you love decentralized algorithms. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Hi Robert, Given that I've seen PGP-signed spam mails, no, I think you're being naive. You use the same antispam/antivirus you use now. What people do today is a little complex, so I understand why it's not clear: your mail server - your crypto server (decrypts) - your mail server (antispam etc) - user (tls) If you're running the mailserver and you can decrypt my secured messages, then there's nothing preventing the federal government from serving you with a subpoena saying, please hand over the encryption keys. I agree. A third party should never handle the filtering of mail. If my email is n...@mygroup.org, then mygroup.org handles the encryption, decryption, spam filtering, etc. The only person who can be trusted to do the decryption is the end user, running on hardware the end user directly controls. In an ideal world, yes. But after 20 years of recommending user-to-user encryption, it's clear most users can't or won't. As Bruce Schneier says, If there's anything PGP has taught us, it's that one click is one click too many. Experts can still encrypt any messages they want individually. We can't leave the rest of us unprotected. I care very little about what happens to corporations. I agree again. I'm much more concerned about human rights groups and stopping mass surveillance. You're still talking about destroying the antispam experience of end-users. The group's mail server handles spam, viruses, etc., just like it does today. No change for the user. Nan GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 11/17/2014 09:30 PM, Nan wrote: I think you'll find this has been solved for years. The solution is PGP/etc. between mail servers, and TLS/SSL to the user. Why use PGP between mail servers? SSL/TLS can be used for that, too. Actually, opportunistic server-to-server TLS is supported by many mail server software, and is becoming more and common. Using PGP for anything less than end-to-end encryption seems pointless to me. Particularly if it distracts mail server administrators from enabling server-to-server TLS, which we need anyway to protect the metadata (headers) that are *not* encrypted by PGP. signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
UX-designer-aproach to car design: We need to remove break and clutch pedals from cars because our user studies say that a 3 pedal interface for driving an automobile is just way too difficult. I say those who can’t be arsed to learn how, do not deserve a driver’s license. You let a child fail and try again until they learn… so on and so forth. Some encryption software UI is too difficult, yes, some pretty much lack a UI. Fair enough. But the one click is one click too many” defeatist mentality is just wrong. It is not always the UI’s fault and sometimes you just have to say “make the user learn or make ‘em go away”. Yes, it’s a valid option. PS: I work with UI and UX folks on software all the time. Yes, it might get a little heated sometimes :). -- Ville On 18 Nov 2014, at 11:43, Nan n...@goodcrypto.com wrote: In an ideal world, yes. But after 20 years of recommending user-to-user encryption, it's clear most users can't or won't. As Bruce Schneier says, If there's anything PGP has taught us, it's that one click is one click too many. Experts can still encrypt any messages they want individually. We can't leave the rest of us unprotected. signature.asc Description: Message signed with OpenPGP using GPGMail ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
I agree. A third party should never handle the filtering of mail. If my email is n...@mygroup.org, then mygroup.org handles the encryption, decryption, spam filtering, etc. A third party -- your mailserver administrator -- should never handle the decryption or signing. (There may be a couple of use cases where it makes sense, but they're few and far between.) All it takes is a subpoena, and any citizen can file one of those. It appears that you're selling a solution that involves giving a third party access to your plaintext, all the while telling people that your product will keep their communications secure. I don't see how that can be called anything other than snake oil. I agree again. I'm much more concerned about human rights groups and stopping mass surveillance. So far you've -- * Made false claims that DSA is compromised * Made false claims that NIST only minimally changed a compromised standard * Advocated giving third-parties regular and routine access to plaintext None of this is compatible with your claim that you're concerned about human rights groups and stopping mass surveillance. Please stop hyping snake oil. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-18 at 10:43, Nan wrote: If you're running the mailserver and you can decrypt my secured messages, then there's nothing preventing the federal government from serving you with a subpoena saying, please hand over the encryption keys. I agree. A third party should never handle the filtering of mail. If my email is n...@mygroup.org, then mygroup.org handles the encryption, decryption, spam filtering, etc. mygroup.org is a third party. mygroup.org is static. mygroup.org is a different person than nan. mygroup.org can be corrupted, menaced or cracked. nan will not know. The only person who can be trusted to do the decryption is the end user, running on hardware the end user directly controls. In an ideal world, yes. But after 20 years of recommending user-to-user encryption, it's clear most users can't or won't. Context changes. 20 years ago fascism weren’t raising again at this rate, petrol wasn’t at a decade of ending, and Snowden didn’t made his revelations. It doesn’t mean it’s impossible but it means we were doing it wrong. The GNUnet philosophy of “just prepare the change of roughly everything, make all the simplest possible and do a lot of philosophical/political education” seems the most utopic, but also the more realist to me. As Bruce Schneier says, If there's anything PGP has taught us, it's that one click is one click too many. Experts can still encrypt any messages they want individually. We can't leave the rest of us unprotected. Within MUA such as ClawsMail, Thunderbird, etc. you don’t need a click, just a configuration. Within networks such as GNUnet you don’t need a configuration, just a “registration”, “connection”, “installation”, or wathever you call it. Your adress is your public key, on computer it can be the nick associated in a signed entry within DHT possibly with a vizhash, and physically it’s a QRCode. Nothing more simple. It’s actually simpler that the current unencrypted internet. And as it were said, to gain freedom sometimes you need an effort. If you consider it pointless, you deserve to remain a slave. I care very little about what happens to corporations. I agree again. I'm much more concerned about human rights groups and stopping mass surveillance. Making authority nice? Teaching people freedom is not utopic, making authority nice and respectful is. You're still talking about destroying the antispam experience of end-users. The group's mail server handles spam, viruses, etc., just like it does today. No change for the user. Yes, no. any. change. Unfortunately. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
It's time to expose my ignorance again, hopefully to cure some of it. On Mon, Nov 17, 2014 at 12:02:07PM -0500, Robert J. Hansen wrote: But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam This would have the ultimate effect of destroying email as a platform. Email works as well as it does -- as well as fails so miserably in other ways -- largely *because* it's open to inspection. As an example, pervasive end-to-end encryption would require antispam defenses to move to the client rather than being deployed at the mailserver or relay. This would essentially be tantamount to giving up, since there are no really effective client-side antispam measures. Would this not at the same time make it simple for MUAs to discover that this message is not from anyone you say you know. Delete without reading? Because to decrypt the SPAM, you need the public key, which is identifiable. Even if the spammers lie, well, it's from no one you know, or it's verifiably *not* from who the sender claims to be. Similarly, it would assist in the spread of malware and viruses and for the same reasons. If a mailserver can't inspect the email, it can't recognize malware and quarantine it for the health of the internet. Again, if it's provably from no one you say that you trust, the MUA could refuse to execute runnable content without explicit permission. (Which I say should be the normal and only setting for all content, but I know I'm a crank.) I can also say that, so far as I know, the principal effect of MTA-based antivirus in my life is to prevent me consciously emailing known innocuous code that I wrote to people who ask for it. So I for one wouldn't miss it. That's selfish of me, of course. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Alexandre, do you really believe that anyone could deserve to remain a slave? Assuming you don't, I'll address your calmer points. mygroup.org can be corrupted, menaced or cracked. Sure, a server is a single point of failure for the group, and must be carefully configured and protected. It's still much safer than hoping users will protect themselves. the change of roughly everything I prefer solutions that protect as many people as possible now. ClawsMail, Thunderbird, etc. People usually don't want to change mail clients. Most have no idea how to configure crypto or manage keys. Nan GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Would this not at the same time make it simple for MUAs to discover that this message is not from anyone you say you know. Delete without reading? Sure, but that also destroys the email ecosystem. One of email's strongest points has been that no introduction is necessary to begin a conversation. This year I found myself re-engaging with a friend I lost touch with a decade ago, who found me on a mailing list and figured to drop an email and see if maybe I was the same Rob Hansen she knew from back when. If my MUA/MTA had hidden it from me just because there was no introduction, or urged me to delete it without reading... Could email as a platform survive the shift to introduction-based systems? Sure. But it would totally transform the email experience, and maybe in ways we wouldn't like. That's why I'm so skeptical of proposals to fix email in this way: we might fix email, but we might also kill it at the same time. Again, if it's provably from no one you say that you trust, the MUA could refuse to execute runnable content without explicit permission. (Which I say should be the normal and only setting for all content, but I know I'm a crank.) It already is. Double-click on an executable attachment and a window will pop up with a warning about how you should only run code from people you know and trust, click OK to cancel running this, click I know the risks to run it, etc. An awful lot of people click I know the risks. I've told this story before, but it bears repeating -- During my grad school days I had a colleague named Peter Likarish. Peter did some great work in using Bayesian statistics to detect phishing sites. Ultimately, he had an algorithm that could look at webpage content and decide with 95% accuracy whether it was real or phish-phood. He packaged this up inside a Firefox extension: when you browsed to a site and the plugin detected a phishing attempt, it would put a narrow red stripe over the top of the screen saying, Warning: this may be a phishing attempt! He put it into human trials using the University's HCI (Human-Computer Interactions) lab. The results were dismal. Post-experience interviews revealed that people weren't looking at the top of the web page. They genuinely didn't notice a red stripe across the top of the screen. So Peter went back to the drawing board and made a new interface. Now, the banner started off small, but there was a Click to dismiss button on it. Further, the banner would grow larger over time. Peter knew that the human eye is sensitive to motion: our eyes naturally are drawn to things that change. By making the banner grow larger, he figured he could increase its visibility. Back to the lab, and ... still dismal, soul-crushing results. This time, the overwhelming majority of the users confirmed they saw the warning. When Peter asked them why they chose to ignore it, the majority said they thought it was just another Flash ad that was hyping some fix your PC fast, now! solution. I ran into Peter shortly after he finished his final day of human trials. He was normally a very cheerful guy, but this day he just looked shattered. I suggested we walk down to the nearest watering hole and grab a beer, but he was too dejected. He said that of all the outcomes he imagined for his Ph.D., he never dreamed that it would be that his research could be accurately summed up as, the technology works fine, it's *people* who are completely broken. Shortly after I left grad school Peter found a warning mechanism that worked, incidentally. It's a cute technology and one I really wish more browsers would incorporate. I don't have a URL for a PDF of the paper handy, but the poster he presented at SOUPS 2009 is available online at: https://cups.cs.cmu.edu/soups/2009/posters/p9-likarish.pdf ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
third party -- your mailserver administrator The third party you don't trust is your own sysadmin. That person already has access to the plain text messages right now. So does everyone tapping your connections. We suggest that you limit that risk to the sysadmin you already trust. telling people that your product will keep their communications secure Yes, we are. We suggest that GPG crypto is more secure than no crypto, and better when it works for everyone in the group. Experts can still encrypt their own messages. That approach has had 20 years to work. Most people still don't encrypt mail at all. Good encryption that is used is much better than encryption only used by an elite. Made false claims that DSA is compromised I said was certainly compromised in the past. As you know, one source for DSA flaws is the current ssh-keygen man page: DSA keys must be exactly 1024 bits as specified by FIPS 186-2. You apparently feel there is some explanation for exactly 1024 bits other than the obvious one, that keys of that length are compromised. NIST changed this spec later, but always kept DSA. If you want another source, NSA themselves consider DSA, specifically ECDSA, to be only Grade B security. With their usual misdirection, NSA calls it Suite B. Red Hat explicitly says the NSA's Suite B is only good enough for most classified information. See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Release_Notes/bh-chap-security.html Made false claims that NIST . . . NIST has often changed specs as each compromise is discovered. Examples are DES, DSA, and Elliptic Curve. A very recent discussion is from Keeping Secrets -- STANFORD magazine (https://medium.com/stanford-select/keeping-secrets-84a7697bf89f): The agency has a second tactic to prevent the spread of cryptographic techniques: keeping high-grade cryptography out of the national standards. To make it easier for different commercial computer systems to interoperate, the National Bureau of Standards (now called NIST) coordinates a semipublic process to design standard cryptographic algorithms. ... The NSA's influence over the standards process has been particularly effective at mitigating what it perceived as the risks of nongovernmental cryptography. By keeping certain cryptosystems out of the NBS/NIST standards, the NSA facilitated its mission of eavesdropping on communications traffic. I suggest you are more careful about your accuracy before you make accusations of false claims, or use the nasty slur snake oil. GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
