RE: PGP - when you care enough to send the very best!

[Morlock Elloi]

> Agreed. Which is why I pointed out that the encryption taking place
> under-the-hood tends to be a reasonable defense against a passive or
> less-resourced attacker while being frequently unsuitable against the

Whoever taps SMTP/POP3 bitstreams is hardly less-resourced. The only adversary
you need to worry about is the resourceful one. 


> decision. But that does not mean that no security benefits are to be had
> from opportunistic encryption of Internet traffic.

Any massive deployment of crypto is subvertible. I see no way around it - it's
like microsoft windows' vulnerabilities. To be safe, crypto needs to be
diverse, custom-made and manual. The brain cycles you spend when encrypting are
the only real defense.


> friend's nor my ISP to have ready access to the cleartext of that email.
> Fortunately, we had encrypted SMTP connections end-to-end, thus
> protecting the contents of the email from the ISP's, albeit perhaps not
> from the NSA.

Very few run their own SMTP. Your own SMTP on your own box is not much
different from PGP eudora plug-in autoencrypting. But you cannot use this
argument to preach benefits of under-the-hood crypto - when almost all internet
mail traffic uses ISP-owned SMTP servers.

> noticed that a good majority of the P2P efforts introduced at CODECON
> all included support for encryption as part of the protocol. The various

I predict that first attempt to apply this on the
gnutella/morpheus/kazaa/napster scale will lead to clampdown. Which is the
reason that no one did it. We don't want osama sending orders that way.




=
end
(of original message)

Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Re: PGP - when you care enough to send the very best!

[Ed Stone]

At 07:04 PM 5/26/02, you wrote:
>Stand alone cryptography is best.  I enjoy sealing my personal
>letters in an envelope.  I am uncomfortable entrusting that
>process to a third-party, or to the mailman.  I am similarly
>uncomfortable entrusting e-mail encryption to an embedded
>system and cached authentication systems.

And I prefer key generation when not online to a facility that may 
implement various operations like:

"The "Internet X.509 Certificate Request Message Format" Internet-draft
that defines certain functions between a Certificate Authority (such as
VeriSign) and the user's machine that generates the key pair, including
certain options for "Proof of Possession of Private Key" (POPOPrivKey)
during the online session to generate keys and obtain an X.509 S/MIME
certificate:
"POPOPrivKey ::= CHOICE {
 thisMessage   [0] BIT STRING,
 -- posession is proven in this message (which contains the private
 -- key itself (encrypted for the CA))"
  .. and ..
"PKIArchiveOptions ::= CHOICE {
 encryptedPrivKey [0] EncryptedKey,
 -- the actual value of the private key
 keyGenParameters [1] KeyGenParameters,
 -- parameters which allow the private key to be re-generated
 archiveRemGenPrivKey [2] BOOLEAN }
 -- set to TRUE if sender wishes receiver to archive the private
 -- key of a key pair which the receiver generates in response to
 -- this request; set to FALSE if no archival is desired."

RE: PGP - when you care enough to send the very best!

[jamesd]

--
> > noticed that a good majority of the P2P efforts introduced at 
> > CODECON all included support for encryption as part of the
> > protocol. The various

On 26 May 2002 at 19:24, Morlock Elloi wrote:
> I predict that first attempt to apply this on the 
> gnutella/morpheus/kazaa/napster scale will lead to clampdown.
> Which is the reason that no one did it. We don't want osama
> sending orders that way.

Osama Bin Laden can already send orders by PGP, or even S/MIME --
but fortunately he did not, perhaps for lack of comprehension.  No
one is cracking down on PGP or S/MIME.  A few assholes floated
some trial balloons, and spread some stories, but the Bush
administration, while selling out to everyone else, blew that one
off, perhaps figuring that if Bin Laden could not understand the
issue, neither would the critics.


--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 JRE12TCQDYazxvzqIJSv7a+TSPn3wVDa/nJwgkr2
 41luNgdnx0+kGF4wVVQyY+SpoJcWNsLOAIpXAgeiw

RE: PGP - when you care enough to send the very best!

