Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > The DHT model says that millions of Raspberry Pi's and thumb drives together > implement > this immense database. But since a DHT, by design, scatters the data around > the network > at random, *my* thumb drive is full of information that I will never need - > all the > information *I* need is out there, somewhere - where, based on the research > we've been > discussing, I have no secure way to get at it. Why would I buy into such a > design? Doesn't > it make much more sense for me to store the information relevant to me? When we designed PNRP, I was pretty adamant to avoid this business of storing other people's data. We assumed that your data would be stored locally. The cost is a bit of added synchronization cost, effectively scaling as the number of records that have to be published. But if you are looking at a P2P name server type application, there are very few such records. Basically, the less nodes rely on strangers, the better. - -- Christian Huitema -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSHYReAAoJELba05IUOHVQuJsH/2W+6CLtc+IRjH/7ufNhlIx8 F8H30+vt3D1QxikluwKkzBB3HVxSiZL1N1z5z63Vvi9a+nIzuJPX8xNJf27tvvp7 gcHQqTz3J/Ffa2pX0fjtr83bpfBg+x27b7T4gBdbuN1KZ3sesQaHXWurCV2bz3Nb 9IDn2PYBOna+FXM/fMA8cpvElb+C6rEDvO0hcW1CVIxutt3yLICR3rAnyzhFQSUP 7MbnOZ7iSXRrmgvY3ukmI+OsAf9iOEavxdmgMYJJj1istyg1PMHcFH3MPoxggrfl 9ESTc1wiiZYsVF3r0SXf0DI08J8z7RXzJ/0WY9PUGgxQ49CEYgsq9ZSpUUfEm7Y= =4LGc -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Suppose, as in Bitcoin, my email address *is* my public key You can even use some hash compression tricks so you only need 9 or 10 characters to express the address as hash of the public key. That works very well, until you have to change the public key. - -- Christian Huitema -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (MingW32) Comment: Using gpg4o v3.1.107.3564 - http://www.gpg4o.de/ Charset: utf-8 iQEcBAEBAgAGBQJSHYUrAAoJELba05IUOHVQkb0H/ixGQK+kLx+SYp1FRJB5UF/Y lEfP8UGt+FVUweq3N0OWG7JB4HJzg14+tLbYjpkq6tJdJJPdoyDUVX9NgNvHRwl0 ELB3xhpXtXUg1YbM+IPrGVHDJUp6oBMnM4LEjnT5UP9kSW3yrkm9tu7k3bo9Xq/i gShIWOZcWVCxsY4WI/RetfXvLI/xZQwczxBzmTcSfB8w7khvpyr98VW5PMeX6Uu1 VBEN4dZiUIjKvhN0HMGMZtDrfbWeXIvGYkA5OjTeAGDExt5C+nvB3BCb87pGf8NJ nTrRgLNJjU6hpD7giPD0SgLOe9uye5DXrUyOwSmHGCgqZjj/P07+i/nyJczwZ48= =iZk1 -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman" > wrote: >> On 08/27/2013 18:34, ianG wrote: >>> Why do we need the 1980s assumption of being able to send freely >>> to everyone, anyway? >> >> It's clear you're not a journalist or working in any other >> profession where you actually need to be able to communicate >> spontaneously with strangers. > > Of course, as a reporter, you are probably getting email addresses of > people to talk to via referral, and that could be used to get past the > barrier. The problem of people spontaneously contacting a published > address is harder. Actually, it isn't, or shouldn't be. Email addresses were originally things you typed into a terminal. They had to be short, memorable, and easy to type. "Published" meant "printed on paper", which implied typing the thing back in. But none of that matters much any more. "Publication" is usually on-line, so contact addresses can be arbitrary links. When we meet in person, we can exchange large numbers of bits between our smartphones. Hell, even a business card can easily have a QR code on the back. Suppose, as in Bitcoin, my email address *is* my public key. If you wanted to send me email, you'd have a routing problem - but I could even give you hints: My address would be leich...@lrw.com:. You can try there first, or you can look up my public key in some global dictionary. An attacker could get your mail to me to go to them, but they can't read it - you already know my public key, so only *I* can read it. The only attack they can mount is a denial of service. I can have any number of public keys, and all published routes to me may go through a mix - so I can minimize metadata leakage. The assumption that "initial contact information" has to be something human-processable creates the whole "how do I securely map contact information to a key" problem. Flip it around and that problem vanishes. -- Jerry > > I don't claim to have all the answers, but experimentation will > probably tell us a lot more than simply thinking in the abstract. > > -- > Perry E. Metzger pe...@piermont.com > ___ > The cryptography mailing list > cryptography@metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On Tue, Aug 27, 2013 at 10:18 PM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 19:57:30 -0600 Peter Saint-Andre > wrote: > > On 8/27/13 7:47 PM, Jonathan Thornburg wrote: > > > On Tue, 27 Aug 2013, Perry E. Metzger wrote: > > >> Say that you want to distribute a database table consisting of > > >> human readable IDs, cryptographic keys and network endpoints for > > >> some reason. Say you want it to scale to hundreds of millions of > > >> users. > > > > > > This sounds remarkably like a description of DNSSEC. > > > > > > Assuming it were widely deployed, would > > > DNSSEC-for-key-distribution be a reasonable way to store > > > email_address --> public_key > > > mappings? > > > > You mean something like this (email address --> OTR key)? > > > > https://datatracker.ietf.org/doc/draft-wouters-dane-otrfp/ > > My problem with the use of DNSSEC for such things is the barrier to > entry. It requires that a systems administrator for the domain your > email address is in cooperate with you. This has even slowed DNSSEC > deployment itself. > How about the fact that the US govt de facto controls the organization controlling the root key and it is a single rooted hierarchy of trust? But in general, the DNS is an infrastructure for making assertions about hosts and services. It is not a good place for assertions about users or accounts. So it is a good place to dump DANE records for your STARTTLS certs but not for S/MIME certs. > It is, of course, clearly the "correct" way to do such things, but > trying to do things architecturally correctly sometimes results in > solutions that don't deploy. > > I prefer solutions that require little or no buy in from anyone other > than yourself. One reason SSH deployed so quickly was it needed no > infrastructure -- if you controlled a single server, you could log in > to it with SSH and no one needed to give you permission. > > This is a guiding principle in the architectures I'm now considering. I very much agree that deployment is all. One thing I would like to do is to separate the email client from the crypto decision making even if this is just a temporary measure for testbed purposes. I don't want to hack plugs into a dozen email clients for a dozen experiments and have to re-hack them for every architectural tweak. -- Website: http://hallambaker.com/ ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On Aug 27, 2013, at 9:41 PM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 21:13:59 -0400 Jerry Leichter > wrote: >> I wonder if much of the work on secure DHT's and such is based on >> bad assumptions. A DHT is just a key/value mapping. There are two >> reasons to want to distribute such a thing: To deal with high, >> distributed load; and because it's too large to store on any one >> node. > > You've forgotten other reasons. One might want to avoid a single > point of failure. And yet DHT's have completely failed at doing this. > One might also want to avoid having any central > organization responsible for running a database so that it cannot be > shut down by an adversary without shutting down thousands or millions > of nodes. Redundancy and validation of updates are issues separable from the implementation of the map and, in particular, from routing. DHT's try to combine all four and, as we've seen, fail. Just because it's possible to actually store the contents of a DHT in a single big database doesn't mean you'd actually want to do it that way. I'm suggesting that you start with the idealization of a single, secure database, then make the modifications needed to actually attain the necessary properties in the face of high distributed QPS, random failures, and a variety of attacks. >> I contend that the second has become a non-problem. > > That is untrue. > > Say that you want to distribute a database table consisting of human > readable IDs, cryptographic keys and network endpoints for some > reason. Say you want it to scale to hundreds of millions of users. A > quick back of the envelope shows that no home user's little ARM based > gateway machine is going to want to handle storing the entire database > or handling the entire update traffic volume -- the latter alone > might swamp someone even with quite reasonable connectivity. Why in the world would you want to put the information for even a million users on such a server. This would be a server that exists to provide services to at most a few 10's of people - probably fewer. How many users will they, personally, ever contact it their collective lifetimes? This is an ideal application for local caching of relevant information from the global database stored "somewhere else". It might well, transparently, also contain mapping information that its own users received "out of band" and want to use - but have no reason to share globally. > >> Even at the high end, what's today a fairly small, moderately >> powered system can handle this much data with no problems. > > I don't think so. Lets say you have a few hundred bytes per entry and > a billion users. That's hundreds of gigabytes, far more than you can > store on a thumb drive and an appreciable fraction even of today's > hard drives. Furthermore, say that 1% of the entries update per day > -- even at that low rate, you're going to swamp lots of people's > internet transfer quotas. Again, why would individuals want to store that much data? The DHT model says that millions of Raspberry Pi's and thumb drives together implement this immense database. But since a DHT, by design, scatters the data around the network at random, *my* thumb drive is full of information that I will never need - all the information *I* need is out there, somewhere - where, based on the research we've been discussing, I have no secure way to get at it. Why would I buy into such a design? Doesn't it make much more sense for me to store the information relevant to me? It's not as if this isn't a design we have that we know works: DNS. Yes, DNS, even the "secure" versions, have security issues. But then so do DHT's, so they are hardly an improvement. And many of DNS's problems have to do with the assumption of a single hierarchy with, as a result, a small number of "extremely trusted" nodes up at the top. That's a problem that can be attacked. -- Jerry > > Perry > -- > Perry E. Metzger pe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
