subject:"Encryption on Mailing lists sensless\?"

Hi Robert,

   Given that I've seen PGP-signed spam mails, no, I think you're being naive.

You use the same antispam/antivirus you use now. What people do today is a 
little complex, so I understand why it's not clear:

  your mail server - your crypto server (decrypts) - your mail server 
(antispam etc) - user (tls)

If you're running the mailserver and you can decrypt my secured messages, 
then there's 
nothing preventing the federal government from serving you with a subpoena 
saying, 
please hand over the encryption keys.

I agree. A third party should never handle the filtering of mail. If my email 
is n...@mygroup.org, then mygroup.org handles the encryption, decryption, spam 
filtering, etc.

The only person who can be trusted to do the decryption is the end user,
running on hardware the end user directly controls.

In an ideal world, yes. But after 20 years of recommending user-to-user 
encryption, it's clear most users can't or won't. As Bruce Schneier says, If 
there's anything PGP has taught us, it's that one click is one click too many. 
Experts can still encrypt any messages they want individually. We can't leave 
the rest of us unprotected.

I care very little about what happens to corporations. 

I agree again. I'm much more concerned about human rights groups and stopping 
mass surveillance.

You're still talking about destroying the antispam experience of end-users.

The group's mail server handles spam, viruses, etc., just like it does today. 
No change for the user.

Nan

GoodCrypto warning: Anyone could have read this message. Use encryption, it 
works.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Damien Goutte-Gattat

On 11/17/2014 09:30 PM, Nan wrote:
 I think you'll find this has been solved for years. The solution is
PGP/etc. between mail servers, and TLS/SSL to the user.

Why use PGP between mail servers? SSL/TLS can be used for that, too.
Actually, opportunistic server-to-server TLS is supported by many mail
server software, and is becoming more and common.

Using PGP for anything less than end-to-end encryption seems pointless
to me. Particularly if it distracts mail server administrators from
enabling server-to-server TLS, which we need anyway to protect the
metadata (headers) that are *not* encrypted by PGP.



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Ville Määttä

UX-designer-aproach to car design:

We need to remove break and clutch pedals from cars because our user studies 
say that a 3 pedal interface for driving an automobile is just way too 
difficult.

I say those who can’t be arsed to learn how, do not deserve a driver’s license. 
You let a child fail and try again until they learn… so on and so forth.

Some encryption software UI is too difficult, yes, some pretty much lack a UI. 
Fair enough. But the one click is one click too many” defeatist mentality is 
just wrong. It is not always the UI’s fault and sometimes you just have to say 
“make the user learn or make ‘em go away”. Yes, it’s a valid option.

PS: I work with UI and UX folks on software all the time. Yes, it might get a 
little heated sometimes :).

-- 
Ville

On 18 Nov 2014, at 11:43, Nan n...@goodcrypto.com wrote:

 In an ideal world, yes. But after 20 years of recommending user-to-user 
 encryption, it's clear most users can't or won't. As Bruce Schneier says, If 
 there's anything PGP has taught us, it's that one click is one click too 
 many. Experts can still encrypt any messages they want individually. We 
 can't leave the rest of us unprotected.



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


I agree. A third party should never handle the filtering of mail. If
my email is n...@mygroup.org, then mygroup.org handles the
encryption, decryption, spam filtering, etc.


A third party -- your mailserver administrator -- should never handle
the decryption or signing.  (There may be a couple of use cases where it
makes sense, but they're few and far between.)  All it takes is a
subpoena, and any citizen can file one of those.

It appears that you're selling a solution that involves giving a third
party access to your plaintext, all the while telling people that your
product will keep their communications secure.  I don't see how that can
be called anything other than snake oil.


I agree again. I'm much more concerned about human rights groups and
stopping mass surveillance.


So far you've --

* Made false claims that DSA is compromised
* Made false claims that NIST only minimally changed a compromised
  standard
* Advocated giving third-parties regular and routine access to
  plaintext

None of this is compatible with your claim that you're concerned about
human rights groups and stopping mass surveillance.

Please stop hyping snake oil.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

On 2014-11-18 at 10:43, Nan wrote:
 If you're running the mailserver and you can decrypt my secured messages, 
 then there's 
 nothing preventing the federal government from serving you with a subpoena 
 saying, 
 please hand over the encryption keys.

 I agree. A third party should never handle the filtering of mail. If
 my email is n...@mygroup.org, then mygroup.org handles the encryption,
 decryption, spam filtering, etc.

mygroup.org is a third party. mygroup.org is static. mygroup.org is a
different person than nan. mygroup.org can be corrupted, menaced or
cracked. nan will not know.

 The only person who can be trusted to do the decryption is the end user,
 running on hardware the end user directly controls.

 In an ideal world, yes. But after 20 years of recommending
 user-to-user encryption, it's clear most users can't or won't.

Context changes. 20 years ago fascism weren’t raising again at this
rate, petrol wasn’t at a decade of ending, and Snowden didn’t made his
revelations. It doesn’t mean it’s impossible but it means we were doing
it wrong. The GNUnet philosophy of “just prepare the change of roughly
everything, make all the simplest possible and do a lot of
philosophical/political education” seems the most utopic, but also the
more realist to me.

 As Bruce Schneier says, If there's anything PGP has taught us, it's
 that one click is one click too many. Experts can still encrypt any
 messages they want individually. We can't leave the rest of us
 unprotected.

Within MUA such as ClawsMail, Thunderbird, etc. you don’t need a click,
just a configuration. Within networks such as GNUnet you don’t need a
configuration, just a “registration”, “connection”, “installation”, or
wathever you call it. Your adress is your public key, on computer it can
be the nick associated in a signed entry within DHT possibly with a
vizhash, and physically it’s a QRCode. Nothing more simple. It’s
actually simpler that the current unencrypted internet.

And as it were said, to gain freedom sometimes you need an effort. If you 
consider
it pointless, you deserve to remain a slave.

 I care very little about what happens to corporations. 

 I agree again. I'm much more concerned about human rights groups and stopping 
 mass surveillance.

Making authority nice? Teaching people freedom is not utopic, making
authority nice and respectful is.