What distinguishes a mail list from email with bcc? Software? Size? As long as messages were separately encrypted to each recipient, no third parties would be involved. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 11/18/2014 06:30 PM, Nan wrote: third party -- your mailserver administrator The third party you don't trust is your own sysadmin. That person already has access to the plain text messages right now. So does everyone tapping your connections. We suggest that you limit that risk to the sysadmin you already trust. Any chance you can fix your client's handling of threading? You seem to start a new top post on every reply. - -- - Kristian Fiskerstrand Blog: http://blog.sumptuouscapital.com Twitter: @krifisk - Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 - Potius sero quam numquam Better late then never -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJUa4cjAAoJEPw7F94F4TagNc4QAJ4tRHvHD/AmjG9ye1W1+3oS IjRAzDgz+VKLYZzbVN7qmQzq3GzHIHZ3VIBOQPqurpSRdBl8R5ICB1cLTsgjBRhN dsBid2KGRm7pRw/XmEmgmr0SQxppAJSeGWVNCqvSyfqmZ2gjN9pUYO8em8KhtpJP Bz/k74ZgToQFodQrCuo8hooa+zgcC1J//juexu+GRWv36HF1tI3ynyuraDnS9smD oEkEPqrAQCKdoonyfLv+R+XHaL0Rww95whCmXtfiFfZMZNJUl8LQBmDEJHiCe4YD ZWIW+mcV6L9QQ7VRvRl+zg654OLb/QqWFkMhrkT4luKBbiJ4GphtET8Ivfvin5U5 uenQBUR9WHCQIxR+Nq2zf5TPW4MUlh60Up5ejnzCqLIOSD1DUwW2/JfisVHLLK+a lQggVWUNqph0p+atT4zrbU+KsfR+j818C31x4D0XR/1OvXs7dXNF27Q4UUSm0k9s GwuIX++wX5+/3nplxOK8SC3adY2BT3MfBxwfgMHNz1+wPiw752zC6WHAuZ9xdcZ3 u/kGJewMfkcsOoqILsO8iqOPYgziqUuhvEIyc8msWALAdrIe6p/zVZEXOhQVzkM1 mMm8FAAsIjac1wc/NM/6I9ZGfAxBlb4RDusDDtDLuntBbRiHn0E75Qm6bl73drTI qZaVgdst11SNc2CtgxUy =65X0 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Thanks, Kristian. I will look into it. GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Mon, Nov 17, 2014 at 01:49:01PM -0500, Robert J. Hansen wrote: [snip] The crypto dream is that the confidentiality of our messages will be preserved for centuries after our death, which sounds really great up until you consider what an archaeologist circa 4000 AD is going to be thinking. I have a stack of records here that could shed light on the way people lived in a long-dead civilization, but I can't read them. Why? What were these people doing that they thought their email to their Aunt Edna needed to remain secret for all time? Why is it that, millennia after they're gone, Aunt Edna's recipe for potato salad has to be gone with them? Or think about your own kids, circa 2040 AD. I'd love to read these emails between Mom and Dad when they were courting, but ... they were afraid of Somebody-with-an-S reading their emails. I wonder if they ever thought that the Somebody might be their son, who wanted to understand after their deaths how it was these two people came to meet and fall in love. This raises an interesting point. If I bequeath my collected letters to someone, how do I arrange the transmission of the necessary passphrases as well? I wonder if the lawyer who draws up my will would even understand the question. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
ClawsMail, Thunderbird, etc. People usually don't want to change mail clients. Most have no idea how to configure crypto or manage keys. They’re just the default and almost more used MUA. If you exclude proprietary software and SaaSS (webmail). But asking for privacy using proprietary services is a fallacy. I mean, you can’t say “PGP/GNUnet/other-crypto-implementation is useless to protect users, they use webmails” and say we fix the problem wrong. Because there is *no way* they can get true privacy with only a webmail. It would be ridiculous. When I said “deserve”, I said that you can’t expect freedom when you’re putting on you your strings yourself. PS: sorry for the two mails, I got confused. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-18 16:34, Nan wrote: Alexandre, do you really believe that anyone could deserve to remain a slave? In the meaning “it’s normal/understandable/explainable to be a slave if you want freedom without doing nothing to get it while other want you not to be”, yes. But all the importance of the meaning is in the “if” part. I think if someone do nothing, or do anything anyway, it’s for a reason, or, to be more precise, a cause, and I call this reason deserving freedom itself an initial lack of freedom (of thought, if you want). So for me, actually, “deserving” doesn’t exist, doesn’t have any true real meaning, just as “merit”, “duty”, “pride”, “shame” (in their meaning, not their objective existence as a sentiment) or “free will” (in its meaning opposed to determinism). Assuming you don't, I'll address your calmer points. mygroup.org can be corrupted, menaced or cracked. Sure, a server is a single point of failure for the group, and must be carefully configured and protected. From the point this server isn’t you, it’s never “protected” enough. You could maybe protect *enough* (and only *enough*, never “perfectly”). And that’s just about “cracking”, which is just a technical concern, not the more important. Because menace and corruption still exist. You could say you trust your provider… which is already really really really hard… is your provider independent from thing such as money? corruption? power? And even if it were, arguing that nodaways anybody could resist to currently existing powers and authorities is a fallacy. It's still much safer than hoping users will protect themselves. Not “hoping they will”, making so they will, because it’s the only way to deal with. As I said everybody learned to read and it’s more complicated than basic crypto usage. As I said systems rebuilt from scratch upon these ideas can be much simpler than everything existing before. And with context changing, need will come, and people, when they need it, can adopt something really quickly, at least as fast as they can. the change of roughly everything I prefer solutions that protect as many people as possible now. I didn’t say all of that were incompatible ;) They’re short-term as long-term solutions to things that need to change. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Il 18/11/2014 19:15, Mirimir ha scritto: What distinguishes a mail list from email with bcc? Software? Size? That you're sending to a *single* address that hides the others. As long as messages were separately encrypted to each recipient, no third parties would be involved. But: 1) you should disclose the whole list of subscribed addresses (that's really valuable metadata -- not to say a dream for spammers!) 2) you make mail headers and message size explode Not good, IMVHO... BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Zitat von Mark H. Wood mw...@iupui.edu: [...] This raises an interesting point. If I bequeath my collected letters to someone, how do I arrange the transmission of the necessary passphrases as well? I wonder if the lawyer who draws up my will would even understand the question. If we want to leave our stuff to the archeologists, we can store our own mails unencrypted. So do I (just because it is easier for me AND because I can keep my computers - hopefully - safe with other measures). If we want to jam the sniffers from the secret services,(I wrote about this motivastion in the very beginning of this discussion!) then it is totally enough just to encrypt the mails end to end on their way. Regards Matthias -- Matthias Mansfeld Elektronik * Leiterplattenlayout Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
The third party you don't trust is your own sysadmin. That person already has access to the plain text messages right now. So does everyone tapping your connections. We suggest that you limit that risk to the sysadmin you already trust. You're introducing a single point of failure -- and a SPOF that's highly susceptible to coercion, at that. You say you're opposed to widespread surveillance: this does *nothing* to address that. The only people it will stop are the people who aren't smart enough to realize, You know, I could just get a subpoena. Or the ones who think, You know, I could just plant malware on the sysadmin's computer and gain access to all their encrypted communications at once. Or the ones who think... I think that's exceptionally foolish. Build systems that provide a measure of security against smart, dedicated attackers -- don't build systems that only provide it against childish ones. This is not a solution. This is a surrender. Made false claims that DSA is compromised I said was certainly compromised in the past. As you know, one source for DSA flaws is the current ssh-keygen man page: DSA keys must be exactly 1024 bits as specified by FIPS 186-2. You apparently feel there is some explanation for exactly 1024 bits other than the obvious one, that keys of that length are compromised. You have not presented *any* evidence that 1024-bit keys are compromised. For that matter, you haven't presented any evidence that you understand what a FIPS is. A FIPS is a *Federal* Information Processing Standard. It's not binding on private citizens. All FIPS 186-x says is, if you want to use digital signatures with the United States Government, here is the digital signature scheme that we use. FIPS specifies a standard for the USG to use, not one for private citizens to use. Is it really so strange that a standards document would specify parameters for an algorithm? For that matter, DSA has never been limited to any keysize, not even under the FIPS 186-2 regime. DSA is the Elgamal signature scheme with a very slight algorithmic tweak to reduce one avenue of attack on it. If a private citizen likes DSA but thinks it would be better with a 8192-bit key, they're free to go for it. It's just Elgamal, after all. We know how to extend DSA arbitrarily. We just don't, because there's really no point in it. FIPS 186-2, which you're obsessing about, was released in January of 2000. In January of 2000, 1024-bit keys were expected to be safe for the next 20 years. There has never been *any* credible hint that, in January of 2000, the belief was that Elgamal signature schemes of length 1024 bits were suspect. It was the standard signature scheme in use in GnuPG 1.0 and PGP 6.5.8, both of which date back to that era. Find me a single peer-reviewed paper published in a reputable journal that says DSA-1024 is compromised. (Joe Bob's Web Page of Crypto doesn't count. Something like EUROCRYPT or Financial Cryptography does.) One. Just *one*. Do that and I'll happily eat a whole steaming plate of crow, feathers and all. But until then, I believe you're a dangerous charlatan. If you want another source, NSA themselves consider DSA, specifically ECDSA, to be only Grade B security. With their usual misdirection, NSA calls it Suite B. False. See, e.g.: https://www.nsa.gov/IA/Programs/suiteb_cryptography/ Browse around there and you'll find Suite B is certified for TS/SCI information. Again: this is publicly available information that the authors want to be shared as broadly as possible. Red Hat explicitly says the NSA's Suite B is only good enough for most classified information. False. Let's quote the exact page, shall we? [Suite B] serves as an interoperable cryptographic base for both unclassified information and most classified information. It never says it's only good enough for most classified information. It says it's used as an interoperable cryptographic base for most classified information. Given the size of the USG, it wouldn't surprise me if there was a rotor machine still in use somewhere. There's a lot of inertia there: bureaucracies don't change overnight, and the entire USG didn't switch to Suite B the moment the spec was published. Made false claims that NIST . . . NIST has often changed specs as each compromise is discovered. Examples are DES... With respect to DES, false. DES was proposed to the National Bureau of Standards (NIST's predecessor) in 1976; it was published as a FIPS in 1977, and was subjected to periodic five-year reviews in '83, '88, '93 and '99. No compromise has ever been discovered in DES; as of today, the best known method for breaking DES is brute force. DSA... You have not presented evidence for a single compromise against DSA. You point to a FIPS parameter specification and say the only reason this would happen is if it was compromised!, yet the civilian
Re: Encryption on Mailing lists sensless?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 18 November 2014 at 6:15:57 PM, in mid:546b8cdd.5010...@riseup.net, Mirimir wrote: As long as messages were separately encrypted to each recipient, no third parties would be involved. For an email message with multiple recipients, I think most mail clients and OpenPGP encryption agents that I have looked at encrypt the message to all addressees at once. I only recall one combination that encrypted an individual copy for each addressee, and am not sure I correctly remember which it was. And for mailing lists, Schleuder [0] encrypts the outgouing list messages to each recipient. The only third party involved is the list server, whic always exists on a discussion list. [0] https://schleuder2.nadir.org/documentation/v2.2/concept.html - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net The One with The Answer is seldom asked The Question -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlRry5VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pTJAEALZmeHPXUO7Gx9iWWHmviHoZ3sPkfLd3SPnl llOvQkQB252LSZ4wIli1pg0VLDLX5NdNAN/ur+8c7BFxNMLq0n+5KHrHs15U87C6 yZ3QgYCUo0/bY0gLG4bDyWGqOWYk7STJNSIfxNosrnGb/baxIRkjUrNe7xfuDTmT IiNiUxHkiQF8BAEBCgBmBQJUa8uVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRp b25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZB NUEwRjU2QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw/6MH/1JdX9qrmDa3x793 P2q9ZhCfkgjUnhdutGyilcU+ic0PmdP092vJiVIZW/ekXCwWx749u90idkEHa9lP rwRNU1i/ASYTmV8CojKOyS8sABCwvgRbaPSvjC8fd126YwfVxbQ9kR2L3aHg2qHy z3RnoLTEF0XjNkSdYXDF85eDVnis233RxrgB73nAcMIa0Mw2uh1vAv4QuP3qzqJM sish4Ulie+VzldQh4WjHy+XG0XxxU5Tt3bCMNWHOiJo4XVmYgRLvsgefNkOTdFH5 /FkzDS85cTHykuOHNc2ZIeCggnie9nwtq3VfFrIN2O5EG2EsO3MdnMkomI3rJEug VNEcX4I= =daFX -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 11/18/2014 03:43 PM, MFPA wrote: Hi On Tuesday 18 November 2014 at 6:15:57 PM, in mid:546b8cdd.5010...@riseup.net, Mirimir wrote: As long as messages were separately encrypted to each recipient, no third parties would be involved. For an email message with multiple recipients, I think most mail clients and OpenPGP encryption agents that I have looked at encrypt the message to all addressees at once. I only recall one combination that encrypted an individual copy for each addressee, and am not sure I correctly remember which it was. Right, it would be necessary to do it manually, or script it. And for mailing lists, Schleuder [0] encrypts the outgouing list messages to each recipient. The only third party involved is the list server, whic always exists on a discussion list. As I read that, recipients need to trust the list server's reports about senders' signatures. I'd rather decrypt and verify signatures myself, and not trust the list server ultimately. [0] https://schleuder2.nadir.org/documentation/v2.2/concept.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 11/18/2014 12:21 PM, NdK wrote: Il 18/11/2014 19:15, Mirimir ha scritto: What distinguishes a mail list from email with bcc? Software? Size? That you're sending to a *single* address that hides the others. As soon as a recipient replies, their address is no longer hidden. As long as messages were separately encrypted to each recipient, no third parties would be involved. But: 1) you should disclose the whole list of subscribed addresses (that's really valuable metadata -- not to say a dream for spammers!) Sorry, I wasn't clear. By saying bcc, I meant that each outgoing message would have just one recipient address. 2) you make mail headers and message size explode Not good, IMVHO... I'm not sure that I understand this point. BYtE, Diego. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-18 at 17:09, Robert J. Hansen wrote: Would this not at the same time make it simple for MUAs to discover that this message is not from anyone you say you know. Delete without reading? Sure, but that also destroys the email ecosystem. One of email's strongest points has been that no introduction is necessary to begin a conversation. This year I found myself re-engaging with a friend I lost touch with a decade ago, who found me on a mailing list and figured to drop an email and see if maybe I was the same Rob Hansen she knew from back when. If my MUA/MTA had hidden it from me just because there was no introduction, or urged me to delete it without reading... Could email as a platform survive the shift to introduction-based systems? Sure. But it would totally transform the email experience, and maybe in ways we wouldn't like. That's why I'm so skeptical of proposals to fix email in this way: we might fix email, but we might also kill it at the same time. It’s completely true. However Mark’s right when saying it could help to do it client-side: client-side, you can access *all* private (meta)data on user without any privacy problem, and use it to better detect what’s a spam, and actually that would be really useful (isn’t it really easy for you personally, who know yourself, to detect if something is a spam or a message really adressed to you?). As he said, contacts are useful. So yes, roughly filtering spam from not-yet-introduced friends lacks flexibility and destroy several email nice features. But we can do thiner: lower the score given with bayesian autostabilizating equations. Again, if it's provably from no one you say that you trust, the MUA could refuse to execute runnable content without explicit permission. (Which I say should be the normal and only setting for all content, but I know I'm a crank.) It already is. Double-click on an executable attachment and a window will pop up with a warning about how you should only run code from people you know and trust, click OK to cancel running this, click I know the risks to run it, etc. An awful lot of people click I know the risks. A longer text explaining “you giving this program the authorization to do what it wants with your data and configuration, including destroying, corrupting, stealing, spying, reveling anything”. But the true solution is this one: use only free software, software you’re sure you can check the sources. Even more: having build information, sources and binary signed cryptographically. Even more: being sure this binary is made with reproducible builds. Even more: everything of that available trough a censorship-resistant P2P filesharing system. He said that of all the outcomes he imagined for his Ph.D., he never dreamed that it would be that his research could be accurately summed up as, the technology works fine, it's *people* who are completely broken. Yeah, we need interdisciplinarism: a great part of work to change the world, added to technical progress, is education. It’s maybe *the* biggest and most important thing. Sometimes you don’t need to adapt to the society but adapt the society to you and people: “The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man.” — George Bernard Shaw signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
It’s completely true. However Mark’s right when saying it could help to do it client-side... No. Client-side, you get to inspect (fully) only your data, and you have to develop a statistical model of spam based on only your data. When Gmail filters, it inspects (fully) traffic to *millions* of users, and uses that to create a model no individual user can hope to match. Encrypting everything, even Aunt Edna's recipe for potato salad, means a significant step backwards in the spam fight. I love decentralized algorithms, but there's something to be said for a God's-eye perspective on the problem -- look at decentralized route discovery protocols versus Dijkstra's algorithm as an example. But the true solution is this one: use only free software, software you’re sure you can check the sources. Maybe one user in ten thousand has the skill to audit a nontrivial codebase. Free software is a good idea, but let's not pretend that normal users will realize a real benefit from being able to check their source code. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Le 19/11/2014 à 01h31, Robert J. Hansen a écrit : It’s completely true. However Mark’s right when saying it could help to do it client-side... No. Client-side, you get to inspect (fully) only your data, and you have to develop a statistical model of spam based on only your data. When Gmail filters, it inspects (fully) traffic to *millions* of users, and uses that to create a model no individual user can hope to match. You can do some stats on multiple persons using hashes, meshes, propagation and this kind of thing. Even better: you can do it F2F, and ponderate according distance in number of hops. See what try to do GNUnet. That’s way better than large, politically risky and impersonal large Google scans. Encrypting everything, even Aunt Edna's recipe for potato salad, means a significant step backwards in the spam fight. I love decentralized algorithms, but there's something to be said for a God's-eye perspective on the problem -- look at decentralized route discovery protocols versus Dijkstra's algorithm as an example. We have to make some sacrifices to get freedom. So yes it can and will be more complex to stop centralize. But it especially involves an other thinking model: not a big centralistic individual one, but a *collective* one, where you think “I have a thousand instance, how should each of these act so that the whole networks work respecting both Order and Anarchy?”. It’s a lot more complex, but also a lot more interesting, and potentially a lot more powerful. But the true solution is this one: use only free software, software you’re sure you can check the sources. Maybe one user in ten thousand has the skill to audit a nontrivial codebase. Free software is a good idea, but let's not pretend that normal users will realize a real benefit from being able to check their source code. One in ten thousand is enough. And anyway: that was the case too about written language some centuries ago. How could that not change? For instance a way greatest amount of Emacs users know several parts of its code source, and are able to inspect any part at any moment if needed. And the real benefit is in the *freedom to*, which has only to be express by the ability to do something, even if « everybody » doesn’t know how, a sparse minority is enough. That’s the concept of free software. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Encryption on Mailing lists sensless? (was: Re: GPG API: Open Crypto Engine)
Zitat von Werner Koch w...@gnupg.org: On Mon, 17 Nov 2014 13:33, n...@goodcrypto.com said: GoodCrypto warning: Anyone could have read this message. Use encryption, it works. That does not make any sense on a public mailling list. We write here for the public - it is non-encrypted for a purpose. scnr, ... Er, this is Nan's Signature for everything. Maybe he shoud ad the usual -- above. But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam Technical reasons, NOT to encrypt on a list server are another disussion. Best regards Matthias -- Matthias Mansfeld Elektronik * Leiterplattenlayout Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam This would have the ultimate effect of destroying email as a platform. Email works as well as it does -- as well as fails so miserably in other ways -- largely *because* it's open to inspection. As an example, pervasive end-to-end encryption would require antispam defenses to move to the client rather than being deployed at the mailserver or relay. This would essentially be tantamount to giving up, since there are no really effective client-side antispam measures. Similarly, it would assist in the spread of malware and viruses and for the same reasons. If a mailserver can't inspect the email, it can't recognize malware and quarantine it for the health of the internet. Etc., etc. I am fanatically in favor of people's right to protect the privacy of their communications, but there's a flipside to it: we also need to be responsible and prudent with how we do it. Simple, naive solutions like encrypt everything! aren't a fix: at best, they'll trade our current set of problems for a new set of problems which we'll have even less knowledge of how to handle. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless? (was: Re: GPG API: Open Crypto Engine)
Most of the technical reasons can be bypassed by making a single subscriber key (public and private) available as a part of the subscription process, but that eliminates most of the technical advantages of encryption, so it's really a moot point. On Nov 17, 2014 8:52 AM, Matthias Mansfeld m.mansf...@mansfeld-elektronik.de wrote: Zitat von Werner Koch w...@gnupg.org: On Mon, 17 Nov 2014 13:33, n...@goodcrypto.com said: GoodCrypto warning: Anyone could have read this message. Use encryption, it works. That does not make any sense on a public mailling list. We write here for the public - it is non-encrypted for a purpose. scnr, ... Er, this is Nan's Signature for everything. Maybe he shoud ad the usual -- above. But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam Technical reasons, NOT to encrypt on a list server are another disussion. Best regards Matthias -- Matthias Mansfeld Elektronik * Leiterplattenlayout Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8 Internet: http://www.mansfeld-elektronik.de GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On Mon, 17 Nov 2014 18:48, aarc...@aarcane.org said: Most of the technical reasons can be bypassed by making a single subscriber key (public and private) available as a part of the subscription process, And by that you would disrupt the open discussion and knowledge culture and return to an invitation only BBS network. The mailing lists are archived and indexed to spread knowledge and not to lock out most people. Private mailing lists are of course a different thing. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
I wouldn't say invite only. Contrarywise, when you send the subscribe email, in the immediate, automatic response would be the public and private key, optionally encrypted to the recipient. Open enrollment, public availability. Just making the data obfuscated in transit. On Nov 17, 2014 10:15 AM, Werner Koch w...@gnupg.org wrote: On Mon, 17 Nov 2014 18:48, aarc...@aarcane.org said: Most of the technical reasons can be bypassed by making a single subscriber key (public and private) available as a part of the subscription process, And by that you would disrupt the open discussion and knowledge culture and return to an invitation only BBS network. The mailing lists are archived and indexed to spread knowledge and not to lock out most people. Private mailing lists are of course a different thing. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Most of the technical reasons can be bypassed by making a single subscriber key (public and private) available as a part of the subscription process, but that eliminates most of the technical advantages of encryption, so it's really a moot point. It also means there's pretty much no point in keeping archives, because it's inevitable that the keys will become separated from the archives. And if the key is part of the archive, then what's the purpose of the crypto in the first place? Once, for my job, I had to look into the way the Roman Senate conducted its elections. I was able to find ballots that were over 1500 years old. It was pretty neat, and it changed my perspective on things like crypto. The crypto dream is that the confidentiality of our messages will be preserved for centuries after our death, which sounds really great up until you consider what an archaeologist circa 4000 AD is going to be thinking. I have a stack of records here that could shed light on the way people lived in a long-dead civilization, but I can't read them. Why? What were these people doing that they thought their email to their Aunt Edna needed to remain secret for all time? Why is it that, millennia after they're gone, Aunt Edna's recipe for potato salad has to be gone with them? Or think about your own kids, circa 2040 AD. I'd love to read these emails between Mom and Dad when they were courting, but ... they were afraid of Somebody-with-an-S reading their emails. I wonder if they ever thought that the Somebody might be their son, who wanted to understand after their deaths how it was these two people came to meet and fall in love. Historians called the early medieval period the Dark Ages not because the era was full of villainy and evil, but because record-keeping became so austere that we really don't know much of what happened for that period. Much like dark matter (matter, but we don't know anything about it, hence it's dark), dark energy (energy, but we don't know anything about it, hence it's dark), the Dark Ages are an era we know little about. We're living in a new Dark Age right now. Historians of the future are going to see human record-keeping basically end around 1960. Fewer records were printed out and more were put on digital media -- media that deteriorates much more quickly than paper, and depends on technology to read it, technologies which become obsolete and are discarded even faster than the media degrades. So when you hear people advocate crypto everywhere, always, for everything, ask yourself this: if they get what they want, what will it do to future generations' ability to make sense of our time? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 17-11-2014 17:10, Matthias Mansfeld wrote: But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam Makes spam filtering a lot harder. But if everyone on the list had to give a public key when signing up that would be possible. Perhaps it would give issues when someone can't get GnuPG to work and is asking for help. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
Hi Robert, This would have the ultimate effect of destroying email as a platform. . . antispam . . . malware I think you'll find this has been solved for years. The solution is PGP/etc. between mail servers, and TLS/SSL to the user. Solutions like GoodCrypto integrate with your existing mail server. Your antispam and antivirus work as always. The sysadmin simply configures the mail server to filter inbound mail for viruses, spam, etc. after it's been decrypted. End users don't have to change how they read/write email nor use any special plugins. TLS/SSL to their mail client keeps messages private within the group. no really effective client-side antispam measures Right. That's the sysadmin's job. An additional advantage of having MTA to MTA encryption is that many organizations need a record of all mail messages. Sometimes it's required by law. User-to-user encryption makes that record unreadable. This solution doesn't block experts who prefer user-to-user encryption, but an organization may object for the reasons that you gave, Robert. Nan GoodCrypto warning: Anyone could have read this message. Use encryption, it works. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
I think you'll find this has been solved for years. The solution is PGP/etc. between mail servers, and TLS/SSL to the user. Given that I've seen PGP-signed spam mails, no, I think you're being naive. Solutions like GoodCrypto integrate with your existing mail server. Then I don't want it. If you're running the mailserver and you can decrypt my secured messages, then there's nothing preventing the federal government from serving you with a subpoena saying, please hand over the encryption keys. The only person who can be trusted to do the decryption is the end user, running on hardware the end user directly controls. This solution doesn't block experts who prefer user-to-user encryption, but an organization may object for the reasons that you gave, Robert. I care very little about what happens to corporations. You're still talking about destroying the antispam experience of end-users. That's what I have the biggest problem with. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-17 at 19:49, Robert J. Hansen wrote: Most of the technical reasons can be bypassed by making a single subscriber key (public and private) available as a part of the subscription process, but that eliminates most of the technical advantages of encryption, so it's really a moot point. It also means there's pretty much no point in keeping archives, because it's inevitable that the keys will become separated from the archives. And if the key is part of the archive, then what's the purpose of the crypto in the first place? Once, for my job, I had to look into the way the Roman Senate conducted its elections. I was able to find ballots that were over 1500 years old. It was pretty neat, and it changed my perspective on things like crypto. The crypto dream is that the confidentiality of our messages will be preserved for centuries after our death, Well, no. The crypto dream is that powerful people will stop being able to retrieve lot of informations on why they exerce power on, and that these people will be able to inform and communicate in a decentralized, horizontal and autonomous manner wathever this autority wants. which sounds really great up until you consider what an archaeologist circa 4000 AD is going to be thinking. I have a stack of records here that could shed light on the way people lived in a long-dead civilization, but I can't read them. Why? What were these people doing that they thought their email to their Aunt Edna needed to remain secret for all time? Why is it that, millennia after they're gone, Aunt Edna's recipe for potato salad has to be gone with them? Then the question is not “Do we want to encrypt everything?”, but more precisely: “do we want to make everything *accessible*”. Actually imagine mail servers today, quite all encrypting everything with TLS. Not a problem, mails are still accessible. It just means it’s harder for ISPs (MITM is visible, and being visible means a great risk) to spy on people. If we make only some traffic encrypted they have at least the information of what is enough important to be hidden, when, where, by who, to who, for how long, etc. meta-data. Here we make cryptoanarchy and hide everything so that they don’t even have the information of what is to hide. But that doesn’t obligate us to make what is public public. We could imagine a web where everybody uses HTTPS: pages are still accessible to everybody. We could imagine bittorrent where almost all clients encrypt everything (hint: it’s already this way), and everything is still accessible. We could imagine Tor Hidden Services, and everything is still accessible. What’s not accessible anymore is metadata. Or think about your own kids, circa 2040 AD. I'd love to read these emails between Mom and Dad when they were courting, but ... they were afraid of Somebody-with-an-S reading their emails. I wonder if they ever thought that the Somebody might be their son, who wanted to understand after their deaths how it was these two people came to meet and fall in love. Then comes the problem of private messages, made to be private. First, future archeology is pointless argument between our security and our freedom, it sounds a lot more better like kind of an excuse. Second, a reccurent problem in cryptography is we know computers power and algorithms constantly evolves, and that what’s encrypted a way today is not guaranted to always be forever. What’s encrypted with DSA today will maybe be accessible within more time. Finally, information generally needs to be private only for a limited amount of times. If we have a message describing date and place for a dissidents reunion in a totalitarian state, once the reunion is over, the message doesn’t need to be private anymore, and could be “released”, if it’s for archival/archeology/history needs. Actually it would be something quite interesting for people to know in what kind of place reunions are planned (anyway a place should never be the same twice). Historians called the early medieval period the Dark Ages not because the era was full of villainy and evil, but because record-keeping became so austere that we really don't know much of what happened for that period. Because they had no efficient way to keep information in front of the quantity of information producible. The press solved this problem. We're living in a new Dark Age right now. Historians of the future are going to see human record-keeping basically end around 1960. They’re still accessible. And what’s saying you in the future all hard-disk will die at the same moment with no backup? It could be plausible if our civilization could break down just like others before and let others develop. The problem is: today we have a world-wide civilization, if this one break down, there will be no more civilization to study us. So we have absolutely no reasons to care. Fewer records were printed out and more were put on digital media -- media that
Re: Encryption on Mailing lists sensless?
Well, no. The crypto dream is that powerful people will stop being able to retrieve lot of informations on why they exerce power on, and that these people will be able to inform and communicate in a decentralized, horizontal and autonomous manner wathever this autority wants. Oh, please. If I take you seriously then I'm only concerned about people with power who wish to exert power over me. Nonsense. I'm concerned about *it's nobody's business but mine*. I don't need to subscribe to power-relations theory in order to believe privacy is a good idea; I just need to believe some things are nobody's business but mine. First, future archeology is pointless argument between our security and our freedom, it sounds a lot more better like kind of an excuse. I don't know what you're trying to say here. Second, a reccurent problem in cryptography is we know computers power and algorithms constantly evolves, and that what’s encrypted a way today is not guaranted to always be forever. What’s encrypted with DSA today will maybe be accessible within more time. We also know, quite precisely, the thermodynamic limits of computation. Power evolves, but is easy to account for. Mathematical understanding is harder to predict. Because they had no efficient way to keep information in front of the quantity of information producible. The press solved this problem. No, the printing press didn't solve the problem. Gutenberg invented the printing press in the 15th century, but we've got *great* records going back to the 11th century. And we've also got great records going back to ancient Egypt. It's only a few centuries after the collapse of Rome that are lost to history. They weren't lost for technological reasons: they were lost for human ones. They’re still accessible. And what’s saying you in the future all hard-disk will die at the same moment with no backup? Many magnetic tapes from the Viking program (a 1976 effort to put a probe on Mars) were put in storage for later processing. Around 2010, NASA finally got around to processing these tapes... only to discover the machines to read it no longer existed, no one knew what data format it was written in, and not one single person associated with the Viking program was still at NASA. Many of them were dead. It took an enormous amount of resources to reverse-engineer the format, rebuild/rehabilitate old tape machines, and pull the data off. If the data had been less important than this is stuff we pulled from *MARS*, the entire thing would've been written off as a sad case of knowledge being lost to the ages. In 1086, William the Conqueror ordered the whole of England be surveyed and every plot of land described. That text, the Domesday Book, is still around today. In 1986, to celebrate the 900th anniversary of the Domesday Book, the BBC put together a neat little computer package that was a modern updating of Domesday. Good luck finding it today, though. The UK National Museum of Computing in Milton Keynes is the only place I know of that still has working BBC-Domesday hardware. There have been a couple of attempts to take this project and salvage the data and programs, but so far it's been a big case of not enough money and not enough skilled volunteers. Some of it has been salvaged, but as a whole... no, and it's probably going to be lost to us. Every MLS/MLIS I know is having anxiety attacks over the subject of digital decay. This is a *huge* problem, and it's only getting worse. I doubt a paper newspaper can subsist more time than a hard disk. Walk into your local library sometime and ask to see their newspaper collection. You might be surprised. My local library has newspapers going back over a century. Can you explain in what future generations’ curiosity is more important than this generation’s freedom? This is just the fallacy of the zero-sum game, so I'm not even going to bother with it. I did not say, we should not ensure the privacy of our records. I said, we should consider what we are giving up when we demand eternal privacy. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Encryption on Mailing lists sensless?
On 2014-11-17 at 18:02, Robert J. Hansen wrote: But sorry, I disagree a little bit. If we want literally to jam the secret service's attempts to decrypt mails, then it makes sense to use encryption for every single mail, private, business, nonsense and spam This would have the ultimate effect of destroying email as a platform. Email works as well as it does -- as well as fails so miserably in other ways -- largely *because* it's open to inspection. Because today it works the way it works is not a reason to let it work that way forever whatever is context. As an example, pervasive end-to-end encryption would require antispam defenses to move to the client rather than being deployed at the mailserver or relay. This would essentially be tantamount to giving up, since there are no really effective client-side antispam measures. Internet is fundamentally superior to all other technic networks invented by mankind for this reason: moving intelligence to periphery, make work client-side, make things horizontal, decentralized everything, giving control on everything to everybody locally, making everybody able to do anything wathever others do. That’s what distinguish Internet from what existed in France before Internet : the minitel. The minitel is a dumb terminal only able to connect via phone-lines to a server, send input to server and display what server send back. It were popular when computers where too much expensive and nobody could have one. In the free software and decentralized/secure internet movement in France, we generally use the term “Minitel 2.0” to humorously speak about (and mock) GAFA and all ultra-centralized services where quite everything tends to be made server-side, where the client is just a dumb terminal controlling nothing and delegating everything to the server. Where the server can do anything. rms also denounced SaaSS as worse evil than proprietary software, and that’s true. Because with just proprietary software you can still cut the Internet (or even just its access to it), and even do reverse-engineering. With SaaSS, URSS and 1984 seem a happy pink poney world. The fact is that doing everything client-side, you can adapt everything even better than Google would do, because *you* control it. You could use spamassasin-like rules based on naive bayes filtering, and choose yourself what you identify as a spam, then choose to make a message more visible or not according its probability to be it. Then you could even make more category than just “vacation/viagra/enlarge-penises-like spam”, you could try to do the same thing about insulting messages, (death/rape)menaces messages, racist, sexist, homophobic, transphobic nationalist, classists messages (all containing some interesting common patterns, and it could even be useful on some mailing-lists, more practical than just banning people, could just prevent people to read messages that they could consider psychologically hurtful to them, while letting other trying to deal with some people’s annoying ideas). If that can work, you could even share score lists in a F2F manner, and ponder that according bonds, and then secure everything with cryptographic signature, and identify people with DHTs, etc. etc. Decentralizing you can do quite everything, and very very very very interesting things. Then with just complex maths, moderns DHT, etc. you can achieve quite spectacular things, avoiding issues like “Facebook has a considerable part of mankind population subscribed, is able to statistically determine if someone is homosexual even without him/her knowing it, and activally collaborate with especially intolerant authoritarian governments or agencies, especially if payed well” (yellow star seems pointless in front of that). Give a look to what GNUnet tries to do. Similarly, it would assist in the spread of malware and viruses and for the same reasons. If a mailserver can't inspect the email, it can't recognize malware and quarantine it for the health of the internet. Malware and viruses is the problem of client, only client, always client. If we have to make a less freedom-compatible internet because of client not doing its job, there’s a problem. As far as I know that especially regards proprietary systems. Etc., etc. I am fanatically in favor of people's right to protect the privacy of their communications, but there's a flipside to it: we also need to be responsible and prudent with how we do it. Simple, naive solutions like encrypt everything! aren't a fix: at best, they'll trade our current set of problems for a new set of problems which we'll have even less knowledge of how to handle. So instead of trying to make nice authorities known for their authoritarian interests and with a creepy background, you’ll try to just invent, and most of time just implement, new algorithms… One of these solutions seems more realist to me. signature.asc Description: PGP signature