Re: Hushmail in U.S. v. Tyler Stumbo
StealthMonger wrote: [snip] The larger truth is that a consequence of using Hushmail is that record of when, with whom, and the size of each communication is available to Hush, even though the content is concealed. So the obvious point is that Hushmail, and systems like it, become "concentrators" and possible single points of failure. If, on the other hand, you handled your own PKI to send symmetrical keys to your correspondents and managed the keys with something like StrongKey, then one could use a vast number of ISPs/SMTP points so that they may never get a clear path of send and reply through a single ISP. As Jon Callas said, "If the system is strong, it all comes down to your operational security." Security is not a thing, it is a process that uses tools and procedures to accomplish the goal. As I like to say, "Security is lot like democracy - everyone's for it but few understand that you have to work at it constantly." Best, Allen - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
ITU-T recommendations for X.509v3 certificates
I'm looking for a halfway self-contained set of ITU-T recommendations which are relevant for implementing X.509v3 certificates. The references in RFC 3280 appear to be incomplete; for instance, a reference for ASN.1 itself is missing. Or is it unreasonable to expect that the specs match what is actually needed for interoperability with existing implementations (mostly in the TLS, S/MIME area)? - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
What about deleting the private key periodically? Like issue one pgp sub-key per month, make sure it has expiry date etc appropriately, and the sending client will be smart enough to not use expired keys. Need support for that kind of thing in the PGP clients. Forgive the additional nag, but that is OpenPGP clients. PGP clients are my software. Mind you, I'm in favor of it, but (e.g.) Hushmail is not a PGP client. It has nothing to do with PGP Corporation. And hope your months key expires before the lawyers get to it. Companies have document retention policies for stuff like this... dictating that data with no current use be deleted within some time-period to avoid subpoenas reaching back too far. Well, we had some good news this weekend that RFC 4880, the updated RFC 2440 is finally published. The OpenPGP working group has other work it would like to do, including Perfect Forward Secrecy. Jon - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
forward-secrecy for email? (Re: Hushmail in U.S. v. Tyler Stumbo)
On Fri, Nov 02, 2007 at 06:23:30PM +0100, Ian G wrote: > I was involved in one case where super-secret stuff was shared > through hushmail, and was also dual encrypted with non-hushmail-PGP > for added security. In the end, the lawyers came in and scarfed up > the lot with subpoenas ... all the secrets were revealed to everyone > they should never have been revealed to. We don't have a crypto > tool for embarrassing secrets to fade away. What about deleting the private key periodically? Like issue one pgp sub-key per month, make sure it has expiry date etc appropriately, and the sending client will be smart enough to not use expired keys. Need support for that kind of thing in the PGP clients. And hope your months key expires before the lawyers get to it. Companies have document retention policies for stuff like this... dictating that data with no current use be deleted within some time-period to avoid subpoenas reaching back too far. Adam - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Hushmail in U.S. v. Tyler Stumbo
In previous cases of the government somehow magically gaining access to "securely encrypted" data, it eventually turned out that the government had compromised the target's machine and installed a key logger, or some other piece of software to record the relevant secret information. So far, I've seen no information ruling this kind of thing out. It's in the government's interest to keep its methodology as secret and mysterious as it can. A common mistake is looking at PGP or Hushmail or some other kind of secure mail system and saying "only I can read my my mail. Not even close to true: Unless you're doing all your decryption with a pencil and a piece of paper, it's your *computer* that can read your mail. And today's computers simply cannot be treated as trusted. None of which argues against alternative possible scenarios, such as the "turned" correspondent at the other end of the mail interchange. The fact is, we just don't know how this information was obtained. We *may* learn more as the result of discovery leading up to trial. It's generally difficult for the government to keep out of the record the methods they use to obtain evidence, as doing so will tend to taint the evidence and make it inadmissible. I'm sure there are plenty of lawyers looking closely at how to struture things to keep as many details hidden as possible, however. The fact that information came from a "confidential informant" has to be revealed, but the identify of that informant can generally be kept concealed. Someone will argue that the decrypted data plays the role of the "confidential informant" -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]