CS: Pol-Big Brother is watching you
From: Richard Barrett, [EMAIL PROTECTED] ><< You have to pass the crypto keys by hand otherwise the >security falls over at that point anyway. If you phone or >email it, everyone can know it. >> > >If you use PGP, you generate a private key (which you keep) and a public key >(which you can freely email out to all and sundry). To decrypt a message, >you need both keys and a password. To send a message, you need to know the >public key of the person to whom you're sending the message (which the >recipient will make freely available also). Right. Public key cryptography is arguably the most important breakthrough in cryptography, ever, because it solves the problem of key distribution. The delicious irony is that while it solves that problem for the spooks, military and business, who would be stuffed without it, it also give thee and me the opportunity to resist intrusion into our private communications. "The Code Book" by Simon Singh has a decent layman's explanation of the issues. >No use for mass mailings, but fine for messages to few intended recipients. >PGP is free and also has other uses, e.g. secure, compressed storage on your >hard drive. > Not quite so. There is an add-on in alpha test for the open source Mailman mail list manager (http://www.list.org/) called MMreencrypt (http://sourceforge.net/projects/mmreencrypt/) which addresses this problem. Its description says: "MReencrypt is an add-on for Mailman. It allows reencrypting mailing lists for added security. Users post messages PGP- or GPG-encrypted to the list's public key. MMReencrypt decrypts them, then re-encrypts the message to each subscriber." Of course this is all fairly irrelevant if a given mailing list has subscription open to all; NCIS/GCHQ can subscribe like everybody else and supply their public key. But if membership of a list is restricted and new members "vetted" in some way before being added to the list it should work OK to make snooping off the wire more difficult. -- I was talking more in the realms of IPSec when I was talking about the distribution of crypto keys. If you have PGP already you don't need IPSec. Steve. Cybershooters website: http://www.cybershooters.org List admin: [EMAIL PROTECTED] ___ T O P I C A The Email You Want. http://www.topica.com/t/16 Newsletters, Tips and Discussions on Your Favorite Topics
CS: Pol-Big Brother is watching you
From: "Nik", [EMAIL PROTECTED] << You have to pass the crypto keys by hand otherwise the security falls over at that point anyway. If you phone or email it, everyone can know it. >> If you use PGP, you generate a private key (which you keep) and a public key (which you can freely email out to all and sundry). To decrypt a message, you need both keys and a password. To send a message, you need to know the public key of the person to whom you're sending the message (which the recipient will make freely available also). No use for mass mailings, but fine for messages to few intended recipients. PGP is free and also has other uses, e.g. secure, compressed storage on your hard drive. Nik Jones Llangollen, UK Cybershooters website: http://www.cybershooters.org List admin: [EMAIL PROTECTED] ___ T O P I C A The Email You Want. http://www.topica.com/t/16 Newsletters, Tips and Discussions on Your Favorite Topics
Re: CS: Pol-Big Brother is watching you
I meant "standard" as in Joe Blow goes into a shop and his PC has it on there, rather than an RFC which has been around for yonks, you're right. Microsoft tells me it won't ship with Win2K until next year at least, there is support for it in the DNS that ships with it though. I know there are ways to get crypto keys from a to b, I was thinking along the lines of the IPSec keys which as far as I know have to be manually input, so to know it you either have to send the IPSec key by some other means which can be detected, or use some other method of crypto which is unlikely as why bother with IPSec otherwise! Steve.
CS: Pol-Big Brother is watching you
From: "Alex Hamilton", [EMAIL PROTECTED] > Either sign up with an offshore ISP or encrypt or try > http://www.zixmail.com/ The problem is, Martyn, that encryption is a pain in the proverbial because the recipients of your emails have to know your code. However, let us have a discussion about the means of keeping messages confidential. What are the implications of signing up with an Offshore ISP and how does one go about it? Alex -- There are loads of them on the web. I think all of hotmail's servers are offshore, go to hotmail.com Encryption is not a pain. It depends on you using decent software, just like everything else. I don't use encryption because I don't have a need for it but it is very simple to set up. When IPv6 becomes standardised in a year or two, that has support for IPSec and you'll be able to encrypt everything quite easily. The thing you've got to remember is, if you're sending an email to a large distribution list, how does encryption help you? Not at all, because it is very easy to emulate one of those addresses or get on the list anyway. Encryption IMO is only of value for sending to a limited number of people. If you're sending to a large number of people, why bother, enough people will know anyway. You have to pass the crypto keys by hand otherwise the security falls over at that point anyway. If you phone or email it, everyone can know it. Steve. Cybershooters website: http://www.cybershooters.org List admin: [EMAIL PROTECTED] ___ T O P I C A The Email You Want. http://www.topica.com/t/16 Newsletters, Tips and Discussions on Your Favorite Topics
CS: Pol-Big Brother is watching you
From: "niel fagan", [EMAIL PROTECTED] As an industry watcher, not from the usual view-point though, it has been noted that BT/NTL etc are slowly killing off the smaller isp's so that control of the internet and the profits remain theirs, no doubt the security services will aid them as it means less equipment to maintain etc. Of course if they were to snatch (with warrants) our machines, who's to say what they will "apparently" find on our hard drives? They would have a problem with ours as I only use this (web) account for cybershooters and don't cache it either, and there is rather a lot of machines where I work that I could use for access 15-20k at last count plus cybercafe's, still I'll continue to send in the clear, as encryption is being seen as having something to hide these days. Niel. -- We use UUNET at work, although they have endless problems with their DNS. However they are a huge service provider. I have built a server running IPv6 but I haven't had a chance to try doing another one yet so I don't know if it works! Steve. Cybershooters website: http://www.cybershooters.org List admin: [EMAIL PROTECTED] ___ T O P I C A The Email You Want. http://www.topica.com/t/16 Newsletters, Tips and Discussions on Your Favorite Topics
CS: Pol-Big Brother is watching you
From: "Martyn", [EMAIL PROTECTED] To all cybershooters who worry about the RIP bill. Most ISP's will now have to comply to the law and fit e-mail interrogation "boxes" to their mail servers. This allows the security services, who's job it is to protect us from the nasty Johnny Foreigner, to read our emails directly rather than by interception via other means. I personally think that if you have an open forum such as the Cybershooters then you accept that anyone can read whatever you type, BUT if I send a personal note to a friend and I happen to mention a trigger word such as "had a great day with my new AR-15" I don't expect the rest of my life to come under scrutiny by the security services. As with the Banff storyline - could you imagine a "Sarah's Law" that published all the firearm owners names and address's, just in the interest of public safety. I wonder how many brave loveable rogues would come to burgle my armoury. Either sign up with an offshore ISP or encrypt or try http://www.zixmail.com/ Keep the faith [EMAIL PROTECTED] -- If the security services want to read my email then I have no doubt CID will appear on my doorstep with a search warrant and sieze my computer! That's what they did to Richard Law! Another candidate for being shot down by the ECHR is the RIP Act. Steve. Cybershooters website: http://www.cybershooters.org List admin: [EMAIL PROTECTED] ___ T O P I C A The Email You Want. http://www.topica.com/t/16 Newsletters, Tips and Discussions on Your Favorite Topics