[Lucky Green]

Curt Smith wrote:
> It is strange that crypto was a lot more popular back when 
> cryptography export was heavily controlled.  Many people 
> fought for their crypto rights, but cannot be bothered with 
> encrypted e-mail.  It is similar to securing the right to 
> vote and then declining to do so.

Acts that are potentially slightly illegal and certainly considered
naughty by some carry more appeal to many than acts that are
unquestionably as above board as they are boring. Once the export regs
changed and more advanced uses of cryptographic applications failed in
the market place, crypto lost some of its sex appeal to its initial
early-adopter rebel constituency.

> Lucky indicates that strong crypto has gone "under the hood" 
> and is now "mainstream" and "ubiquitous".  
> 
> This is not true.  There are countless e-mail and instant 
> messages sent as plaintext across networks, through wireless, 
> and over the Internet.

I believe our viewpoint coincide, rather than conflict. Crypto has gone
under the hood, it is used by anybody accessing an https website, which
nowadays is just about anybody with a web browser. Crypto is used by
many corporate employee's accessing the corporate VPN. It is the rare
Internet user, of which there are of course many more than there were
Cypherpunks got started, that does not employ strong crypto in some
fashion.

> Also "under-the-hood" is a risky place for crypto.  It may be 
> "patched" or "upgraded" right out of your system.  Or perhaps 
> "improved" to 40-bit for optimum performance.

Agreed. Which is why I pointed out that the encryption taking place
under-the-hood tends to be a reasonable defense against a passive or
less-resourced attacker while being frequently unsuitable against the
active, well-resourced attacker. Though I would contend that there are
more of the former than there are of the latter, I too continue to
utilize, as I pointed out, strong crypto that requires active user
interaction permitting the trust decision to occur. 

> Stand alone cryptography is best.  I enjoy sealing my 
> personal letters in an envelope.  I am uncomfortable 
> entrusting that process to a third-party, or to the mailman.  
> I am similarly uncomfortable entrusting e-mail encryption to 
> an embedded system and cached authentication systems.

I indeed consider passive encryption methods alone to be typically
insufficient for some of my personal security needs and am continuing to
utilize encryption that requires me as the user to make that trust
decision. But that does not mean that no security benefits are to be had
from opportunistic encryption of Internet traffic.

Example: the other day I sent an email to a friend that accidentally
failed to PGP encrypt. The email did not contain truly critical
information, but I certainly would have preferred for neither my
friend's nor my ISP to have ready access to the cleartext of that email.
Fortunately, we had encrypted SMTP connections end-to-end, thus
protecting the contents of the email from the ISP's, albeit perhaps not
from the NSA.

Lastly, allow me to address the issue raised that many IM protocols in
use today do not support crypto at this time. This is true, but I
noticed that a good majority of the P2P efforts introduced at CODECON
all included support for encryption as part of the protocol. The various
developers had read Applied Cryptography, understood a sufficient part
of it, and made provisions to design crypto into their protocols from
the beginning rather than as an adjunct to be thought about later. While
the details of the initial implementations were of varying quality, one
project began by using Blowfish in ECB mode until the developer realized
that he could see patterns in the ciphertext, but changing a protocol
during alpha testing to use a secure mode of a block cipher given that
the protocol already contains all the hooks for crypto, may be
considerably easier than gluing crypto onto some of the existing IM
system

Given the rapid changes in the P2P space, just because some IM and P2P
systems today fail to offer cryptographic protections should not be
taken as an indicator that these protocol's successors will not offer
transparent crypto as a default feature.

One such project that I have been somewhat following is the Anonymous
IRC project. While their design is far from perfect, it is one of many
steps into the right direction. http://www.invisiblenet.net/

There are dozens of similar projects underway, all employing crypto,
that may one day replace the prevalent IM clients as rapidly as Gnutella
and later Kazaa and Morpheus replaced Napster.

How does the increased use of strong crypto under-the-hood help
Cypherpunks? The answer reminds me of the response another Cypherpunk
gave to my posting statistics about the nature of the USENET traffic
seen by a major node. I expressed surprise at these rather revealing
statistics, musing that there had to be a lesson to be learned from the
fact that the bulk of