[Cryptography] Unsubscribe
Unsubscribe ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Wed, 28 Aug 2013 03:04:25 +0100 "Wendy M. Grossman" wrote: > On 08/28/2013 02:48, Perry E. Metzger wrote: > > Of course, as a reporter, you are probably getting email > > addresses of people to talk to via referral, and that could be > > used to get past the barrier. The problem of people spontaneously > > contacting a published address is harder. > > I do the latter a lot. I think all journalists do, except the very > lazy ones. :) Again, I don't have excellent answers at the moment. I think SMTP is likely to survive for quite some time, and that is probably the solution to the out-of-the-blue contact problem at the moment, but it does not solve the out-of-the-blue traffic analysis free contact problem. (Rendering SMTP immune to traffic analysis results in infinite spam -- the spam fighting we have sort of depends on reliable endpoint identification.) Presumably, people in your position may have to live with that until we come up with something better. Meanwhile, I would like to see most other messaging move to something more overall defensible in the near term. Unfortunately, that might have the effect of eroding the urgency with which people treat their SMTP mail. Experimentation is probably the only way to figure all this out -- we're not going to hit on a perfect design a priori. Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On 08/28/2013 02:48, Perry E. Metzger wrote: > Of course, as a reporter, you are probably getting email addresses of > people to talk to via referral, and that could be used to get past the > barrier. The problem of people spontaneously contacting a published > address is harder. I do the latter a lot. I think all journalists do, except the very lazy ones. :) wg -- www.pelicancrossing.net <-- all about me Twitter: @wendyg ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On 8/27/13 7:47 PM, Jonathan Thornburg wrote: > On Tue, 27 Aug 2013, Perry E. Metzger wrote: >> Say that you want to distribute a database table consisting of human >> readable IDs, cryptographic keys and network endpoints for some >> reason. Say you want it to scale to hundreds of millions of users. > > This sounds remarkably like a description of DNSSEC. > > Assuming it were widely deployed, would DNSSEC-for-key-distribution > be a reasonable way to store > email_address --> public_key > mappings? You mean something like this (email address --> OTR key)? https://datatracker.ietf.org/doc/draft-wouters-dane-otrfp/ Peter -- Peter Saint-Andre https://stpeter.im/ ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On Tue, 27 Aug 2013 19:57:30 -0600 Peter Saint-Andre wrote: > On 8/27/13 7:47 PM, Jonathan Thornburg wrote: > > On Tue, 27 Aug 2013, Perry E. Metzger wrote: > >> Say that you want to distribute a database table consisting of > >> human readable IDs, cryptographic keys and network endpoints for > >> some reason. Say you want it to scale to hundreds of millions of > >> users. > > > > This sounds remarkably like a description of DNSSEC. > > > > Assuming it were widely deployed, would > > DNSSEC-for-key-distribution be a reasonable way to store > > email_address --> public_key > > mappings? > > You mean something like this (email address --> OTR key)? > > https://datatracker.ietf.org/doc/draft-wouters-dane-otrfp/ My problem with the use of DNSSEC for such things is the barrier to entry. It requires that a systems administrator for the domain your email address is in cooperate with you. This has even slowed DNSSEC deployment itself. It is, of course, clearly the "correct" way to do such things, but trying to do things architecturally correctly sometimes results in solutions that don't deploy. I prefer solutions that require little or no buy in from anyone other than yourself. One reason SSH deployed so quickly was it needed no infrastructure -- if you controlled a single server, you could log in to it with SSH and no one needed to give you permission. This is a guiding principle in the architectures I'm now considering. -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On 8/27/13 7:45 PM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote: >> Iang wrote: >> >>> Why do we need the 1980s assumption of >being able to send freely >>> to everyone, anyway? >> >> tech.supp...@i.bought.your.busted.thing.com is one that comes to >> mind. i...@sale.me.your.thing.com is another. I think the types of >> "prior whitelist only" secure systems being discussed on-list here >> lately will in the long run win out with the lions share of >> messages, but that bog standard 'dirty' email will persist for >> commercial interactions of the type I list above. > > On the other hand, tech.support@sillycompany could just accept all > contact requests, at least temporarily. Realistically they all have a web-based contact form these days anyway. Similarly, they all have live web-based chat systems that don't require opening up more broadly. HTTP is the new TCP and all that. For truly federated communication (BigRetailer wants its employees to exchange messages with smaller companies in its supply chain), a more open technology is needed, but we have those for email and IM. However, we're off-topic for what's truly important here: not enterprise email and IM, but secure technologies for individuals. Peter -- Peter Saint-Andre https://stpeter.im/ ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On 8/27/13 7:48 PM, Perry E. Metzger wrote: > On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman" > wrote: >> On 08/27/2013 18:34, ianG wrote: >>> Why do we need the 1980s assumption of being able to send freely >>> to everyone, anyway? >> >> It's clear you're not a journalist or working in any other >> profession where you actually need to be able to communicate >> spontaneously with strangers. > > Of course, as a reporter, you are probably getting email addresses of > people to talk to via referral, and that could be used to get past the > barrier. And that's how friend-of-friend stuff is happening now (LinkedIn and the like). In a way the old-fashioned letter of introduction had a lot to recommend it. :-) Peter -- Peter Saint-Andre https://stpeter.im/ ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On Tue, 27 Aug 2013, Perry E. Metzger wrote: > Say that you want to distribute a database table consisting of human > readable IDs, cryptographic keys and network endpoints for some > reason. Say you want it to scale to hundreds of millions of users. This sounds remarkably like a description of DNSSEC. Assuming it were widely deployed, would DNSSEC-for-key-distribution be a reasonable way to store email_address --> public_key mappings? -- -- "Jonathan Thornburg Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA "There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time." -- George Orwell, "1984" ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman" wrote: > On 08/27/2013 18:34, ianG wrote: > > Why do we need the 1980s assumption of being able to send freely > > to everyone, anyway? > > It's clear you're not a journalist or working in any other > profession where you actually need to be able to communicate > spontaneously with strangers. Of course, as a reporter, you are probably getting email addresses of people to talk to via referral, and that could be used to get past the barrier. The problem of people spontaneously contacting a published address is harder. I don't claim to have all the answers, but experimentation will probably tell us a lot more than simply thinking in the abstract. -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote: > Iang wrote: > > >Why do we need the 1980s assumption of >being able to send freely > >to everyone, anyway? > > tech.supp...@i.bought.your.busted.thing.com is one that comes to > mind. i...@sale.me.your.thing.com is another. I think the types of > "prior whitelist only" secure systems being discussed on-list here > lately will in the long run win out with the lions share of > messages, but that bog standard 'dirty' email will persist for > commercial interactions of the type I list above. On the other hand, tech.support@sillycompany could just accept all contact requests, at least temporarily. Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
On Tue, 27 Aug 2013 21:13:59 -0400 Jerry Leichter wrote: > I wonder if much of the work on secure DHT's and such is based on > bad assumptions. A DHT is just a key/value mapping. There are two > reasons to want to distribute such a thing: To deal with high, > distributed load; and because it's too large to store on any one > node. You've forgotten other reasons. One might want to avoid a single point of failure. One might also want to avoid having any central organization responsible for running a database so that it cannot be shut down by an adversary without shutting down thousands or millions of nodes. > I contend that the second has become a non-problem. That is untrue. Say that you want to distribute a database table consisting of human readable IDs, cryptographic keys and network endpoints for some reason. Say you want it to scale to hundreds of millions of users. A quick back of the envelope shows that no home user's little ARM based gateway machine is going to want to handle storing the entire database or handling the entire update traffic volume -- the latter alone might swamp someone even with quite reasonable connectivity. > Even at the high end, what's today a fairly small, moderately > powered system can handle this much data with no problems. I don't think so. Lets say you have a few hundred bytes per entry and a billion users. That's hundreds of gigabytes, far more than you can store on a thumb drive and an appreciable fraction even of today's hard drives. Furthermore, say that 1% of the entries update per day -- even at that low rate, you're going to swamp lots of people's internet transfer quotas. Perry -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
I wonder if much of the work on secure DHT's and such is based on bad assumptions. A DHT is just a key/value mapping. There are two reasons to want to distribute such a thing: To deal with high, distributed load; and because it's too large to store on any one node. I contend that the second has become a non-problem. The DHT uses I've seen involve at most a couple of billion small key/value pairs; most involve a few million at most. Even at the high end, what's today a fairly small, moderately powered system can handle this much data with no problems. The limitations are on QPS. However, there are plenty of mundane techniques to deal with that, including replication, deterministic sharding, and caching. They are all much simpler than DHT's and are hence less likely to have the subtle security problems that DHT's do. Fundamentally, we're asking DHT's to solve three problems at once: Distribute a map; be robust in the face of node failure; do it all securely. Better to use good solutions to the individual problems and combine them than to try to find a way to do all at once. I worked on data structures somewhat like DHT's back in the late 1970's (to implement the Linda distributed programming language on LAN's and hypercubes and similar networks). Neat idea at the time, and it was fun to see it come back as a neat idea on a much larger scale years later; but perhaps its time is (again) passing. -- Jerry ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
Phillip Hallam-Baker wrote: >One hypothesis that I would like to throw >out is that there is no point in >accepting >encrypted email from someone who does >not have a key to encrypt >the response. I'd agree, as I was in just this position in the last week or so: I got a gpg encryped email from someone I had no key for, and I haven't cut or circulated one in a very long while (my bad, as it were, on the latter point). So what's the point in even getting a key from them at that point, after the fact? They ARE not many 'hops' away from me in a web of trust sense so far as knowing people in person, but without having keys exchanged ahead of time, its all moot. As I'm sure this list already knows. Just re-iterating the point made here in various ways that key exchange is THE big problem in all of this. If we can usably crack that nut with 'house servers' on a dongle, we're most of the way there wrt secure email, IMNSHO. Zooko's triangle, pet names...we have cracked the THEORY of secure naming, just not the big obstacle of key exchange. And I don't think the wider public was concerned/scared enough to care before Snowden. Let's hope they care long enough to adopt any viable solutions to the problem that might pop up in the wake of all this. The traffic on this list the past week is a very welcome thing. -David Mercer David Mercer Portland, OR ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Tue, Aug 27, 2013 at 5:04 PM, Wendy M. Grossman < wen...@pelicancrossing.net> wrote: > On 08/27/2013 18:34, ianG wrote: > > Why do we need the 1980s assumption of being able to send freely to > > everyone, anyway? > > It's clear you're not a journalist or working in any other profession > where you actually need to be able to communicate spontaneously with > strangers. > True, but you are probably willing to tolerate a higher level of spam getting through in that case. One hypothesis that I would like to throw out is that there is no point in accepting encrypted email from someone who does not have a key to encrypt the response. -- Website: http://hallambaker.com/ ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On Tue, Aug 27, 2013 at 2:04 PM, Wendy M. Grossman < wen...@pelicancrossing.net> wrote: > It's clear you're not a journalist or working in any other profession > where you actually need to be able to communicate spontaneously with > strangers. > And if the people who attacked the NY Times' DNS today had chosen to replace the NY Times' MX records with pointers to their own mailserver . . . communications intended for journalists would be in the hands of the Syrian Electronic Army, or whoever's actually responsible for the hack. Unencrypted E-mail is going to result in someone's death pretty quickly, if it hasn't already. -- Greg Broiles gbroi...@gmail.com (Lists only. Not for confidential communications.) ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On 08/27/2013 18:34, ianG wrote: > Why do we need the 1980s assumption of being able to send freely to > everyone, anyway? It's clear you're not a journalist or working in any other profession where you actually need to be able to communicate spontaneously with strangers. wg -- www.pelicancrossing.net <-- all about me Twitter: @wendyg ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
Iang wrote: >Why do we need the 1980s assumption of >being able to send freely to >everyone, anyway? tech.supp...@i.bought.your.busted.thing.com is one that comes to mind. i...@sale.me.your.thing.com is another. I think the types of "prior whitelist only" secure systems being discussed on-list here lately will in the long run win out with the lions share of messages, but that bog standard 'dirty' email will persist for commercial interactions of the type I list above. -David Mercer David Mercer Portland, OR ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Email and IM are ideal candidates for mix networks
On 26/08/13 08:47 AM, Richard Clayton wrote: Even without the recent uproar over email privacy, at some point, someone was going to come up with a product along the following lines: Buy a cheap, preconfigured box with an absurd amount of space (relative to the "huge" amounts of space, like 10GB, the current services give you); then sign up for a service that provides your MX record and on-line, encrypted backup space for a small monthly fee. (Presumably free services to do the same would also appear, perhaps from some of the dynamic DNS providers.) Just what the world needs, more free email sending provision! sigh Right. One of the problems with email (as pointed out in OP's original post) is that it is free to send *and* it can be sent to everyone. The combination of these two assumptions/requirements is essential for spam. Chat systems have pretty much killed spam by making it non-possible to send to everyone. You need an introduction/invite/process/barrier, first. This has worked pretty well. Maybe the writing is on the wall? Maybe we just need to let email die? We can move email over to the 'IM technology' layer. We can retain the email metaphor by simply adding it to chat clients, and by adding IM technology to existing email clients. Both clients can allow us to write emails and send them, over their known IM channels to known contacts. Why do we need the 1980s assumption of being able to send freely to everyone, anyway? iang ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Good private email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/27/2013 02:32 AM, Sebastian Krahmer wrote: > Now, thats an interesting point! Once all email is encrypted, how > many mail providers would be interested in offering free service at > all, Another question might be, how many e-mail services would pull a Hushmail (i.e., tout transparent encryption after it leaves the browser (but is actually backdoored))? How many people /who are not us/ cared when that happened? > and whats their business model then? How brisk a business do the freemium mail providers do? One gig for free, fifty for $xus/month? > Is it still valuable enough to sell the graph of connects? Intel agencies have an interest in social graphs, which implies that the data is valuable to some people who are not intel agencies, so why not sell that data? I read an article yesterday about a company that mines Facebook and sells the data to insurance companies and suchlike for making service and rate determinations, so it is possible that this is already happening under a different context. http://www.celent.com/reports/using-social-data-claims-and-underwriting http://www.claimsjournal.com/news/national/2011/10/14/192987.htm http://www.web-strategist.com/blog/2010/06/14/how-insurance-companies-will-influence-rates-based-on-your-tweets/ - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Only shallow people know themselves." --Oscar Wilde -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIcxu4ACgkQO9j/K4B7F8Hy2wCfchzF9uUS2oFLyr98ESzdabyZ uAQAoNWszAIPcrTNnOyUQXILJpoyzMRg =VAHQ -END PGP SIGNATURE- ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Implementations, attacks on DHTs, Mix Nets?
Hi, >> There is a host of older literature, too - P2P research, however, has become >> a cold topic. Although I expect that it will see a revival in the face of >> surveillance. > > For people who are interested, the list I have (for a year or two back) is: [list] I would like to add the following: R5n: Randomized recursive routing for restricted-route networks NS Evans, C Grothoff Network and System Security (NSS) 2011 Routing in the dark: Pitch black NS Evans, C GauthierDickey, C Grothoff Computer Security Applications Conference, 2007. ACSAC 2007 Exploiting KAD: possible uses and misuses M Steiner, T En-Najjary, EW Biersack ACM SIGCOMM Computer Communication Review 37 (5), 65-70 A global view of kad M Steiner, T En-Najjary, EW Biersack Proceedings of the 7th ACM SIGCOMM IMC, 2007 Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm T Holz, M Steiner, F Dahl, E Biersack, F Freiling Proceedings of 1st Usenix Workshop LEET Ralph ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
