On Wed, Nov 19, 2014 at 3:13 PM, Richard Brooks r...@g.clemson.edu wrote:
Just looked at this:
https://letsencrypt.org/howitworks/technology/
The EFF's new CA to make things cheap and easy for
installing certs. I like the goal.
What I do not get from the description is how they
really
On Wed, Nov 19, 2014 at 3:13 PM, Richard Brooks r...@g.clemson.edu wrote:
Just looked at this:
https://letsencrypt.org/howitworks/technology/
The EFF's new CA to make things cheap and easy for
installing certs. I like the goal.
What I do not get from the description is how they
really
On Tue, Mar 11, 2014 at 12:37 PM, Patrick Schleizer
adrela...@riseup.net wrote:
Natanael:
It would probably be as easy as using SSL with a null cipher with
authentication like poly1305.
I preferred to sign the source files on my local hdd using a tool that
internally uses gpg. That way the
On Fri, Feb 7, 2014 at 9:52 AM, taltm...@stanford.edu wrote:
This is the kind of heavy hand that Stanford is laying down on
students and faculty who do not want to give up their privacy.
This seemed to me like an inevitable outcome when there was little to
no backlash against spyware
On Mon, Jan 13, 2014 at 4:57 AM, carlo von lynX
l...@time.to.get.psyced.org wrote:
Sorry for spoiling this apparently easy solution, but the Internet is
currently more broken than that.
I don't think you're spoiling it. I use 0bin only for things I'd
otherwise use a non-encrypted tool
On Thu, Nov 21, 2013 at 12:31 AM, elijah eli...@riseup.net wrote:
I don't need to beat a dead horse, but nearly every email from carlo
contains one or more logical fallacies. This email contains two: the
strawman fallacy (enigmail has poor security, so no usage of OpenPGP can
have good
On Fri, Oct 11, 2013 at 10:24 AM, Tempest temp...@tushmail.com wrote:
Gregory Maxwell:
My other big technical complaint about PGP is (3) in the post, that
every encrypted message discloses what key you're communicating with.
PGP easily _undoes_ the privacy that an anonymity network like tor
On Fri, Oct 11, 2013 at 12:10 PM, Tempest temp...@tushmail.com wrote:
a fair point. but one could significantly address this issue by hosting
the public key on a tor hidden service. that would greater ensure that,
in order to get your key, they would be using a system that protects
against
I'm surprised to see this list has missed the thing that bugs me most
about PGP: It conflates non-repudiation and authentication.
I send Bob an encrypted message that we should meet to discuss the
suppression of free speech in our country. Bob obviously wants to be
sure that the message is coming
On Thu, Aug 22, 2013 at 11:03 AM, Joseph Lorenzo Hall j...@cdt.org wrote:
TextSecure’s upcoming iOS client (and Android data channel client) uses
a simple trick to provide asynchronous messaging while simultaneously
providing forward secrecy.
I've seen people want PGP to do this before— have
On Tue, Aug 6, 2013 at 3:11 PM, Florian Weimer f...@deneb.enyo.de wrote:
(Automated updates are a mixed blessing because they could invite
court orders to roll out specific versions to certain users.)
No crap.
_please_ don't deploy automatic updates in a sensitive environment
like this without
On Tue, Aug 6, 2013 at 3:20 PM, Francisco Ruiz r...@iit.edu wrote:
Hi folks,
Thank you very much for your great feedback on the previous version. The
next version is now up at http://passlok.com, which redirects to
https://passlok.site44.com
This may come in handy now that there are problems
On Tue, Aug 6, 2013 at 3:20 PM, Francisco Ruiz r...@iit.edu wrote:
Hi folks,
Thank you very much for your great feedback on the previous version. The
next version is now up at http://passlok.com, which redirects to
https://passlok.site44.com
This may come in handy now that there are problems
On Wed, Jul 17, 2013 at 10:18 AM, Collin Sullivan coll...@benetech.org wrote:
http://unsene.com/blog/2013/06/15/is-most-encryption-broken/
HALP. I've slipped on a snake oil spill and can't get up!
[...]Here’s why we think many of these encryption algorithms are cracked;
[...]
• These entities
On Tue, Jul 16, 2013 at 1:00 PM, John Adams j...@retina.net wrote:
http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png
The process here is not correct— or at least it has some unstated
assumptions and a confusing presentation.
For example, if— as a safe harbor
On Tue, Jul 16, 2013 at 1:00 PM, John Adams j...@retina.net wrote:
http://www.mediabistro.com/appnewser/files/2012/02/infographic-dmca-process1.png
The process here is not correct— or at least it has some unstated
assumptions and a confusing presentation.
For example, if— as a safe harbor
On Sat, Jul 13, 2013 at 12:36 PM, Mitar mmi...@gmail.com wrote:
Hi!
I am a bit concerned with the CJDNS hype I am observing around. I do
like that decentralized Internet is getting momentum, but I am
concerned if CJDNS is really the way to achieve that. From its
whitepaper it seems that it
On Sat, Jul 13, 2013 at 12:36 PM, Mitar mmi...@gmail.com wrote:
Hi!
I am a bit concerned with the CJDNS hype I am observing around. I do
like that decentralized Internet is getting momentum, but I am
concerned if CJDNS is really the way to achieve that. From its
whitepaper it seems that it
On Sun, Jul 14, 2013 at 8:28 PM, Caleb James DeLisle
calebdeli...@lavabit.com wrote:
You'd need a botnet to attack the network because then you could have
nodes spread out over physical space but clustered in keyspace.
And, presumably, convince people to connect to them. If I understood
On Sat, Jul 13, 2013 at 12:36 PM, Mitar mmi...@gmail.com wrote:
For me it seems far from something which would be resistant to any
adversary trying to prevent communication from happening. It seems to
me that it just ignores many of issues with DHTs and routing in
overlay networks put out in
On Sun, Jun 9, 2013 at 4:32 PM, Gregory Maxwell g...@xiph.org wrote:
I've been continually amazed at how poorly the public has been doing
at figuring out the mechanisms used for this stuff— You don't need
some insider to tell you how it works, you could have just looked up
Counter evidence
On Tue, Jun 11, 2013 at 9:52 AM, Sean Cassidy sean.a.cass...@gmail.com wrote:
I have created a simple anonymity network that broadcasts all messages
to participants so that you cannot associate chatters.
https://bitbucket.org/scassidy/dinet
See also: https://bitmessage.org/wiki/Main_Page
(I
On Tue, Jun 11, 2013 at 6:56 PM, Kate Krauss ka...@critpath.org wrote:
It's really easy to use these tools if you already know how to do it.
I've been using PGP since 1994, if not earlier. In more recent times
it's become a regular part of my workflow in discussing security
critical bugs. I am a
On Fri, Jun 7, 2013 at 6:47 AM, Eugen Leitl eu...@leitl.org wrote:
but the ability to assemble intelligence out of taps on providers' internal
connections
would require reverse engineering the ever changing protocols of all of those
providers.
This is somewhat less difficult than some
Many people in spheres of cryptography and digital rights activism
have long assumed (or—frankly—known about) pervasive government
surveillance of the Internet and other communications networks. So it's
unsurprising that there is something of an undertone in PRISM discussions
of meh, it's terrible
On Mon, Mar 4, 2013 at 11:45 AM, Jens Christian Hillerup
j...@hillerup.net wrote:
Yes, and then I can scrap the stereo encoding again. I'd rather have
it optional than required. And I agree, it would make more sense to
pick eight notes and use them as a bitmap. We'd face the same problems
as
On Fri, Feb 22, 2013 at 9:52 AM, Greg Norcie g...@norcie.com wrote:
Unpaid internships are illegal actually. Unless receiving course credit
from a university - then they're just morally unsound :)
But such a great research opportunity to go find out about more
privacy invading technology and
On Wed, Feb 20, 2013 at 10:27 PM, Micah Lee micahf...@riseup.net wrote:
I just wrote a blog post that people here might find interesting about
using Gajim, a chat client written in python, and Gajim's OTR plugin, a
purely python implementation of the OTR standard, instead of Pidgin and
libotr.
On Thu, Feb 7, 2013 at 8:36 AM, Douglas Lucas d...@riseup.net wrote:
Can Silent Circle promoters explain why Zimmerman is excused from
Kerckhoffs's principle?
Is it because something unverifiable is allegedly better than nothing?
Even if we had divine knowledge to tell us Silent Circle is
On Thu, Feb 7, 2013 at 9:12 AM, Christopher Soghoian ch...@soghoian.net wrote:
My area of research is the intersection of law, policy and technology. As
such, I am most interested in companies' surveillance policies, their
commitment to transparency, and their stated willingness to tell the
On Mon, Aug 13, 2012 at 12:38 PM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
The average user (a very stupid, dumb user but with very strong political
commitment in freedom fighting) will always trust the website / operator.
We CANNOT FIX that problem in any technical/cryptographic
On Thu, Aug 9, 2012 at 11:56 AM, Mark Belinsky mark.belin...@gmail.com wrote:
Of course it's important to note that this too can be spoofed, but it's
potentially better than nothing
But thats so trivially spoofed and the only users it would protect
would be the ones trying to get protection...
On Mon, Aug 6, 2012 at 6:53 PM, Nadim Kobeissi na...@nadim.cc wrote:
The blog post suggests that becoming a local browser app means that
Cryptocat no longer uses JavaScript cryptography. This is nonsense:
JavaScript is a *language*, and since browser apps/plugins are written in an
HTML5
On Wed, Jul 18, 2012 at 4:37 PM, Matisse Bustos Hawkes
mati...@witness.org wrote:
Hello all,
I'm sure some of you saw today's news that YouTube announced a new face blur
tool into their editing suite - as they put it: Whether you you want to
share sensitive protest footage without exposing the
34 matches
Mail list logo
