Why we spent a decade+ building strong crypto security

2002-11-19 Thread John Gilmore
The US government's moves to impose totalitarian control in the last
year (secret trials, enemies lists, massive domestic surveillance) are
what some of the more paranoid among us have been expecting for years.
I was particularly amused by last week's comments from the
Administration that it'll be too hard to retrain the moral FBI agents
who are so careful of our civil rights -- so we'll need a new
domestic-spying agency that will have no compunctions about violating
our civil rights and wasting our money by spying on innocent people.

While there's plenty of fodder for argument among the details, the
overall thrust of the effort seems pretty clear.

Now's a great time to deploy good working encryption, everywhere you
can.  Next month or next year may be too late.  And even honest ISPs,
banks, airlines (hah), etc, may be forced by law or by secret pressure
to act as government spies.  Make your security work end-to-end.

Got STARTTLS?
Got IPSEC?
Got SSH?

Use it or lose it.

John Gilmore


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]



Re: Why we spent a decade+ building strong crypto security

2002-11-19 Thread Adam Shostack
On Sun, Nov 17, 2002 at 11:29:59PM -0800, John Gilmore wrote:
| Now's a great time to deploy good working encryption, everywhere you
| can.  Next month or next year may be too late.  And even honest ISPs,
| banks, airlines (hah), etc, may be forced by law or by secret pressure
| to act as government spies.  Make your security work end-to-end.
| 
| Got STARTTLS?
| Got IPSEC?
| Got SSH?

I've done up a very short web page explaining how to use STARTTLS for
opportunitistic email encryption between servers running postfix.

http://www.homeport.org/~adam/starttls.html

If you have STARTTLS enabled for client authentication, it should take
less than 5 minutes to set it up for server-server. 

Adam


-- 
It is seldom that liberty of any kind is lost all at once.
   -Hume



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]