[cryptography] Lawyer: Are you familiar with public key encryption? -- Whitfield Diffie: Yes, I am
http://arstechnica.com/tech-policy/2013/11/newegg-trial-crypto-legend-diffie-takes-the-stand-to-knock-out-patent/ Newegg trial: Crypto legend takes the stand, goes for knockout patent punch Taking a bet on Whit Diffie, as the trial against patent troll TQP wraps up Monday. by Joe Mullin - Nov 25 2013, 6:58am WEST Whitfield Diffie and Newegg lawyer Alan Albright, outside the federal courthouse is Marshall, Texas. Joe Mullin Newegg’s chief counsel testifies: 30 infringement claims in last 8 years alone Newegg on trial: Mystery company TQP rewrites the history of encryption Newegg on trial, day one: Picking a patent jury Newegg hurtles toward Texas showdown with famed “patent troll” MARSHALL, TX—Newegg's courtroom face-off with patent-licensing giant TQP Development is nearing its end. TQP has sued hundreds of companies saying it has patented the common Web encryption scheme of combining SSL with the RC4 cipher. Almost 140 companies have paid TQP a total of more than $45 million. But online retailer Newegg, which has sworn not to settle with patent trolls like TQP, took the case to a jury. On Thursday, Newegg's top lawyer Lee Cheng took the stand. He was followed by a non-infringement expert and three well-known computer scientists who emphasized the importance of Newegg's prior art. Ron Rivest testified, via videotaped deposition, about how he invented the RC4 cipher while at RSA Security in 1987, two years before the TQP patent application was filed. Former Microsoft CTO Ray Ozzie described demonstrating Lotus Notes to Bill Gates in 1988. Alan Eldridge, who worked on the Notes product, flew down to Marshall in person to describe how he put RC4 in the software. Eldridge wasn't paid, as expert witnesses were—he came down to testify against the Jones patent out of a feeling of civic responsibility, he said. He didn't know who the defendants in this case were until he was told. I hadn't even heard of New Age until Saturday, said Eldridge at one point, as laughs were stifled in the courtroom. On Friday Newegg's star witness, cryptographer Whitfield Diffie, took the stand. Diffie's goal is to knock out the Jones patent with clear and convincing evidence (which is the standard for invalidating a patent). Diffie looked the part of the eccentric genius, resplendent with his long white hair and beard. He spoke with a booming voice but carefully articulated manner; he was professorial but not overbearing. He could have been the amiable professor you wish you'd had in college. TQP's patent, invented alongside Michael Jones' failed modem business, wasn't much of an invention at all according to Diffie's telling. It was a pre-Internet patent, describing an old method of encoding data. Internet security needed public key cryptography. We've heard a good bit in this courtroom about public key encryption, said Albright. Are you familiar with that? Yes, I am, said Diffie, in what surely qualified as the biggest understatement of the trial. And how is it that you're familiar with public key encryption? I invented it. A brief history of public-key crypto In 1973, Diffie left his work at Stanford's Artificial Intelligence Lab to travel the country and learn more about cryptography. It was kind of a secret field at the time, and the literature was hard to find, said Diffie. I was traveling around academic libraries digging up whatever I could. The following year, he returned to Stanford and started his work with a professor there, Martin Hellman. I want you to put it in perspective for the court and for the jury, said Albright. What is the problem that you two gentlemen saw, that you were so worried about? The problem was vast, Diffie explained—nothing less than how to keep things private in a networked world. He recalled a conversation with his wife in 1973, sitting on a New Jersey park bench. I told her that we were headed into a world where people would have important, intimate, long-term relationships with people they had never met face to face, he said. I was worried about privacy in that world, and that's why I was working on cryptography. At that time, the only encryption happened within closed systems. IBM could encrypt information within its own company's networks, and Texas Instruments could encrypt on theirs. But some kind of courier would have to carry encryption keys to both companies before they could do so. That was the key distribution problem Diffie strove to solve. It's arranging to provide keys to two people who have never met before, who suddenly find themselves with a need to communicate, he explained. This is much the way we visit websites these days. There was one other big need: proving authenticity. The receiver of the document can come into court with the signed document and prove to a judge that the document is legitimate, he said. That person can recognize the signature but could not have created the signature. In spring of 1975, Diffie was playing house husband near
Re: [cryptography] [Cryptography] Email is unsecurable
