Dear all
After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself conform to US laws upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure of govermental authorities. It would be the
- Forwarded message from James A. Donald jam...@echeque.com -
Date: Fri, 11 Oct 2013 07:41:56 +1000
From: James A. Donald jam...@echeque.com
To: cypherpu...@cpunks.org, Giles Coochey gi...@coochey.net
Subject: Re: [pfSense] Can pfSense be considered trusted? What implementations
of VPNs
- Forwarded message from James A. Donald jam...@echeque.com -
Date: Fri, 11 Oct 2013 07:53:02 +1000
From: James A. Donald jam...@echeque.com
To: cypherpu...@cpunks.org, li...@pingle.org
Subject: Re: [pfSense] Crypto/RNG Suggestions
Message-ID: 525721be.3050...@echeque.com
User-Agent:
There is a smoking gun on one of random number generators.
There is strong circumstantial evidence, reason for suspicion, on
suggested Suite B.
AES and SHA look to be fine, but using them gives the appearance to end
users that you might be playing footsie with NIST. Cryptographer Jon
Excellent idea. Really. But that would kill the project probably.
Regards,
On Fri, 11 Oct 2013 11:57:52 +0200
Adrian Zaugg a...@ente.limmat.ch wrote:
(...)
mind that pfsense web GUI could declare itself conform to US laws
(...) It would be the sign for the users
Regards, Adrian.
--
Probably would not work (or would get whoever did that thrown in jail).
This is similar to a Warrant Canary, but the USDoJ has indicated that
Warrant Canaries would probably be grounds for prosecution of violation of
the non-disclosure order.
- Y
On Friday, October 11, 2013, Adrian Zaugg wrote:
On 11-10-2013 11:57, Adrian Zaugg wrote:
Dear all
After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself conform to US laws upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure
On 11-10-2013 11:57, Adrian Zaugg wrote:
Dear all
After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself conform to US laws upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure
On 10/11/2013 06:23 AM, James A. Donald wrote:
There is a smoking gun on one of random number generators.
There is strong circumstantial evidence, reason for suspicion, on
suggested Suite B.
AES and SHA look to be fine, but using them gives the appearance to
end users that you might be
On 11/10/13 2:37 pm, Seth Mos wrote:
And which country would that be? I mean the Brittish MI4? tapped the
Belgian telecom network for over a year to listen into the EU politicians...
Who is this MI4 of whom you speak? :-)
In very broad terms, UK to USA equivalents would be as follows:
GCHQ =
On Fri, Oct 11, 2013 at 12:23 AM, James A. Donald jam...@echeque.comwrote:
There is a smoking gun on one of random number generators.
There is strong circumstantial evidence, reason for suspicion, on
suggested Suite B.
AES and SHA look to be fine, but using them gives the appearance to end
On 2013-10-11 16:37, Seth Mos wrote:
On 11-10-2013 11:57, Adrian Zaugg wrote:
Dear all
After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself conform to US laws upon
the point when there are known backdoors included or otherwise the
On 2013-10-11 13:54, Przemysław Pawełczyk wrote:
On Fri, 11 Oct 2013 11:57:52 +0200
Adrian Zaugg a...@ente.limmat.ch wrote:
(...)
mind that pfsense web GUI could declare itself conform to US laws
(...) It would be the sign for the users
Regards, Adrian.
Excellent idea. Really. But that
On 2013-10-11 12:57, Adrian Zaugg wrote:
After having read the whole NSA thread on this list, it came up to my
mind that pfsense web GUI could declare itself conform to US laws upon
the point when there are known backdoors included or otherwise the code
was compromised on pressure of govermental
On 2013-10-11 16:20, Yehuda Katz wrote:
Probably would not work (or would get whoever did that thrown in
jail). This is similar to a Warrant Canary, but the USDoJ has
indicated that Warrant Canaries would probably be grounds for
prosecution of violation of the non-disclosure order.
- Y
On
As I see it, there are are two things that can happen here
1) NSA breaks into pfSense without knowledge of the staff = The only
solution is source code and binary review. This is not an option for people
like Thinker Rix or other non coders. The mostly spot for this to happen is
upstream from the
Who would you trust more that ESF? Why,specifically, would you trust
another group of people to be more trustworthy? I admit to have a USA bias,
but for the issue in question, I don't there being a much better choice.
The UK has less freedoms in this matter. But then this is turning into a
case of
On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix thinke...@rocketmail.comwrote:
Probably would not work (or would get whoever did that thrown in jail).
This is similar to a Warrant Canary, but the USDoJ has indicated that
Warrant Canaries would probably be grounds for prosecution of violation of
On 2013-10-11 21:20, Walter Parker wrote:
Who would you trust more that ESF? Why,specifically, would you trust
another group of people to be more trustworthy?
The point is not untrusting ESF or anybody else. The point is that ESF
is based in the USA, a country where the current government can
Yes, you have been informed correctly. There are more than 2. According the
World Atlas (http://www.worldatlas.com/nations.htm#.UlhOHVFDsnY) the number
is someone between 189 and 196.
But you did not answer the question asked: Name the country that you would
move the project to and why you
On 10/11/13 8:20 PM, Walter Parker wrote:
Unless, of course, you are willing to contribute time and money to
fixing this issue. Otherwise this just an armchair general telling other
people how to run the project.
I don't think it is a problem to find a sponsered hosting here in
Switzerland
Don't be too sure about Switzerland...
https://www.schneier.com/blog/archives/2008/01/nsa_backdoors_i.html
Which talks about a story that was in the German papers in the late 90's..
For half a century, Crypto AG, a Swiss company located in Zug, has sold to
more than 100 countries the encryption
This story is about a private company and about technology. We talk
about the legal situation. And btw. it is a criminal act to eavesdrop
and to hack into other's systems under Swiss law.
Regards, Adrian.
On 10/11/13 9:54 PM, Walter Parker wrote:
Don't be too sure about Switzerland...
Hi,
I just tried it on an VMware based NanoBSD Version and it allways
happens and it is not Memory based, because the VM has 1GB.
I'm not a FreeBSD expert, but /dev/md's are MemDiscs right?
Is there a reason why only 60MB (/var) and 40MB(/tmp/) are used?
and are where are possibilities to change
On Fri, Oct 11, 2013 at 2:58 PM, Jens Kühnel pfse...@jens.kuehnel.orgwrote:
and are where are possibilities to change that? It's not in the fstab!
/etc/rc.embedded
___
List mailing list
List@lists.pfsense.org
On 10/11/13 2:13 PM, Walter Parker wrote:
As I see it, there are are two things that can happen here
Not yelling at Walter.
The problem with all of this is that as long as our Congress (and the
equivalent in other countries) passes laws that allow such backdoors
with a threat of jail if you
On 10/11/2013 4:58 PM, Jens Kühnel wrote:
I'm not a FreeBSD expert, but /dev/md's are MemDiscs right?
Is there a reason why only 60MB (/var) and 40MB(/tmp/) are used?
and are where are possibilities to change that? It's not in the fstab!
They are that small because ALIX is the usual NanoBSD
On Fri, Oct 11, 2013 at 3:25 PM, Jim Pingle li...@pingle.org wrote:
On 2.1 you can adjust the /var and /tmp sizes under System Advanced on
the Miscellaneous tab.
Right! I had forgot about that.
So following the original topic, could one more probably ensure a
successful upgrade to 2.1 by
On 13-10-11 04:25 PM, Jim Pingle wrote:
They are that small because ALIX is the usual NanoBSD target and it only
has 256MB of RAM so it's a safe low default. NanoBSD wasn't originally
intended to run on device with gobs of RAM, but times are a-changin' and
before long all of the viable new
So, if I have an ALIX that I would like to upgrade, how much would I have
to increase /tmp and /var by to have the upgrade run to completion without
filling the partitions?
Walter
On Fri, Oct 11, 2013 at 2:25 PM, Jim Pingle li...@pingle.org wrote:
On 10/11/2013 4:58 PM, Jens Kühnel wrote:
Hi,
I’ve tried the assign interfaces option at the command line, and the Web
Configurator, but neither option in 2.1 recognized the tun0 interface (which is
up) as a valid interface for assignment.
How can I make this happen?
Robert
___
List mailing
On Fri, Oct 11, 2013 at 11:13 AM, Walter Parker walt...@gmail.com wrote:
2) NSA forces pfSense to put a backdoor in the software. Tells pfSense to
be quite about it.
The problem with doing that to open source is that it's easy to verify that
it happened (especially after someone provides an
Thank you for the final word Jim.
I have a real issue brought up by this thread; Gmail now considers a
significant amount of the list.pfSense.org mail spam, and this thread (and
a few others) was just that.
I'd complain more but others told Thinker exactly what I would say and he
doesn't care.
I second nixing the thread. pfSense does not benefit from this.
Mehma
On Oct 11, 2013, at 3:40 PM, Jim Thompson j...@netgate.com wrote:
On Oct 11, 2013, at 12:39, Thinker Rix thinke...@rocketmail.com wrote:
Again: The real threat by my comprehension is not some guy in the internet
Hi,
On 2.1 you can adjust the /var and /tmp sizes under System
Advanced on the Miscellaneous tab.
Right! I had forgot about that.
and would not help because it is needed to be done before (or during)
the upgrade.
So following the original topic, could one more probably ensure a
35 matches
Mail list logo