 You're still talking about destroying the antispam experience of end-users.

 The group's mail server handles spam, viruses, etc., just like it does today. 
 No change for the user.

Yes, no. any. change. Unfortunately.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Mark H. Wood

It's time to expose my ignorance again, hopefully to cure some of it.

On Mon, Nov 17, 2014 at 12:02:07PM -0500, Robert J. Hansen wrote:
  But sorry, I disagree a little bit. If we want literally to jam the
  secret service's attempts to decrypt mails, then it makes sense to use
  encryption for every single mail, private, business, nonsense and spam
 
 This would have the ultimate effect of destroying email as a platform. 
 Email works as well as it does -- as well as fails so miserably in other 
 ways -- largely *because* it's open to inspection.
 
 As an example, pervasive end-to-end encryption would require antispam 
 defenses to move to the client rather than being deployed at the 
 mailserver or relay.  This would essentially be tantamount to giving up, 
 since there are no really effective client-side antispam measures.

Would this not at the same time make it simple for MUAs to discover
that this message is not from anyone you say you know.  Delete
without reading?  Because to decrypt the SPAM, you need the public
key, which is identifiable.  Even if the spammers lie, well, it's from
no one you know, or it's verifiably *not* from who the sender claims
to be.

 Similarly, it would assist in the spread of malware and viruses and for 
 the same reasons.  If a mailserver can't inspect the email, it can't 
 recognize malware and quarantine it for the health of the internet.

Again, if it's provably from no one you say that you trust, the MUA
could refuse to execute runnable content without explicit permission.
(Which I say should be the normal and only setting for all content,
but I know I'm a crank.)

I can also say that, so far as I know, the principal effect of
MTA-based antivirus in my life is to prevent me consciously emailing
known innocuous code that I wrote to people who ask for it.  So I for
one wouldn't miss it.  That's selfish of me, of course.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

Alexandre, do you really believe that anyone could deserve to remain a slave?

Assuming you don't, I'll address your calmer points.

   mygroup.org can be corrupted, menaced or cracked.

Sure, a server is a single point of failure for the group, and must be 
carefully configured and protected. It's still much safer than hoping users 
will protect themselves.

   the change of roughly everything

I prefer solutions that protect as many people as possible now.

   ClawsMail, Thunderbird, etc.

People usually don't want to change mail clients.  Most have no idea how to 
configure crypto or manage keys.

Nan

GoodCrypto warning: Anyone could have read this message. Use encryption, it 
works.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


Would this not at the same time make it simple for MUAs to discover
that this message is not from anyone you say you know.  Delete
without reading?


Sure, but that also destroys the email ecosystem.  One of email's
strongest points has been that no introduction is necessary to begin a
conversation.  This year I found myself re-engaging with a friend I lost
touch with a decade ago, who found me on a mailing list and figured to
drop an email and see if maybe I was the same Rob Hansen she knew from
back when.  If my MUA/MTA had hidden it from me just because there was
no introduction, or urged me to delete it without reading...

Could email as a platform survive the shift to introduction-based
systems?  Sure.  But it would totally transform the email experience,
and maybe in ways we wouldn't like.  That's why I'm so skeptical of
proposals to fix email in this way: we might fix email, but we might
also kill it at the same time.


Again, if it's provably from no one you say that you trust, the MUA
could refuse to execute runnable content without explicit
permission. (Which I say should be the normal and only setting for
all content, but I know I'm a crank.)


It already is.  Double-click on an executable attachment and a window
will pop up with a warning about how you should only run code from
people you know and trust, click OK to cancel running this, click I
know the risks to run it, etc.

An awful lot of people click I know the risks.

I've told this story before, but it bears repeating --

During my grad school days I had a colleague named Peter Likarish.
Peter did some great work in using Bayesian statistics to detect
phishing sites.  Ultimately, he had an algorithm that could look at
webpage content and decide with 95% accuracy whether it was real or
phish-phood.  He packaged this up inside a Firefox extension: when you
browsed to a site and the plugin detected a phishing attempt, it would
put a narrow red stripe over the top of the screen saying, Warning:
this may be a phishing attempt!

He put it into human trials using the University's HCI (Human-Computer
Interactions) lab.  The results were dismal.  Post-experience interviews
revealed that people weren't looking at the top of the web page.  They
genuinely didn't notice a red stripe across the top of the screen.

So Peter went back to the drawing board and made a new interface.  Now,
the banner started off small, but there was a Click to dismiss button
on it.  Further, the banner would grow larger over time.  Peter knew
that the human eye is sensitive to motion: our eyes naturally are drawn
to things that change.  By making the banner grow larger, he figured he
could increase its visibility.

Back to the lab, and ... still dismal, soul-crushing results.  This
time, the overwhelming majority of the users confirmed they saw the
warning.  When Peter asked them why they chose to ignore it, the
majority said they thought it was just another Flash ad that was hyping
some fix your PC fast, now! solution.

I ran into Peter shortly after he finished his final day of human
trials.  He was normally a very cheerful guy, but this day he just
looked shattered.  I suggested we walk down to the nearest watering hole
and grab a beer, but he was too dejected.  He said that of all the
outcomes he imagined for his Ph.D., he never dreamed that it would be
that his research could be accurately summed up as, the technology
works fine, it's *people* who are completely broken.

Shortly after I left grad school Peter found a warning mechanism that
worked, incidentally.  It's a cute technology and one I really wish more
browsers would incorporate.  I don't have a URL for a PDF of the paper
handy, but the poster he presented at SOUPS 2009 is available online at:

https://cups.cs.cmu.edu/soups/2009/posters/p9-likarish.pdf


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

third party -- your mailserver administrator

The third party you don't trust is your own sysadmin. That person already has
access to the plain text messages right now. So does everyone tapping your
connections. We suggest that you limit that risk to the sysadmin you already
trust.

telling people that your product will keep their communications secure

Yes, we are. We suggest that GPG crypto is more secure than no crypto, and
better when it works for everyone in the group.

Experts can still encrypt their own messages. That approach has had 20 years to
work. Most people still don't encrypt mail at all.

Good encryption that is used is much better than encryption only used by an
elite.

Made false claims that DSA is compromised

I said was certainly compromised in the past. As you know, one source for DSA
flaws is the current ssh-keygen man page:

DSA keys must be exactly 1024 bits as specified by FIPS 186-2.

You apparently feel there is some explanation for exactly 1024 bits other
than the obvious one, that keys of that length are compromised. NIST changed
this spec later, but always kept DSA.

If you want another source, NSA themselves consider DSA, specifically ECDSA, to
be only Grade B security. With their usual misdirection, NSA calls it Suite
B. Red Hat explicitly says the NSA's Suite B is only good enough for most
classified information. See
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Release_Notes/bh-chap-security.html

Made false claims that NIST . . .

NIST has often changed specs as each compromise is discovered. Examples are
DES, DSA, and Elliptic Curve. A very recent discussion is from Keeping Secrets
-- STANFORD magazine
(https://medium.com/stanford-select/keeping-secrets-84a7697bf89f):

The agency has a second tactic to prevent the spread of cryptographic
techniques: keeping high-grade cryptography out of the national standards. To
make it easier for different commercial computer systems to interoperate, the
National Bureau of Standards (now called NIST) coordinates a semipublic process
to design standard cryptographic algorithms. ... The NSA's influence over the
standards process has been particularly effective at mitigating what it
perceived as the risks of nongovernmental cryptography. By keeping certain
cryptosystems out of the NBS/NIST standards, the NSA facilitated its mission of
eavesdropping on communications traffic.

I suggest you are more careful about your accuracy before you make accusations
of false claims, or use the nasty slur snake oil.

GoodCrypto warning: Anyone could have read this message. Use encryption, it
works.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Mirimir

What distinguishes a mail list from email with bcc? Software? Size?

As long as messages were separately encrypted to each recipient, no
third parties would be involved.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Kristian Fiskerstrand

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 11/18/2014 06:30 PM, Nan wrote:
 third party -- your mailserver administrator
 
 The third party you don't trust is your own sysadmin. That
 person already has access to the plain text messages right now. So
 does everyone tapping your connections. We suggest that you limit
 that risk to the sysadmin you already trust.
 

Any chance you can fix your client's handling of threading? You seem
to start a new top post on every reply.

- -- 
- 
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- 
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- 
Potius sero quam numquam
Better late then never
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJUa4cjAAoJEPw7F94F4TagNc4QAJ4tRHvHD/AmjG9ye1W1+3oS
IjRAzDgz+VKLYZzbVN7qmQzq3GzHIHZ3VIBOQPqurpSRdBl8R5ICB1cLTsgjBRhN
dsBid2KGRm7pRw/XmEmgmr0SQxppAJSeGWVNCqvSyfqmZ2gjN9pUYO8em8KhtpJP
Bz/k74ZgToQFodQrCuo8hooa+zgcC1J//juexu+GRWv36HF1tI3ynyuraDnS9smD
oEkEPqrAQCKdoonyfLv+R+XHaL0Rww95whCmXtfiFfZMZNJUl8LQBmDEJHiCe4YD
ZWIW+mcV6L9QQ7VRvRl+zg654OLb/QqWFkMhrkT4luKBbiJ4GphtET8Ivfvin5U5
uenQBUR9WHCQIxR+Nq2zf5TPW4MUlh60Up5ejnzCqLIOSD1DUwW2/JfisVHLLK+a
lQggVWUNqph0p+atT4zrbU+KsfR+j818C31x4D0XR/1OvXs7dXNF27Q4UUSm0k9s
GwuIX++wX5+/3nplxOK8SC3adY2BT3MfBxwfgMHNz1+wPiw752zC6WHAuZ9xdcZ3
u/kGJewMfkcsOoqILsO8iqOPYgziqUuhvEIyc8msWALAdrIe6p/zVZEXOhQVzkM1
mMm8FAAsIjac1wc/NM/6I9ZGfAxBlb4RDusDDtDLuntBbRiHn0E75Qm6bl73drTI
qZaVgdst11SNc2CtgxUy
=65X0
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

Thanks, Kristian. I will look into it.

GoodCrypto warning: Anyone could have read this message. Use encryption, it 
works.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Mark H. Wood

On Mon, Nov 17, 2014 at 01:49:01PM -0500, Robert J. Hansen wrote:
[snip]
 The crypto dream is that the confidentiality of our messages will be 
 preserved for centuries after our death, which sounds really great up 
 until you consider what an archaeologist circa 4000 AD is going to be 
 thinking.  I have a stack of records here that could shed light on the 
 way people lived in a long-dead civilization, but I can't read them. 
 Why?  What were these people doing that they thought their email to 
 their Aunt Edna needed to remain secret for all time?  Why is it that, 
 millennia after they're gone, Aunt Edna's recipe for potato salad has to 
 be gone with them?
 
 Or think about your own kids, circa 2040 AD.  I'd love to read these 
 emails between Mom and Dad when they were courting, but ... they were 
 afraid of Somebody-with-an-S reading their emails.  I wonder if they 
 ever thought that the Somebody might be their son, who wanted to 
 understand after their deaths how it was these two people came to meet 
 and fall in love.

This raises an interesting point.  If I bequeath my collected letters
to someone, how do I arrange the transmission of the necessary
passphrases as well?  I wonder if the lawyer who draws up my will
would even understand the question.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu


signature.asc
Description: Digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

 ClawsMail, Thunderbird, etc.

 People usually don't want to change mail clients.  Most have no idea
 how to configure crypto or manage keys.

They’re just the default and almost more used MUA. If you exclude
proprietary software and SaaSS (webmail). But asking for privacy using
proprietary services is a fallacy.

I mean, you can’t say “PGP/GNUnet/other-crypto-implementation is useless
to protect users, they use webmails” and say we fix the problem
wrong. Because there is *no way* they can get true privacy with only a
webmail. It would be ridiculous. When I said “deserve”, I said that you
can’t expect freedom when you’re putting on you your strings yourself.

PS: sorry for the two mails, I got confused.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

On 2014-11-18 16:34, Nan wrote:
 Alexandre, do you really believe that anyone could deserve to remain a 
 slave?

In the meaning “it’s normal/understandable/explainable to be a slave if
you want freedom without doing nothing to get it while other want you
not to be”, yes.

But all the importance of the meaning is in the “if” part. I think if
someone do nothing, or do anything anyway, it’s for a reason, or, to be
more precise, a cause, and I call this reason deserving freedom itself
an initial lack of freedom (of thought, if you want). So for me,
actually, “deserving” doesn’t exist, doesn’t have any true real meaning,
just as “merit”, “duty”, “pride”, “shame” (in their meaning, not their
objective existence as a sentiment) or “free will” (in its meaning
opposed to determinism).

 Assuming you don't, I'll address your calmer points.

 mygroup.org can be corrupted, menaced or cracked.

 Sure, a server is a single point of failure for the group, and must be
 carefully configured and protected.

From the point this server isn’t you, it’s never “protected” enough. You
could maybe protect *enough* (and only *enough*, never “perfectly”).

And that’s just about “cracking”, which is just a technical concern, not
the more important. Because menace and corruption still exist. You could
say you trust your provider… which is already really really really hard…
is your provider independent from thing such as money? corruption? power?

And even if it were, arguing that nodaways anybody could resist to
currently existing powers and authorities is a fallacy.

 It's still much safer than hoping users will protect themselves.

Not “hoping they will”, making so they will, because it’s the only way
to deal with. As I said everybody learned to read and it’s more
complicated than basic crypto usage. As I said systems rebuilt from
scratch upon these ideas can be much simpler than everything existing
before. And with context changing, need will come, and people, when
they need it, can adopt something really quickly, at least as fast as
they can.

 the change of roughly everything

 I prefer solutions that protect as many people as possible now.

I didn’t say all of that were incompatible ;) They’re short-term as
long-term solutions to things that need to change.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread NdK

Il 18/11/2014 19:15, Mirimir ha scritto:

 What distinguishes a mail list from email with bcc? Software? Size?
That you're sending to a *single* address that hides the others.

 As long as messages were separately encrypted to each recipient, no
 third parties would be involved.
But:
1) you should disclose the whole list of subscribed addresses (that's
really valuable metadata -- not to say a dream for spammers!)
2) you make mail headers and message size explode

Not good, IMVHO...

BYtE,
 Diego.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Matthias Mansfeld



Zitat von Mark H. Wood mw...@iupui.edu:

[...]

This raises an interesting point.  If I bequeath my collected letters
to someone, how do I arrange the transmission of the necessary
passphrases as well?  I wonder if the lawyer who draws up my will
would even understand the question.


If we want to leave our stuff to the archeologists, we can store our  
own mails unencrypted. So do I (just because it is easier for me AND  
because I can keep my computers - hopefully - safe with other measures).


If we want to jam the sniffers from the secret services,(I wrote about  
this motivastion in the very beginning of this discussion!) then it is  
totally enough just to encrypt the mails end to end on their way.


Regards
Matthias
--
Matthias Mansfeld Elektronik * Leiterplattenlayout
Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8
Internet: http://www.mansfeld-elektronik.de
GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


The third party you don't trust is your own sysadmin. That person
already has access to the plain text messages right now. So does
everyone tapping your connections. We suggest that you limit that
risk to the sysadmin you already trust.


You're introducing a single point of failure -- and a SPOF that's highly 
susceptible to coercion, at that.


You say you're opposed to widespread surveillance: this does *nothing* 
to address that.  The only people it will stop are the people who aren't 
smart enough to realize, You know, I could just get a subpoena.  Or 
the ones who think, You know, I could just plant malware on the 
sysadmin's computer and gain access to all their encrypted 
communications at once.  Or the ones who think...


I think that's exceptionally foolish.  Build systems that provide a 
measure of security against smart, dedicated attackers -- don't build 
systems that only provide it against childish ones.


This is not a solution.  This is a surrender.


Made false claims that DSA is compromised


I said was certainly compromised in the past. As you know, one
source for DSA flaws is the current ssh-keygen man page:

DSA keys must be exactly 1024 bits as specified by FIPS 186-2.

You apparently feel there is some explanation for exactly 1024 bits
other than the obvious one, that keys of that length are compromised.


You have not presented *any* evidence that 1024-bit keys are compromised.

For that matter, you haven't presented any evidence that you understand 
what a FIPS is.  A FIPS is a *Federal* Information Processing Standard. 
 It's not binding on private citizens.  All FIPS 186-x says is, if you 
want to use digital signatures with the United States Government, here 
is the digital signature scheme that we use.  FIPS specifies a standard 
for the USG to use, not one for private citizens to use.  Is it really 
so strange that a standards document would specify parameters for an 
algorithm?


For that matter, DSA has never been limited to any keysize, not even 
under the FIPS 186-2 regime.  DSA is the Elgamal signature scheme with a 
very slight algorithmic tweak to reduce one avenue of attack on it.  If 
a private citizen likes DSA but thinks it would be better with a 
8192-bit key, they're free to go for it.  It's just Elgamal, after all. 
 We know how to extend DSA arbitrarily.  We just don't, because there's 
really no point in it.


FIPS 186-2, which you're obsessing about, was released in January of 
2000.  In January of 2000, 1024-bit keys were expected to be safe for 
the next 20 years.  There has never been *any* credible hint that, in 
January of 2000, the belief was that Elgamal signature schemes of length 
1024 bits were suspect.  It was the standard signature scheme in use in 
GnuPG 1.0 and PGP 6.5.8, both of which date back to that era.


Find me a single peer-reviewed paper published in a reputable journal 
that says DSA-1024 is compromised.  (Joe Bob's Web Page of Crypto 
doesn't count.  Something like EUROCRYPT or Financial Cryptography does.)


One.

Just *one*.

Do that and I'll happily eat a whole steaming plate of crow, feathers 
and all.  But until then, I believe you're a dangerous charlatan.



If you want another source, NSA themselves consider DSA, specifically
ECDSA, to be only Grade B security. With their usual misdirection,
NSA calls it Suite B.


False.  See, e.g.:

https://www.nsa.gov/IA/Programs/suiteb_cryptography/

Browse around there and you'll find Suite B is certified for TS/SCI 
information.  Again: this is publicly available information that the 
authors want to be shared as broadly as possible.



Red Hat explicitly says the NSA's Suite B is
only good enough for most classified information.


False.  Let's quote the exact page, shall we?

[Suite B] serves as an interoperable cryptographic base for both 
unclassified information and most classified information.


It never says it's only good enough for most classified information.  It 
says it's used as an interoperable cryptographic base for most 
classified information.  Given the size of the USG, it wouldn't surprise 
me if there was a rotor machine still in use somewhere.  There's a lot 
of inertia there: bureaucracies don't change overnight, and the entire 
USG didn't switch to Suite B the moment the spec was published.



Made false claims that NIST . . .


NIST has often changed specs as each compromise is discovered.
Examples are DES...


With respect to DES, false.  DES was proposed to the National Bureau of 
Standards (NIST's predecessor) in 1976; it was published as a FIPS in 
1977, and was subjected to periodic five-year reviews in '83, '88, '93 
and '99.  No compromise has ever been discovered in DES; as of today, 
the best known method for breaking DES is brute force.



DSA...


You have not presented evidence for a single compromise against DSA. 
You point to a FIPS parameter specification and say the only reason 
this would happen is if it was compromised!, yet the civilian

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread MFPA

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi


On Tuesday 18 November 2014 at 6:15:57 PM, in
mid:546b8cdd.5010...@riseup.net, Mirimir wrote:


 As long as messages were separately encrypted to each
 recipient, no third parties would be involved.

For an email message with multiple recipients, I think most mail
clients and OpenPGP encryption agents that I have looked at encrypt
the message to all addressees at once. I only recall one combination
that encrypted an individual copy for each addressee, and am not sure
I correctly remember which it was.

And for mailing lists, Schleuder [0] encrypts the outgouing list
messages to each recipient. The only third party involved is the list
server, whic always exists on a discussion list.


[0] https://schleuder2.nadir.org/documentation/v2.2/concept.html

- --
Best regards

MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net

The One with The Answer is seldom asked The Question
-BEGIN PGP SIGNATURE-

iPQEAQEKAF4FAlRry5VXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pTJAEALZmeHPXUO7Gx9iWWHmviHoZ3sPkfLd3SPnl
llOvQkQB252LSZ4wIli1pg0VLDLX5NdNAN/ur+8c7BFxNMLq0n+5KHrHs15U87C6
yZ3QgYCUo0/bY0gLG4bDyWGqOWYk7STJNSIfxNosrnGb/baxIRkjUrNe7xfuDTmT
IiNiUxHkiQF8BAEBCgBmBQJUa8uVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRp
b25zLm9wZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZB
NUEwRjU2QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw/6MH/1JdX9qrmDa3x793
P2q9ZhCfkgjUnhdutGyilcU+ic0PmdP092vJiVIZW/ekXCwWx749u90idkEHa9lP
rwRNU1i/ASYTmV8CojKOyS8sABCwvgRbaPSvjC8fd126YwfVxbQ9kR2L3aHg2qHy
z3RnoLTEF0XjNkSdYXDF85eDVnis233RxrgB73nAcMIa0Mw2uh1vAv4QuP3qzqJM
sish4Ulie+VzldQh4WjHy+XG0XxxU5Tt3bCMNWHOiJo4XVmYgRLvsgefNkOTdFH5
/FkzDS85cTHykuOHNc2ZIeCggnie9nwtq3VfFrIN2O5EG2EsO3MdnMkomI3rJEug
VNEcX4I=
=daFX
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Mirimir

On 11/18/2014 03:43 PM, MFPA wrote:
 Hi
 
 
 On Tuesday 18 November 2014 at 6:15:57 PM, in
 mid:546b8cdd.5010...@riseup.net, Mirimir wrote:
 
 
 As long as messages were separately encrypted to each
 recipient, no third parties would be involved.
 
 For an email message with multiple recipients, I think most mail
 clients and OpenPGP encryption agents that I have looked at encrypt
 the message to all addressees at once. I only recall one combination
 that encrypted an individual copy for each addressee, and am not sure
 I correctly remember which it was.

Right, it would be necessary to do it manually, or script it.

 And for mailing lists, Schleuder [0] encrypts the outgouing list
 messages to each recipient. The only third party involved is the list
 server, whic always exists on a discussion list.

As I read that, recipients need to trust the list server's reports about
senders' signatures. I'd rather decrypt and verify signatures myself,
and not trust the list server ultimately.

 [0] https://schleuder2.nadir.org/documentation/v2.2/concept.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-18 Thread Mirimir

On 11/18/2014 12:21 PM, NdK wrote:
 Il 18/11/2014 19:15, Mirimir ha scritto:
 
 What distinguishes a mail list from email with bcc? Software? Size?
 That you're sending to a *single* address that hides the others.

As soon as a recipient replies, their address is no longer hidden.

 As long as messages were separately encrypted to each recipient, no
 third parties would be involved.
 But:
 1) you should disclose the whole list of subscribed addresses (that's
 really valuable metadata -- not to say a dream for spammers!)

Sorry, I wasn't clear. By saying bcc, I meant that each outgoing message
would have just one recipient address.

 2) you make mail headers and message size explode
 
 Not good, IMVHO...

I'm not sure that I understand this point.

 BYtE,
  Diego.
 
 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users
 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

On 2014-11-18 at 17:09, Robert J. Hansen wrote:
 Would this not at the same time make it simple for MUAs to discover
 that this message is not from anyone you say you know.  Delete
 without reading?

 Sure, but that also destroys the email ecosystem.  One of email's
 strongest points has been that no introduction is necessary to begin a
 conversation.  This year I found myself re-engaging with a friend I lost
 touch with a decade ago, who found me on a mailing list and figured to
 drop an email and see if maybe I was the same Rob Hansen she knew from
 back when.  If my MUA/MTA had hidden it from me just because there was
 no introduction, or urged me to delete it without reading...

 Could email as a platform survive the shift to introduction-based
 systems?  Sure.  But it would totally transform the email experience,
 and maybe in ways we wouldn't like.  That's why I'm so skeptical of
 proposals to fix email in this way: we might fix email, but we might
 also kill it at the same time.

It’s completely true. However Mark’s right when saying it could help to
do it client-side: client-side, you can access *all* private (meta)data
on user without any privacy problem, and use it to better detect what’s
a spam, and actually that would be really useful (isn’t it really easy
for you personally, who know yourself, to detect if something is a spam
or a message really adressed to you?).

As he said, contacts are useful. So yes, roughly filtering spam from
not-yet-introduced friends lacks flexibility and destroy several email
nice features. But we can do thiner: lower the score given with bayesian
autostabilizating equations.

 Again, if it's provably from no one you say that you trust, the MUA
 could refuse to execute runnable content without explicit
 permission. (Which I say should be the normal and only setting for
 all content, but I know I'm a crank.)

 It already is.  Double-click on an executable attachment and a window
 will pop up with a warning about how you should only run code from
 people you know and trust, click OK to cancel running this, click I
 know the risks to run it, etc.

 An awful lot of people click I know the risks.

A longer text explaining “you giving this program the authorization to
do what it wants with your data and configuration, including destroying,
corrupting, stealing, spying, reveling anything”.

But the true solution is this one: use only free software, software
you’re sure you can check the sources. Even more: having build
information, sources and binary signed cryptographically. Even more:
being sure this binary is made with reproducible builds. Even more:
everything of that available trough a censorship-resistant P2P
filesharing system.

 He said that of all the outcomes he imagined for his Ph.D., he never
 dreamed that it would be that his research could be accurately summed
 up as, the technology works fine, it's *people* who are completely
 broken.

Yeah, we need interdisciplinarism: a great part of work to change the
world, added to technical progress, is education. It’s maybe *the*
biggest and most important thing. Sometimes you don’t need to adapt to
the society but adapt the society to you and people:

“The reasonable man adapts himself to the world: the unreasonable one
persists in trying to adapt the world to himself. Therefore all progress
depends on the unreasonable man.” — George Bernard Shaw


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

 It’s completely true. However Mark’s right when saying it could help
 to do it client-side...

No.  Client-side, you get to inspect (fully) only your data, and you
have to develop a statistical model of spam based on only your data.
When Gmail filters, it inspects (fully) traffic to *millions* of users,
and uses that to create a model no individual user can hope to match.

Encrypting everything, even Aunt Edna's recipe for potato salad, means a
significant step backwards in the spam fight.  I love decentralized
algorithms, but there's something to be said for a God's-eye perspective
on the problem -- look at decentralized route discovery protocols versus
Dijkstra's algorithm as an example.

 But the true solution is this one: use only free software, software 
 you’re sure you can check the sources.

Maybe one user in ten thousand has the skill to audit a nontrivial
codebase.  Free software is a good idea, but let's not pretend that
normal users will realize a real benefit from being able to check their
source code.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

Le 19/11/2014 à 01h31, Robert J. Hansen a écrit :
 It’s completely true. However Mark’s right when saying it could help
 to do it client-side...

 No.  Client-side, you get to inspect (fully) only your data, and you
 have to develop a statistical model of spam based on only your data.
 When Gmail filters, it inspects (fully) traffic to *millions* of users,
 and uses that to create a model no individual user can hope to match.

You can do some stats on multiple persons using hashes, meshes,
propagation and this kind of thing. Even better: you can do it F2F, and
ponderate according distance in number of hops. See what try to do
GNUnet. That’s way better than large, politically risky and impersonal
large Google scans.

 Encrypting everything, even Aunt Edna's recipe for potato salad, means a
 significant step backwards in the spam fight.  I love decentralized
 algorithms, but there's something to be said for a God's-eye perspective
 on the problem -- look at decentralized route discovery protocols versus
 Dijkstra's algorithm as an example.

We have to make some sacrifices to get freedom. So yes it can and will
be more complex to stop centralize. But it especially involves an other
thinking model: not a big centralistic individual one, but a
*collective* one, where you think “I have a thousand instance, how
should each of these act so that the whole networks work respecting both
Order and Anarchy?”. It’s a lot more complex, but also a lot more
interesting, and potentially a lot more powerful.

 But the true solution is this one: use only free software, software 
 you’re sure you can check the sources.

 Maybe one user in ten thousand has the skill to audit a nontrivial
 codebase.  Free software is a good idea, but let's not pretend that
 normal users will realize a real benefit from being able to check their
 source code.

One in ten thousand is enough. And anyway: that was the case too about
written language some centuries ago. How could that not change? For
instance a way greatest amount of Emacs users know several parts of its
code source, and are able to inspect any part at any moment if needed.

And the real benefit is in the *freedom to*, which has only to be
express by the ability to do something, even if « everybody » doesn’t
know how, a sparse minority is enough. That’s the concept of free
software.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Encryption on Mailing lists sensless? (was: Re: GPG API: Open Crypto Engine)

2014-11-17 Thread Matthias Mansfeld


Zitat von Werner Koch w...@gnupg.org:


On Mon, 17 Nov 2014 13:33, n...@goodcrypto.com said:

GoodCrypto warning: Anyone could have read this message. Use  
encryption, it works.


That does not make any sense on a public mailling list.  We write here
for the public - it is non-encrypted for a purpose.

scnr,


... Er, this is Nan's Signature for everything. Maybe he shoud ad the  
usual -- above.


But sorry, I disagree a little bit. If we want literally to jam the  
secret service's attempts to decrypt mails, then it makes sense to use  
encryption for every single mail, private, business, nonsense and  
spam


Technical reasons, NOT to encrypt on a list server are another disussion.

Best regards
Matthias
--
Matthias Mansfeld Elektronik * Leiterplattenlayout
Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8
Internet: http://www.mansfeld-elektronik.de
GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


But sorry, I disagree a little bit. If we want literally to jam the
secret service's attempts to decrypt mails, then it makes sense to use
encryption for every single mail, private, business, nonsense and spam


This would have the ultimate effect of destroying email as a platform. 
Email works as well as it does -- as well as fails so miserably in other 
ways -- largely *because* it's open to inspection.


As an example, pervasive end-to-end encryption would require antispam 
defenses to move to the client rather than being deployed at the 
mailserver or relay.  This would essentially be tantamount to giving up, 
since there are no really effective client-side antispam measures.


Similarly, it would assist in the spread of malware and viruses and for 
the same reasons.  If a mailserver can't inspect the email, it can't 
recognize malware and quarantine it for the health of the internet.


Etc., etc.  I am fanatically in favor of people's right to protect the 
privacy of their communications, but there's a flipside to it: we also 
need to be responsible and prudent with how we do it.  Simple, naive 
solutions like encrypt everything! aren't a fix: at best, they'll 
trade our current set of problems for a new set of problems which we'll 
have even less knowledge of how to handle.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless? (was: Re: GPG API: Open Crypto Engine)

2014-11-17 Thread Schlacta, Christ

Most of the technical reasons can be bypassed by making a single subscriber
key (public and private) available as a part of the subscription process,
but that eliminates most of the technical advantages of encryption, so it's
really a moot point.
On Nov 17, 2014 8:52 AM, Matthias Mansfeld 
m.mansf...@mansfeld-elektronik.de wrote:

 Zitat von Werner Koch w...@gnupg.org:

  On Mon, 17 Nov 2014 13:33, n...@goodcrypto.com said:

  GoodCrypto warning: Anyone could have read this message. Use encryption,
 it works.


 That does not make any sense on a public mailling list.  We write here
 for the public - it is non-encrypted for a purpose.

 scnr,


 ... Er, this is Nan's Signature for everything. Maybe he shoud ad the
 usual -- above.

 But sorry, I disagree a little bit. If we want literally to jam the secret
 service's attempts to decrypt mails, then it makes sense to use encryption
 for every single mail, private, business, nonsense and spam

 Technical reasons, NOT to encrypt on a list server are another disussion.

 Best regards
 Matthias
 --
 Matthias Mansfeld Elektronik * Leiterplattenlayout
 Neithardtstr. 3, 85540 Haar; Tel.: 089/4620 093-7, Fax: -8
 Internet: http://www.mansfeld-elektronik.de
 GPG http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc


 ___
 Gnupg-users mailing list
 Gnupg-users@gnupg.org
 http://lists.gnupg.org/mailman/listinfo/gnupg-users

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-17 Thread Werner Koch

On Mon, 17 Nov 2014 18:48, aarc...@aarcane.org said:
 Most of the technical reasons can be bypassed by making a single subscriber
 key (public and private) available as a part of the subscription process,

And by that you would disrupt the open discussion and knowledge culture
and return to an invitation only BBS network.  The mailing lists are
archived and indexed to spread knowledge and not to lock out most
people.

Private mailing lists are of course a different thing.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-17 Thread Schlacta, Christ

I wouldn't say invite only. Contrarywise, when you send the subscribe
email, in the immediate, automatic response would be the public and private
key, optionally encrypted to the recipient. Open enrollment, public
availability. Just making the data obfuscated in transit.
On Nov 17, 2014 10:15 AM, Werner Koch w...@gnupg.org wrote:

 On Mon, 17 Nov 2014 18:48, aarc...@aarcane.org said:
  Most of the technical reasons can be bypassed by making a single
 subscriber
  key (public and private) available as a part of the subscription process,

 And by that you would disrupt the open discussion and knowledge culture
 and return to an invitation only BBS network.  The mailing lists are
 archived and indexed to spread knowledge and not to lock out most
 people.

 Private mailing lists are of course a different thing.


 Salam-Shalom,

Werner

 --
 Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


Most of the technical reasons can be bypassed by making a single
subscriber key (public and private) available as a part of the
subscription process, but that eliminates most of the technical
advantages of encryption, so it's really a moot point.


It also means there's pretty much no point in keeping archives, because 
it's inevitable that the keys will become separated from the archives. 
And if the key is part of the archive, then what's the purpose of the 
crypto in the first place?


Once, for my job, I had to look into the way the Roman Senate conducted 
its elections.  I was able to find ballots that were over 1500 years 
old.  It was pretty neat, and it changed my perspective on things like 
crypto.


The crypto dream is that the confidentiality of our messages will be 
preserved for centuries after our death, which sounds really great up 
until you consider what an archaeologist circa 4000 AD is going to be 
thinking.  I have a stack of records here that could shed light on the 
way people lived in a long-dead civilization, but I can't read them. 
Why?  What were these people doing that they thought their email to 
their Aunt Edna needed to remain secret for all time?  Why is it that, 
millennia after they're gone, Aunt Edna's recipe for potato salad has to 
be gone with them?


Or think about your own kids, circa 2040 AD.  I'd love to read these 
emails between Mom and Dad when they were courting, but ... they were 
afraid of Somebody-with-an-S reading their emails.  I wonder if they 
ever thought that the Somebody might be their son, who wanted to 
understand after their deaths how it was these two people came to meet 
and fall in love.


Historians called the early medieval period the Dark Ages not because 
the era was full of villainy and evil, but because record-keeping became 
so austere that we really don't know much of what happened for that 
period.  Much like dark matter (matter, but we don't know anything about 
it, hence it's dark), dark energy (energy, but we don't know anything 
about it, hence it's dark), the Dark Ages are an era we know little about.


We're living in a new Dark Age right now.  Historians of the future are 
going to see human record-keeping basically end around 1960.  Fewer 
records were printed out and more were put on digital media -- media 
that deteriorates much more quickly than paper, and depends on 
technology to read it, technologies which become obsolete and are 
discarded even faster than the media degrades.


So when you hear people advocate crypto everywhere, always, for 
everything, ask yourself this: if they get what they want, what will it 
do to future generations' ability to make sense of our time?


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-17 Thread Johan Wevers

On 17-11-2014 17:10, Matthias Mansfeld wrote:

 But sorry, I disagree a little bit. If we want literally to jam the
 secret service's attempts to decrypt mails, then it makes sense to use
 encryption for every single mail, private, business, nonsense and spam

Makes spam filtering a lot harder. But if everyone on the list had to
give a public key when signing up that would be possible.

Perhaps it would give issues when someone can't get GnuPG to work and is
asking for help.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-17 Thread Nan

Hi Robert,

 This would have the ultimate effect of destroying email as a platform. . . 
 antispam . . . malware

I think you'll find this has been solved for years. The solution is PGP/etc. 
between mail servers, and TLS/SSL to the user.

Solutions like GoodCrypto integrate with your existing mail server. Your 
antispam and antivirus work as always. The sysadmin simply configures the mail 
server to filter inbound mail for viruses, spam, etc. after it's been 
decrypted. End users don't have to change how they read/write email nor use any 
special plugins.  TLS/SSL to their mail client keeps messages private within 
the group.

 no really effective client-side antispam measures

Right. That's the sysadmin's job.

An additional advantage of having MTA to MTA encryption is that many 
organizations need a record of all mail messages. Sometimes it's required by 
law. User-to-user encryption makes that record unreadable.

This solution doesn't block experts who prefer user-to-user encryption, but an 
organization may object for the reasons that you gave, Robert.

Nan

GoodCrypto warning: Anyone could have read this message. Use encryption, it 
works.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?


I think you'll find this has been solved for years. The solution is
PGP/etc. between mail servers, and TLS/SSL to the user.


Given that I've seen PGP-signed spam mails, no, I think you're being naive.


Solutions like GoodCrypto integrate with your existing mail server.


Then I don't want it.  If you're running the mailserver and you can 
decrypt my secured messages, then there's nothing preventing the federal 
government from serving you with a subpoena saying, please hand over 
the encryption keys.


The only person who can be trusted to do the decryption is the end user, 
running on hardware the end user directly controls.



This solution doesn't block experts who prefer user-to-user
encryption, but an organization may object for the reasons that you
gave, Robert.


I care very little about what happens to corporations.  You're still 
talking about destroying the antispam experience of end-users.  That's 
what I have the biggest problem with.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Encryption on Mailing lists sensless?

2014-11-17 Thread Garreau, Alexandre

On 2014-11-17 at 19:49, Robert J. Hansen wrote:
 Most of the technical reasons can be bypassed by making a single
 subscriber key (public and private) available as a part of the
 subscription process, but that eliminates most of the technical
 advantages of encryption, so it's really a moot point.

 It also means there's pretty much no point in keeping archives,
 because it's inevitable that the keys will become separated from the
 archives. And if the key is part of the archive, then what's the
 purpose of the crypto in the first place?

 Once, for my job, I had to look into the way the Roman Senate
 conducted its elections.  I was able to find ballots that were over
 1500 years old.  It was pretty neat, and it changed my perspective on
 things like crypto.

 The crypto dream is that the confidentiality of our messages will be
 preserved for centuries after our death,

Well, no. The crypto dream is that powerful people will stop being able
to retrieve lot of informations on why they exerce power on, and that
these people will be able to inform and communicate in a decentralized,
horizontal and autonomous manner wathever this autority wants.

 which sounds really great up until you consider what an archaeologist
 circa 4000 AD is going to be thinking.  I have a stack of records
 here that could shed light on the way people lived in a long-dead
 civilization, but I can't read them. Why?  What were these people
 doing that they thought their email to their Aunt Edna needed to
 remain secret for all time?  Why is it that, millennia after they're
 gone, Aunt Edna's recipe for potato salad has to be gone with them?

Then the question is not “Do we want to encrypt everything?”, but more
precisely: “do we want to make everything *accessible*”. Actually
imagine mail servers today, quite all encrypting everything with
TLS. Not a problem, mails are still accessible. It just means it’s
harder for ISPs (MITM is visible, and being visible means a great risk)
to spy on people. If we make only some traffic encrypted they have at
least the information of what is enough important to be hidden, when,
where, by who, to who, for how long, etc. meta-data. Here we make
cryptoanarchy and hide everything so that they don’t even have the
information of what is to hide.

But that doesn’t obligate us to make what is public public. We could
imagine a web where everybody uses HTTPS: pages are still accessible to
everybody. We could imagine bittorrent where almost all clients encrypt
everything (hint: it’s already this way), and everything is still
accessible. We could imagine Tor Hidden Services, and everything is
still accessible. What’s not accessible anymore is metadata.

 Or think about your own kids, circa 2040 AD.  I'd love to read these
 emails between Mom and Dad when they were courting, but ... they were
 afraid of Somebody-with-an-S reading their emails.  I wonder if they
 ever thought that the Somebody might be their son, who wanted to
 understand after their deaths how it was these two people came to meet
 and fall in love.

Then comes the problem of private messages, made to be private.

First, future archeology is pointless argument between our security and
our freedom, it sounds a lot more better like kind of an excuse.

Second, a reccurent problem in cryptography is we know computers power
and algorithms constantly evolves, and that what’s encrypted a way today
is not guaranted to always be forever. What’s encrypted with DSA today
will maybe be accessible within more time.

Finally, information generally needs to be private only for a limited
amount of times. If we have a message describing date and place for a
dissidents reunion in a totalitarian state, once the reunion is over,
the message doesn’t need to be private anymore, and could be “released”,
if it’s for archival/archeology/history needs. Actually it would be
something quite interesting for people to know in what kind of place
reunions are planned (anyway a place should never be the same twice).

 Historians called the early medieval period the Dark Ages not
 because the era was full of villainy and evil, but because
 record-keeping became so austere that we really don't know much of
 what happened for that period.

Because they had no efficient way to keep information in front of the
quantity of information producible. The press solved this problem.

 We're living in a new Dark Age right now.  Historians of the future
 are going to see human record-keeping basically end around 1960.

They’re still accessible. And what’s saying you in the future all
hard-disk will die at the same moment with no backup?

It could be plausible if our civilization could break down just like
others before and let others develop. The problem is: today we have a
world-wide civilization, if this one break down, there will be no more
civilization to study us. So we have absolutely no reasons to care.

 Fewer records were printed out and more were put on digital media --
 media that

Re: Encryption on Mailing lists sensless?