Say hello to Bote mail on I2P. I2P provides encrypted anonymizing networking, Bote mail provides DHT based serverless encrypted mailing with public crypto keys as addresses (ECDSA or NTRU). http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to visit it via an inproxy). There is also I2P Messenger that is encrypted P2P IM within I2P also using public keys as addresses. - Sent from my phone Den 25 nov 2013 19:15 skrev grarpamp grarp...@gmail.com: On Mon, Nov 25, 2013 at 1:01 AM, ianG i...@iang.org wrote: On 23/11/13 15:30 PM, Ralf Senderek wrote: On Sat, 23 Nov 2013, David Mercer wrote: But of course you're right about actual current usage, encrypted email is an epic fail on that measure regardless of format/protocol. Yes, but it's about time we do something about that. Do we *exactly know why* it is such a failure? It's an interesting question, and one worth studying for pedagogical motives. From my experiences from both sides, it is clear that both sides failed. But for different reasons. Hence, I've concluded that email is unsecurable. Obviously. It will never be able to escape the non-body header content and third party routing, storage and analysis with any form of patching over today's mail. And it's completely ridiculous that people continue to invest [aka: waste] effort in 'securing' it. The best you'll ever get clients down to is exposing a single 'To:' header within an antique transport model that forces you to authenticate to it in order to despam, bill, censor and control you. That system is cooked, done and properly fucked. Abandon it. What the world needs now is a real peer to peer messaging system that scales. Take Tor for a partial example... so long as all the sender/recipient nodes [onions] are up, any message you send will get through, encrypted, in real time. If a recipient is not up, you queue it locally till they are... no third party ever needed, and you get lossless delivery and confirmation for free. Unmemorable node address?, quit crying and make use of your local address book. Doesn't have plugins for current clients?, so what, write some and use it if you're dumb enough to mix the old and new mail. The only real problem that still needs solved is scalability... what p2p node lookup systems are out there that will handle a messaging world's population worth of nodes [billions] and their keys and tertiary data? If you can do that, you should be able to get some anon transport over the p2p for free. Anyway, p2p messaging and anonymous transports have all been dreamed up by others before. But now is the time to actually abandon traditional email and just do it. If you build it, they will come. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Email is unsecurable
On Mon, Nov 25, 2013 at 1:01 AM, ianG i...@iang.org wrote: On 23/11/13 15:30 PM, Ralf Senderek wrote: On Sat, 23 Nov 2013, David Mercer wrote: But of course you're right about actual current usage, encrypted email is an epic fail on that measure regardless of format/protocol. Yes, but it's about time we do something about that. Do we *exactly know why* it is such a failure? It's an interesting question, and one worth studying for pedagogical motives. From my experiences from both sides, it is clear that both sides failed. But for different reasons. Hence, I've concluded that email is unsecurable. Obviously. It will never be able to escape the non-body header content and third party routing, storage and analysis with any form of patching over today's mail. And it's completely ridiculous that people continue to invest [aka: waste] effort in 'securing' it. The best you'll ever get clients down to is exposing a single 'To:' header within an antique transport model that forces you to authenticate to it in order to despam, bill, censor and control you. That system is cooked, done and properly fucked. Abandon it. What the world needs now is a real peer to peer messaging system that scales. Take Tor for a partial example... so long as all the sender/recipient nodes [onions] are up, any message you send will get through, encrypted, in real time. If a recipient is not up, you queue it locally till they are... no third party ever needed, and you get lossless delivery and confirmation for free. Unmemorable node address?, quit crying and make use of your local address book. Doesn't have plugins for current clients?, so what, write some and use it if you're dumb enough to mix the old and new mail. The only real problem that still needs solved is scalability... what p2p node lookup systems are out there that will handle a messaging world's population worth of nodes [billions] and their keys and tertiary data? If you can do that, you should be able to get some anon transport over the p2p for free. Anyway, p2p messaging and anonymous transports have all been dreamed up by others before. But now is the time to actually abandon traditional email and just do it. If you build it, they will come. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Email is unsecurable
I'm strongly against most the ideas to abbandon current email systems, because the results will be to create wallet garden. We need something interoperable with existing systems or the system will just be used by a bunch of paranoid people or fostered by the marketing of few cryptography company acquiring customers, not user. So we need IETF standards, interoperable with existing email standard protocols (SMTP, IMAP, MIME). I'm just very disappointed that many of us look at the moon, trying to invent something new, when there are so many improvements to be done on existing interoperable platforms. Let's first cut-off the massive passive traffic analysis, then improve current systems to provide some added protection against metadata, focusing in a far future, when the new system got already wide adoption, make it perfect. Fabio Il 11/25/13, 7:20 PM, Natanael ha scritto: Say hello to Bote mail on I2P. I2P provides encrypted anonymizing networking, Bote mail provides DHT based serverless encrypted mailing with public crypto keys as addresses (ECDSA or NTRU). http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to visit it via an inproxy). There is also I2P Messenger that is encrypted P2P IM within I2P also using public keys as addresses. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Email is unsecurable
