Re: [cryptography] The next gen P2P secure email solution
Anyone looked at BitMail p2p ? http://sourceforge.net/projects/bitmail/?source=directory 2013/12/24 grarpamp grarp...@gmail.com This thread pertains specifically to the use of P2P/DHT models to replace traditional email as we know it today. Pasting in a very rough and unflowing thread summary to date for interested people to pick up and discuss, draft, etc. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
On 25/12/2013 00:43, Greg wrote: I'm curious, is Aaron's response representative of the entire list's, or are there folks out there lurking who would actually appreciate a forum? Show of hands? As long as I get the messages in my email inbox and can get my replies to subscribers by replying to the email, then why should I care how that's achieved? But having to go to a forum would be a royal pain. Nicholas -- Contact and PGP key here ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
*** Nicholas Bohm nb...@ernest.net [2013-12-25 18:40]: I'm curious, is Aaron's response representative of the entire list's, or are the re folks out there lurking who would actually appreciate a forum? I am just an ordinary reader here, but personally I am strongly against forums. I won't read them anyway, I do not believe people are willing to replace their reliable configured comofortable to work with personal email software with someone's Web-based thought of better user interface. Personally configured email client is always will be more convenient way to work with, ability to work offline, search list archives offline, robustness if list mailserver is down, not resource and network traffic (relatively) wastefull client and server software. I assume NNTP Usenet-like services is better choice, but modern maillists are very good from most point of views. -- Happy hacking, Sergey Matveev ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
I would rather retain the mailing list. On 25/12/2013 00:43, Greg wrote: I'm curious, is Aaron's response representative of the entire list's, or are there folks out there lurking who would actually appreciate a forum? Show of hands? -- Please do not email me anything that you are not comfortable also sharing with the NSA. On Dec 24, 2013, at 7:41 PM, Aaron Turner synfina...@gmail.com wrote: This is a solution in search of a problem. This list is neither high traffic or diverse enough to warrant a forum. -- Aaron Turner http://synfin.net/ Twitter: @synfinatic Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
On Tue, Dec 24, 2013 at 3:44 PM, Greg g...@kinostudios.com wrote: I've used both phpBB and simplemachines, and far prefer the latter for its simpler configuration, administration, and what seem like superior spam-fighting capabilities. I have seen similar requests on other mailing lists, including those running mailman . On the DIYbio mailing list (about ~3000 users), a handful of individuals had the idea that they could just ask the mailing list to be shut down and all the content ported to a forum. So I challenged one of them to write a mail2forum gateway. There is no particular reason why a forum couldn't also function as a mailing list (as Google Groups is pathetically trying to do), with email replies to threads etc. The current get notified by email features aren't the same thing. Jake Stew jakes...@mail.com wrote a mail2forum gateway for phpBB and began using it with the diybio mailing list. What's interesting is that nobody used it except for him, not even the others who were wanting a forum in the first place. I don't really have an opinion on this result, but it's sort of funny, and worth sharing, so there you go. Maybe bug him for the phpBB plugin and start using it if you really prefer phpBB or ikonboard or HyperVBulletin or whatever the latest malware is called. What's particularly funny is that Google Groups was trying to pivot their content into a forum (and at the same time murdering all of their USENET content, I guess they don't have thorough automatic tests...). You can see it all over their UI because of their half-assed attempt to convert from using the word groups to forums. I think in part this was an attempt to convince users to use the web UI as a forum, but when people say forum what they really mean is something like Infopop UBB and anything from 1998-2004 that matches the same pattern. - Bryan http://heybryan.org/ 1 512 203 0507 ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
On Tue, 24 Dec 2013, Greg wrote: The advantages are almost too numerous to list, I prefer mail, but let a hundred flowers bloom, for whoever switches to a web forum deserves it :-) -- Regards, ASK ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] The next gen P2P secure email solution
On Wed, Dec 25, 2013 at 8:21 AM, Jeremie Miller jeremie.mil...@gmail.com wrote: This thread seems pretty immense and in various places, what's the best way to contribute to it? I'm pretty keen on the topic, been working on /real/ p2p infrastructure for 5+ years now :) I'm not sure that it has a proper home. I do not suggest metzdowd, which is where I think you picked it up. cypherpunks has the most thread content to date. Though p2p-hackers is perhaps best for now unless anyone else has a better idea? ie: another p2p centric list with a good bit of anonymity and crypto representation. p2p-hackers is having delivery issues at the moment so maybe continue to cc cypherpunks for another week till that is sorted out. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] The next gen P2P secure email solution
On Wed, Dec 25, 2013 at 7:19 AM, Randolph rdohm...@gmail.com wrote: Anyone looked at BitMail p2p ? http://sourceforge.net/projects/bitmail/?source=directory re: bitmail, goldbug, etc. With all due respect, I doubt few here have or will anytime soon. You spam out links to binaries no one's heard of, your source probably isn't deterministic to your binaries, bsd/linux support?, your development model doesn't appear open, code is hosted on a site few care about anymore, you've no papers, presentations, mailing list or community involvement, you've advertised the good name of other projects as being affiliated with your work without their permission. And you've failed to address any of this publicly despite people kindly prompting you to do so. In these communities, that's a big red flag. As always, full benefit of the doubt is given. If you need hosting for code, lists, website... some code review, testing, etc... just ask an appropriate list. We need more cool ideas and software... but you really need to step up to the plate in these areas if you want people to take you seriously. ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] [Cryptography] HSBC's Password Approach: Impressive
They are being pretty clever to make up for terribly endpoint security. Yeah, all that might work for non brick and mortar stuff you maybe care about, say email [1], and your fave pornsite. But really... you need to be able to demand a hardware OTP token from your bank and brokerage... They do that, too. I have accounts at six of HSBC's banks, of which five have some sort of token protection. You can see four of them here: http://obvious.services.net/2013/07/better-have-big-pockets-if-you-want.html For the fifth one, they gave me a choice of another token or an app running on my Android tablet so I took the app. They have a federated authentication setup so when you're logged into a bank in one country, you can switch to banks in most other countries where you have an account without logging in again. Most require the token when you switch, one gives you read only access if you don't have the token. The one bank that doesn't offer a token is the one in the U.S., by the way. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
Stick with the mailing list. If we are going to move anywhere, it should be toward something like a moderated Usenet newsgroup (if not actually moving to Usenet). Agreed. By the way, I gateway this list to a local newsgroup on my usenet server and read it there. Moving to usenet wouldn't be hard, give or take the hardness of people spinning up usenet clients. Also, do you enjoy not being able to edit your comments? Yes. It encourages me to think before sending. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
I feel like people ended up talking past each other here. Google Groups, as a product, clearly found success from merging a web forum and an email list together. People use them both ways. I use plenty of Google Groups in email-only. It's sometimes nice to have a forum presentation. I don't think it's controversial to suggest that mailman's web presentation is a terrible, outdated thing. But obviously, this list would never want to be part of a Google product (or anyone's product). We want to host our own. I also don't think it's controversial to suggest that most forum software is just as terrible and outdated. I've been distantly watching http://www.discourse.org and I like their vision. I believe they allow, or want to allow, email-only interaction. I don't know if it does, and I don't know if Discourse is easy to set up, or appropriate for the task. I do know that when people prioritize usability and accessibility over questions of centralization, I have no choice but to recommend they use Google Groups. It's crazy that I don't have a better alternative for this. librelist http://librelist.com/ held promise, but stalled years ago. I want there to be an obvious and acceptable alternative that addresses some of Greg's basic points, because it should be okay to point out that email has disadvantages. Right now, I don't think there is one. This is a real gap I'd like to see the open source community fill. On Thu, Dec 26, 2013 at 12:26 AM, John Levine jo...@iecc.com wrote: Stick with the mailing list. If we are going to move anywhere, it should be toward something like a moderated Usenet newsgroup (if not actually moving to Usenet). Agreed. By the way, I gateway this list to a local newsgroup on my usenet server and read it there. Moving to usenet wouldn't be hard, give or take the hardness of people spinning up usenet clients. Also, do you enjoy not being able to edit your comments? Yes. It encourages me to think before sending. R's, John ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography -- konklone.com | @konklone https://twitter.com/konklone ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
Re: [cryptography] Can we move to a forum, please?
On Thu, Dec 26, 2013 at 12:59 AM, Eric Mill e...@konklone.com wrote: ... I've been distantly watching http://www.discourse.org and I like their vision. I believe they allow, or want to allow, email-only interaction. I don't know if it does, and I don't know if Discourse is easy to set up, or appropriate for the task. From their page: Log in with … anything. I suppose that means one must share all their selected account details with the folks providing the service. Some of the more egregious require access to contacts to send personalized spam. (I don't believe I've found one yet that's happy with just being a relying party and only using the email address provider assertion). Jeff ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] Prerendering as a security idea (was: RSA is dead.)
On 25/12/13 02:38 AM, Bill Frantz wrote: On 12/25/13 at 2:05 PM, i...@iang.org (ianG) wrote: So, assuming I sober up by the morn, and SO doesn't notice, where's Ping's code? See http://zesty.ca/pubs/yee-phd.pdf p217ff Thanks! I had a quick look, it's in Python, I'm squeezed out. Also, there is only a description of the bugs in the thesis, which is no fun. In order to justify YAPing, here is a snippet from the thesis, which I saw as the big idea in Ka Ping's thesis: What is prerendering? In a typical voting computer, much of the software code is responsible for generating the user interface for the voter. This includes the code for arranging the layout of elements on the screen, drawing text in a variety of typefaces and languages, drawing buttons, boxes, icons, and so on. In a voting computer with audio features, this also includes code for manipulating or synthesizing sound. (Some voting computers, such as the Avante Vote-Trakker [11], contain speech synthesis software.) The user interface is generated in real time—the visual display and audio are produced (“rendered”) as the voter interacts with the machine. Prerendering the ballot. The software in the voting computer could be considerably simplified by moving all this rendering work into the preparation stage— /prerendering/ the interface before election day. 1 Both Ptouch and Pvote realize this idea. Today’s DRE machines use a ballot definition that contains only essential data about the ballot: the names of the offices, the names of the candidates running for each office, and so on. But the ballot definition could be expanded to describe the user interface as well. For a visual interface, this would include images of the screen with the layout already performed, buttons already placed, and text already drawn. For an audio interface, this would include prerecorded sound clips. Everything presented to the user would be prepared ahead of time, so that all the software complexity associated with rendering can be taken out of the voting computer. The ballot definition could specify not just appearance but also behaviour—the locations where images will appear, the transitions from screen to screen, the user actions that will trigger these transitions, and so on. This is exactly the case for both Ptouch and Pvote: the ballot definition is a high-level description of the entire user interface for voting. ___ 1 It was Steve Bellovin who prompted my line of research by suggesting prerendering for voting machines. I'm enjoying my son's gin and tonics. He makes the best ones in the world. Merry Christmas and Happy New Year1 And to all! ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
[cryptography] controlling trust with money
On 25/12/13 07:33 AM, Peter Todd wrote: On Tue, Dec 24, 2013 at 11:03:31PM -0500, Benjamin Kreuter wrote: ... Moderation and spam control - both involve trusting centralized humans. ... Equally we have very suductive solutions to such distastful brushes with humanity in the form of throwing proof-of-work, or better yet transferrable proof-of-work(1), at the problem. Previously known as hashcash of course, but much more usable this time around because there's actually a market for the stuff in the form of Bitcoins so attackers don't have an advantage. Of course, such pure solutions have real world drawbacks - like rich wankers flooding your forums with junk because they can afford too - but they've also never been tried in real-life so there's a lot of interest in doing just that. Who knows if it'll actually work in practice, but all the more reason to try. Controlling groups of people and manipulating the trust and other factors by charging money is a time-honoured marketing technique. It may be that Bitcoin community hasn't tried it, but the marketing types know all about it. In the art it is called 'price discrimination' which I'm sure google knows all about. It works. You can even predict with some precision how it is going to work. 1) https://en.bitcoin.it/wiki/Fidelity_bonds - Disclaimer: I invented them. Also Just use fidelity bonds! is a standard joke in the Bitcoin developer community, and for good reason. There have even been studies done on how effective it is. The one I recall is selling two t-shirts, one red and one green, with one at twice the price... Of course, this still leaves the question of how to control trust without money. Another day... iang ___ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography