makes the first step. I pray that it is a band aid and not snake-oil.
With regards,
Guido Witmond.
1: http://eccentric-authentication.org/blog/2014/06/25/talk-for-icann.html
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated
to trust peersm
with their business. Users are still vulnerable to a NSL delivered at
peersm.
with regards, Guido Witmond.
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo
On 04/29/14 11:22, carlo von lynX wrote:
Talking about tools that we should not recommend, I really don't get
it why DuckDuckGo is being listed everywhere as the number one
reasonable alternative to Google considering that they are based in
the US and subject to US legislation which enables
+= !(digest[i] == decoded[i + len]);
}
if (matches != len) {
// incorrectly decoded: we're not the intended recipient
return null;
}
regards, Guido Witmond.
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
https
On 03/14/14 19:56, Julian Oliver wrote:
..on Fri, Mar 14, 2014 at 10:46:30AM -0700, Lucas Gonze wrote:
Let's say web servers auto generated self-signed certificates for any
domain that didn't supply its own certificate, likely one from an authority.
What that would accomplish is to make the
On 03/14/14 22:45, John Adams wrote:
You misunderstand the signing practice if you think this is a good idea.
I don't get it yet, in which part would I be getting wrong, the signing
of server certificates by CAs, or the DNSSEC/DANE part? Please elaborate.
Granted, it provides a low level of
On 03/02/14 20:26, Sal Privacy wrote:
More and more people are being spied on. In February, it was
announced that *1.8 million *Yahoo! users had their webcams hacked and
images intercepted. Allegedly there are backdoors into
all *web-connected camera device*, and people can watch you without
On 03/02/14 21:13, Andrés Leopoldo Pacheco Sanfuentes wrote:
Isn't it reasonable to assume that EVERYBODY IS BEING OR IS BOUND TO
BE SPIED ON in the Internet?
Shouldn't we just assume that, and move on to other, more
interesting, things?
You can safely assume that...
... and give in and
On 01/29/14 23:38, Jonathan Wilkes wrote:
On 01/29/2014 04:50 PM, Guido Witmond wrote:
On 01/29/14 19:57, Jonathan Wilkes wrote:
On 01/26/2014 08:12 AM, Guido Witmond wrote:
BigFix: the missing package manager for Windows. What every
self respecting unix/linux/bsd/etc system already has. Good
On 01/29/14 19:57, Jonathan Wilkes wrote:
On 01/26/2014 08:12 AM, Guido Witmond wrote:
BigFix: the missing package manager for Windows. What every self
respecting unix/linux/bsd/etc system already has. Good.
How is a centralized service that requires the user to download and
install
On 01/26/14 10:20, Tomer Altman wrote:
To Liberation Tech:
Stanford is implementing a new security policy detailed here:
http://ucomm.stanford.edu/computersecurity/
I am personally very concerned about steps #2 and #3. BigFix is
basically a back door managed by IBM that gives them and
nicely.
Disclosure: I'm working on a protocol and implementation to make weave
ubiquitous crypto into the net[0]. My biggest hurdle: how to get people
to use it
Regards, Guido Witmond.
0: http://eccentric-authentication.org/
--
Liberationtech is public archives are searchable on Google
it here.
With Regards, Guido Witmond.
General project information
--
What is the name of the project?
- Eccentric Authentication
Do you represent the project?
- Yes
Do you want to share your email address?
- Yes, gu...@witmond.nl
What programming languages
I've completed the survey and attached it here.
With Regards, Guido Witmond.
Oops, send out to the list, instead of privately.
Please be careful with any information in there. It's toxic, powerful
and highly flammable.
Feel free to discuss part you find interesting, appealing
Hello all,
I've written two new blog entries on eccentric authentication. The
protocol that uses client certificates and a local CA to distribute
public keys between strangers in a secure way.
I hunbly believe it is the most user friendly way to do cryptography
correctly. End users don't see
On 09/01/13 22:49, Michael Rogers wrote:
On 01/09/13 10:00, Caspar Bowden (lists) wrote:
AFAIK Deleuze, Foucault et al. did not say anything specifically
about covert (mass-)surveillance, or analyse how the inherently
secret nature of such organizations might be a causal element in
theories
On 08/26/13 20:44, Francisco Ruiz wrote:
2. Even worse, if they save any data (public keys, in this case), the
database remains tied to each particular computer. Forget about going to
the library and using it there.
Forget about going to the library. The public access computers are a
cost
could create a Firefox Fork to demonstrate that.
Guido.
[0]:
http://eccentric-authentication.org/blog/2013/06/12/walkthrough-datingsite.html
[1]:
http://eccentric-authentication.org/blog/2013/06/07/run-it-yourself.html
On Mon, Aug 12, 2013 at 4:34 PM, Guido Witmond gu...@witmond.nl
mailto:gu
On 08/14/13 15:18, Ben Laurie wrote:
On 14 August 2013 08:54, Guido Witmond gu...@witmond.nl
mailto:gu...@witmond.nl wrote:
On 08/13/13 19:42, Andy Isaacson wrote:
On Mon, Aug 12, 2013 at 11:10:39AM +0200, Guido Witmond wrote:
There is another problem. You rely on HTTPS. Here
Thank you for your quick response.
I'm not convinced by your arguements yet. I comment in between.
On 08/12/13 04:13, Francisco Ruiz wrote:
In your message, you wrote:
1. I have to *run* it to get the hash of the application from the help
page. That is already a leap of faith to run
On 08/12/2013 04:32 PM, Francisco Ruiz wrote:
Quick request.
In comments to a recent post, people seemed to agree that
publishing a video of someone reading a hash might be a fairly
hard-to-hack way to deliver that hash to the public, and thus
assure the authenticity of a piece of code, a
Dear professor Ruiz.
The real issue is to create an *easy* way to do hash validation
correctly. Reading a hash on youtube is not going to make it.
You use HTTPS without DNSSEC and DANE. Please use those first. It solves
a lot of your server validation issues. At least it allows your users'
On 08/11/13 20:10, Francisco Ruiz wrote:
Download it from
its source at https://passlok.site44.com (once you have it once, you
have it forever), look at it, run it, test it. Get its SHA256 hash from
its help page and check it. If you’re as paranoid as I am, you can watch
me reading that hash
On 30-07-13 09:56, Ali-Reza Anghaie wrote:
For obvious reasons we're in another spike of everyone should PGP
discussions - pretty much every direction you look. This always tugs
at the back of my mind - why not push S/MIME a bit more?
In my own experience the most common adoption problems
On 28-07-13 22:20, Patrick Mylund Nielsen wrote:
On Sun, Jul 28, 2013 at 1:03 PM, Yan Zhu y...@mit.edu
mailto:y...@mit.edu wrote:
It seems to be the browser extension http://convergence.io/ that
everyone talks about but nobody uses. For one, the original
repository isn't
On 25-07-13 19:14, Jonathan Wilkes wrote:
On 07/25/2013 07:14 AM, Mitar wrote:
Hi!
Some very good arguments *for* DRM on the web:
http://unitscale.com/mb/bomb-in-the-garden/
On the first pages,the author makes this point:
The web is good at making information free. Which he contradict in
On 10-07-13 00:57, h0ost wrote:
On 07/09/2013 06:25 PM, Petter Ericson wrote:
What are the steps for sending Bob a message using Cables?
This isn't rhetorical, I'd actually like to know what the steps are.
Roughly I think this is correct:
0. Download https://www.dee.su/liberte
1. Boot
On 02-07-13 05:51, Anthony Papillion wrote:
What is the most effective way to protect users against a compelled
fake certificate attack? Since any CA can issue any cert and any US
based CA could probably be compelled to issue a fake CA, how can we
protect against this?
My initial thought
On 02-07-13 17:32, coderman wrote:
On Tue, Jul 2, 2013 at 2:36 AM, Guido Witmond gu...@witmond.nl wrote:
...
Check
http://perspectives.project.org;
Transparency: http://www.certificate-transparency.org/;
or others.
...
Publish the sites' TLS certificate in DNSSEC with DANE. Or use the CAA
Yosem Companys:
Speaking of which...
If you had an extra $2-3K to give to a liberationtech or crypto project,
who do you think would benefit the most?
I would sponsor http://genode.org/ to bring their capability os to a
number of android capable devices.
What's lacking in current
On 01-07-13 23:01, Eleanor Saitta wrote:
On 2013.07.01 12.19, adrelanos wrote:
- you still have to tell the user you must download tool X before
you can download Y
This, of course, is a global problem everywhere. A secure channel
requires a shared secret, in this case between the
On 21-06-13 17:56, Michael Rogers wrote:
On 17/06/13 14:12, Rich Kulawiec wrote:
One more generic comment/observation: clearly, Usenet or a
Usenet-ish mechanism will run on a smartphone. But I'm not sure
that's a good idea. Given the existence of things like CarrierIQ,
the propensity of
On 14-06-13 21:22, Adam Back wrote:
Kind of old now (1997) but take a look at USENET eternity for a distributed
censor resistant web publishing system based on USENET, PGP and
hashes/committments. The documents could either by public, semi-private
(secret URLs) or secured. Content updateble only
On 15-06-13 00:30, Shava Nerad wrote:
Technically, it's the duty of the military to evaluate these scenarios
and act on the information *wisely*.
The original analysis read to me:
We face severe problems that might lead to civil unrest. We need more
population control, whatever the price.
warning: plugging my wares [1] (again).
On 12-06-13 10:05, Andrew Feinberg wrote:
What exists is godawful at worse and cumbersome at best.
For a cryptosystem to really, and I mean really become widespread enough
to make an impact, it needs to be designed and implemented in such a way
that a
On 12-06-13 19:21, John Adams wrote:
I like that you're promoting free and open tools, but your title is
misleading.
You offer people false hope here. By listing the tools and not listing
what level of security they offer, people will assume they can just
switch and be protected. This is one of
On 11-06-13 12:21, Eugen Leitl wrote:
On Mon, Jun 10, 2013 at 10:27:33PM +0200, Guido Witmond wrote:
The big deal is that now it's become impossible to believe the lies, and
that you [Americans] are forced to accept the truth.
Reality check: https://twitter.com/_nothingtohide
http
On 10-06-13 21:36, Jacob Appelbaum wrote:
Maxim Kammerer:
On Mon, Jun 10, 2013 at 12:01 PM, x zxhzh...@gmail.com wrote:
Occam's razor would give us the following is what has actually
happened in the past three days: a semi-clueless whistle blower
fed an overzealous journalist a low-quality
already use dropbox to synchronize their phone with their
PC. Combine that with a fingerprint scanner (and pincode) at the phone
to identify yourself to the phone and the loss/theft of the phone won't
mean the loss of data nor e-cash.
Respectfully, Guido Witmond
[1]. http://eccentric
On 14-05-13 18:08, Julian Oliver wrote:
..on Tue, May 14, 2013 at 11:04:11AM -0500, Andrés Leopoldo Pacheco Sanfuentes
wrote:
I understand that the Skype traffic IS encrypted. The problem is that
Skype itself (and now, Microsoft) holds the key, not the conversants..
Yes, this is correct.
root key.
Regards,
Guido Witmond.
[1] http://witmond.nl/eccentric-authentication/introduction.html
[2]
http://witmond.nl/blog/2012/10/22/announcing-eccentric-authentication.html
[3]
http://witmond.nl/blog/2012/10/22/the-worlds-most-private-dating-site.html
--
Too many emails? Unsubscribe
On 04/16/2013 03:25 AM, Nick M. Daly wrote:
Hi folks,
Apologies for abusing the word trust some more, but I don't know what
other word to use. Feedback would be lovely. Sorry for the cross-post.
Trust is earned, it can be given. It can never be forced.
So, one of the goals folks worked
On 03/21/2013 05:33 PM, Trevor Timm wrote:
Man, I really wish even if people are voting reply-all that you vote by
just replying to Yosef. This is spamming everyone's in box with dozens
of emails.
Doesn't it prove the point of reply-to-poster?
Guido.
--
Too many emails? Unsubscribe, change
On 03/21/2013 09:02 PM, Rich Kulawiec wrote:
True, but phishing is not currently a solvable problem anyway; it falls
into a class of problems that can't be solved no matter how much clever
technology is developed because all of that technology presumes that
end user systems are secure...and
to the rescue.
It's a bit longer than I expected but I hope it answers your questions.
Please let me know if it raises more questions.
with regards, Guido Witmond.
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your
-Root-certificate.
With Regards, Guido Witmond.
2:
http://witmond.nl/blog/2012/10/22/the-worlds-most-private-dating-site.html
(warning: old text)
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings
46 matches
Mail list logo