And there's your problem - you can at best only add gateways/proxies, you can't actually improve the existing protocols in any meaningful way. - Sent from my phone Den 25 nov 2013 21:09 skrev Fabio Pietrosanti (naif) li...@infosecurity.ch: I'm strongly against most the ideas to abbandon current email systems, because the results will be to create wallet garden. We need something interoperable with existing systems or the system will just be used by a bunch of paranoid people or fostered by the marketing of few cryptography company acquiring customers, not user. So we need IETF standards, interoperable with existing email standard protocols (SMTP, IMAP, MIME). I'm just very disappointed that many of us look at the moon, trying to invent something new, when there are so many improvements to be done on existing interoperable platforms. Let's first cut-off the massive passive traffic analysis, then improve current systems to provide some added protection against metadata, focusing in a far future, when the new system got already wide adoption, make it perfect. Fabio Il 11/25/13, 7:20 PM, Natanael ha scritto: Say hello to Bote mail on I2P. I2P provides encrypted anonymizing networking, Bote mail provides DHT based serverless encrypted mailing with public crypto keys as addresses (ECDSA or NTRU). http://i2p2.de and i2pbote.i2p (if you don't have I2P installed, add .us to visit it via an inproxy). There is also I2P Messenger that is encrypted P2P IM within I2P also using public keys as addresses. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Email is unsecurable
On 11/25/2013 08:09 PM, Fabio Pietrosanti (naif) wrote: Let's first cut-off the massive passive traffic analysis, then improve current systems to provide some added protection against metadata, focusing in a far future, when the new system got already wide adoption, make it perfect. New work on improving hop-by-hop security for email and other things is getting underway in the IETF. [1] Basically the idea is to document stuff that can be turned on already in current deployments (to the extent possible) that gets you PFS and modern TLS ciphersuites. Pre-working-group charter discussion for this is being directed to the apps-disc...@ietf.org list for now, or if folks aren't keen to get on that list, feel free to send me comments and I'll make sure they get into the pot. I'll send a mail here when the WG is officially kicked off (in a few weeks hopefully) with a pointer to the eventual wg mailing list. That does address the short-term/quick-win stuff that we can get for foo-over-TLS protocols like SMTP, IMAP etc., but doesn't address end-to-end mail security, for lots of the reasons already stated in this thread. So if you think there's value in that short-term work too, then I'm sure more help and expertise will be welcomed. Personally, I'm not at all confident that we can do something that provides end-to-end security, can be deployed at full Internet scale and is compatible with today's email protocols. But if others are more optimistic then I'm all for 'em trying to figure it out and would be delighted to be proven wrong. Cheers, S. [1] http://www.ietf.org/mail-archive/web/ietf-announce/current/msg12140.html ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Quality of HAVEGE algorithm for entropy?
On Sun, Nov 24, 2013 at 2:04 PM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: ... i found such a very nice piece of software that's said to provide added entropy using HAVEGE algorithm: http://www.issihosts.com/haveged/ http://www.irisa.fr/caps/projects/hipsor/ Any opinion on the usefulness of that kind of tool as an additional entropy source for crypto operations on a Linux system? do it yesterday! i have been using this (haveged) for many years, in addition to physical entropy sources, and it is very much a useful addition to host entropy sources. best regards, ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] Email is unsecurable
On Mon, Nov 25, 2013 at 1:51 PM, Stephen Farrell stephen.farr...@cs.tcd.ie wrote: ... Personally, I'm not at all confident that we can do something that provides end-to-end security, can be deployed at full Internet scale and is compatible with today's email protocols. But if others are more optimistic then I'm all for 'em trying to figure it out and would be delighted to be proven wrong. this would make an interesting bet! i too believe this to be impossible given the constraints. a more suspicious individual might even consider these efforts to be a ruse by intelligence agencies to further the use of insecure (email) systems with fig leaf protections added on top while metadata and usability failures continue unabated... ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography