Re: X.509 certificate overview + status

2009-03-03 Thread Peter Saint-Andre
Travis wrote: Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP, and OpenVPN services. Actually, I created my own CA for some of the certificates, and in other cases I used self-signed. plug BTW, we give away free certificates for XMPP services here: http://xmpp.org/ca/

Re: X.509 certificate overview + status

2009-03-03 Thread Werner Koch
On Mon, 2 Mar 2009 17:35, marcus.brinkm...@ruhr-uni-bochum.de said: Ubuntu comes with dumpasn1. There are also quite a few libraries. You may also import the certificate into GnuPG (gpgsm --import foo) and run gpgsm --dump-cert to get a human readable printout. Example: $ gpgsm --dump-cert

Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger
Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 12:26:32 -0500 Perry E. Metzger pe...@piermont.com wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Adam Fields
On Tue, Mar 03, 2009 at 12:26:32PM -0500, Perry E. Metzger wrote: Quoting: A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger
Adam Fields cryptography23094...@aquick.org writes: The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords, each of which unlocks a different version of the encrypted partition.

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Stephan Somogyi
At 13:08 -0500 03.03.2009, Adam Fields wrote: When compelled to give out your password Unless I'm misunderstanding the ruling, Boucher is not being compelled to produce his passphrase (like he could under RIPA Section 49 in the UK), but he is being told to produce the unencrypted contents

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Adam Fields
On Tue, Mar 03, 2009 at 01:20:22PM -0500, Perry E. Metzger wrote: Adam Fields cryptography23094...@aquick.org writes: The privacy issues are troubling, of course, but it would seem trivial to bypass this sort of compulsion by having the disk encryption software allow multiple passwords,

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger
Adam Fields cryptography23094...@aquick.org writes: Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of cleartext. You can't magically store 2N bytes in an N byte drive -- something has to give.

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Sampo Syreeni
On 2009-03-03, Stephan Somogyi wrote: There is a chasm of difference between being compelled to produce keys, which could be subsequently reused with other encrypted material, and being compelled to produce specific unencrypted data, which is much more narrowly scoped and therefore less

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread sbg
With regards to alternative runtime decryptions, recall ... http://people.csail.mit.edu/rivest/Chaffing.txt The claim is that the approach is neither encryption nor steganography. Cheers, Scott - The Cryptography Mailing List

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Steven M. Bellovin
On Tue, 03 Mar 2009 13:53:50 -0500 Perry E. Metzger pe...@piermont.com wrote: Adam Fields cryptography23094...@aquick.org writes: Well, it should be clear that any such scheme necessarily will produce encrypted partitions with less storage capacity than one with only one set of

Re: Activation protocol for car-stopping devices

2009-03-03 Thread John Gilmore
* Is there any standard cryptographic hash function with an output of about 64 bits? It's OK for our scenario if finding a preimage for a particular signature takes 5 days. Not if it takes 5 minutes. This is a protocol designed for nasty guys who want to steal your car, which would

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread James S. Tyre
At 02:45 PM 3/3/2009 -0500, Steven M. Bellovin wrote: On Tue, 03 Mar 2009 13:53:50 -0500 Perry E. Metzger pe...@piermont.com wrote: I'll repeat: the law is not like a computer program. Courts operate on reasonableness standards and such, not on literal interpretation of the law. If it is

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Ivan Krstić
On Mar 3, 2009, at 1:08 PM, Adam Fields wrote: Is there any disk encryption software for which this is common practice? In terms of fairly widely used software, yes, TrueCrypt offers hidden volumes: http://www.truecrypt.org/docs/?s=hidden-volume I asked the same original question on

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Ivan Krstić
On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote: If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting you in a cage. Why do you think it'd be obvious to you

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread Perry E. Metzger
Ivan Krstić krs...@solarsail.hcs.harvard.edu writes: On Mar 3, 2009, at 1:53 PM, Perry E. Metzger wrote: If it is obvious to you and me that a disk has multiple encrypted views, then you can't expect that a court will not be able to understand this and take appropriate action, like putting

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread RB
To more fully quote Adam's question: When compelled to give out your password, you give out the one that unlocks the partition full of kitten and puppy pictures, and who's to say that's not all there is on the drive? Is there any disk encryption software for which this is common practice?

Re: Judge orders defendant to decrypt PGP-protected laptop

2009-03-03 Thread John Gilmore
I would not read too much into this ruling -- I think that this is a special situation, and does not address the more important general issue. In other cases, where alternative evidence is not available to the government, and where government agents have not already had a look at the