Re: No, it is not.
On 4/27/11 4:19 PM, M.R. wrote: For most individuals who really *need* (as opposed to those that do it as a matter of ideology or principle) to protect their communication, the need to keep confidential who is communicating with whom is as important as is the protection of the content. I doubt this. For instance, my communications with my priest, stockbroker, doctor and lawyer all require the communications to be secret, but our identities and relationships are public. Likewise, if I were married I would have a serious need for privacy in my communications with my wife: but my wife's identity would be part of the public record. Likewise, when I place an order from Amazon I only want my credit card number to be secured. I really don't care if someone knows that I'm buying from them: they could discover that just from getting access to my credit card purchase history anyway. The list goes on and on. I doubt that most people who need confidentiality in their communications also need confidentiality in with whom they are communicating. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No, it is not.
Am Donnerstag, 28. April 2011, 14:49:30 schrieb Robert J. Hansen: On 4/27/11 4:19 PM, M.R. wrote: For most individuals who really *need* (as opposed to those that do it as a matter of ideology or principle) to protect their communication, the need to keep confidential who is communicating with whom is as important as is the protection of the content. I doubt that most people who need confidentiality in their communications also need confidentiality in with whom they are communicating. That's not what he wrote. My understanding of his argument is that with increasing need of reliability of encryption the need for hiding the communication partners increases. I would add that above a certain level of encryption security or connection hiding it probably becomes important to hide that you use this technology at all (at least if you don't do it just for fun). Unpleasant people might have wrong thoughts otherwise. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 signature.asc Description: This is a digitally signed message part. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No, it is not.
On 4/28/11 9:11 AM, Hauke Laging wrote: Am Donnerstag, 28. April 2011, 14:49:30 schrieb Robert J. Hansen: On 4/27/11 4:19 PM, M.R. wrote: For most individuals who really *need* (as opposed to those that do it as a matter of ideology or principle) to protect their communication, the need to keep confidential who is communicating with whom is as important as is the protection of the content. I doubt that most people who need confidentiality in their communications also need confidentiality in with whom they are communicating. That's not what he wrote. It's not? (My apologies to him if it's not.) I understood what he said as, for most individuals who need to protect their communication, keeping secret the identities of correspondents is as important as keeping secret the correspondence itself. I understand that point of view. I just think it's bogus. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keylogers
Mike Acker wrote (in part): this is the only way to certify a system: a running system cannot be used to certify itself. for those who don't understand this an old and common malware trick is to replace the directory list program. when the system owner types dir c:\windows\*.* the modified dir list program simply fails to report the presence of the malware programs, instead adding the space taken by the malware back into the reported free-space. the original dir program is hidden someplace on the c: drive and then reported on the dir list with its orignal directory info. if you dump the program out you get this back-up copy; but when you run it -- the bad copy runs. the system-- has had a bug purposely installed,-- one with produces INCOROUT (incorrect output) ,-- it has been pwn3d. I run Linux and I used to run the tripwire program to certify what ran on it. What it actually did was assume at some point that all your programs were valid, and compute some checksums of each one. Whenever you ran the test, it would make sure the checksums were still valid. http://sourceforge.net/projects/tripwire/ There were some serious problems, it seemed to me, with this. First of all, I would have to install everything from the distribution disks onto a blank machine, and trust the vendor to supply safe software. I thought Red Hat pretty good in this respect, but could not prove it. Trouble is that tripwire did not come with the distributions at that time, so I had to go on line to get it, and that would run the risk of getting my machine infected while I was on line. The second problem is that there are a lot of updates that come down as the system ages, and they all fail the tripwire testing. And how do I know that the downloaded updates are correct? These days, the updates come with checksums and sometimes have digital signatures, so they may be OK. But for every update, I have to reset the signature database, and that got to be so much trouble that I have not used tripwire in several years. There is SELINUX on my machine, but I have never enabled it. -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 09:20:01 up 12 days, 12:38, 3 users, load average: 5.00, 4.67, 4.68 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No, it is not.
On 28-04-2011 14:49, Robert J. Hansen wrote: Likewise, if I were married I would have a serious need for privacy in my communications with my wife: but my wife's identity would be part of the public record. Not when you're having an affair. Likewise, when I place an order from Amazon I only want my credit card number to be secured. I really don't care if someone knows that I'm buying from them: they could discover that just from getting access to my credit card purchase history anyway. However, I remember here a cese when a chemistry teacher got problems with the police because he ordered some books about explosives. You might be carefull who gets to see what you read. The list goes on and on. I doubt that most people who need confidentiality in their communications also need confidentiality in with whom they are communicating. I'm not so sure. Especially for human rights activists in, say, Syrie or Tibet, might not want the government to know when they are mailing with foreign journalists. -- Met vriendelijke groet, Johan Wevers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: No, it is not.
On 4/28/11 9:40 AM, Johan Wevers wrote: Likewise, if I were married I would have a serious need for privacy in my communications with my wife: but my wife's identity would be part of the public record. Not when you're having an affair. Err -- yes. Even if I'm having an affair, my wife's identity is part of the public record. Even if I'm having an affair I need confidentiality of communications with my wife, but not confidentiality of my wife's identity. (ObReminder: the preceding is a hypothetical. I am neither married nor having an affair.) The point being discussed is whether most people who need confidentiality in their messages also need confidentiality in the identities of their correspondents. I believe the evidence is lacking for this claim. There are certainly instances in which confidentiality of identity is important, but I never claimed otherwise: only that it seems dubious to me that *most* people who need confidentiality of messages also need confidentiality of identity. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Re: Keylogers
On 14:59, Robert J. Hansen wrote: On Wed, 27 Apr 2011 12:56:19 -0400, Mike Acker mike_ac...@charter.net wrote: This is why we need the Software Audit Tool I've discussed at times on various boards. The Software Audit Tool will need to be on a separate, read-only, bootable media such as a DVD. On boot-up it would mount the C: drive of the target system and then pull a software inventory. When complete this inventory would be audited, checking the data-time stamp and CRC of every executable software in the inventory. This would be checked against OEM specifications and system owner's noted. System Owners Notes should specify: what packages are supposed to be on this system. Already exists: a copy of md5deep and the forensics signature database will do it for you. Unfortunately, as people have learned, this technique doesn't actually work -- at least, not reliably. False positives abound all over the place. The problem is the signature db: it simply cannot work the way people think it should. Some system patches use data from the host system as part of the patch. (As an example, your processor ID might be used as a unique identifier somewhere within the code.) This means the updated executables will not have a reproducible hash: each machine will report a slightly different one. You can get around this somewhat with fuzzy hashing, but in the main this is an unresolved problem in computer forensics. You can easily tell when a file is known-good, but just because a file isn't on the known-good list doesn't mean it's bad -- and telling the bad apart from the good is a Herculean task. My next door neighbor (okay, so he lives a block away) is pretty big in the digital forensics community: if you like, I'd be happy to ask him about the latest research in this the next time we go out for beers (probably Monday, to celebrate his Sunday marathon). I had worked with Wolfgang Stiller's program on DOS systems earlier. and yes: it did create false positives. and it is easy to see how some practices in software distribution and maintenance will tend to create these false positives. in view of the need however it is and has been my feeling that this is a topic that needs to be pursued although I do not see is successful solution as probable without direct vendor support. particularly in the software inventory listings. we shoud recognize that this inventory process is most critical for the operating software itself: the software that is allowed to run in RING0. In a properly secured O/S an application program can't do any damage to its host O/S. with this in view we can take a limited approach to the project at the start and expand it to cover application software where vendors agree to sign on. at all times it will be important to keep the objective in mind: we want to certify the operating software on a selected computer system so that we can be assured that our Encryption Software -- PGP, HTTPS, S/FTP c -- will be successful. With that in mind, one element that will be needed it the System Owners Notes. e.g. VERIFY SYSTEM C:\ as Windows7, x64, Home Premium, SP1. Given cooperation from the OEM has provided a list of what we ought to find, and where, we should be able to certify the system. I would like to see MSFT convert their MSRT to perform this function. The OEM Inventory could be obtained safely from a download using an S/FTP connection. So this is what I see -- as the start. Notes (1) modifying a load module after compilation is considered extremely bad practice. if anyomne gets caught doing this during an install process they need to go to the shed. -- /MIKE signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OFF LIST - Your signed posts.
On 04/28/2011 11:12, Charly Avital wrote: Hi, signature verifies in all your signed posts composed in plain text. Signature does not verify in all your signed posts composed (apparently, as shown in the raw source) in HTML. Best regards, Charly MacOS 10.6.7-MacBook Intel C2Duo 2GHz-GnuPG 1.4.11-MacGPG 2.0.17 Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9 Enigmail 1.2a1pre (20110426-1757) thanks for the note i have PGP/MIME set ON so this should not happen (and HTML has to be MIMEd ) from your note it sounds like Thunderbird is sending BOTH .txt and .html formats. I would expect your e/mail client to selecvt one of these -- and either should verify -- which would mean the message has to carry two signatures we might see if anyone on the list has any info on this... -- /MIKE signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OFF LIST - Your signed posts.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Acker wrote: thanks for the note i have PGP/MIME set ON so this should not happen (and HTML has to be MIMEd ) from your note it sounds like Thunderbird is sending BOTH .txt and .html formats. I would expect your e/mail client to selecvt one of these -- and either should verify -- which would mean the message has to carry two signatures we might see if anyone on the list has any info on this... -- /MIKE ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users The only info I have, is this: Error - signature verification failed; click on 'Details' button for more information I am running Thunderbird 2.0.0.24 on Linux. It did come with this attachment that looks like a signature. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk25h+8ACgkQS/NNXDZDAccnJAD/Qeck95CG/1feZrnEILzWIMRt kbHn0zSl6mP5lyxW1ZoBAI8/ptcE0jXNH7lRCpnAmLoBXhKj4K0PnNdmBmbYpFqg =TcLe -END PGP SIGNATURE- - -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key: 9A2FC99A Registered Machine 241939. /( )\ Shrewsbury, New Jerseyhttp://counter.li.org ^^-^^ 11:50:01 up 12 days, 15:08, 3 users, load average: 4.66, 4.94, 4.84 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org/ iD8DBQFNuY3aPtu2XpovyZoRAmSBAKDBWkzI/54lgqBfKqIw/5QcipJhUgCeOER3 v3qKKYENi9B0EbC4REJaeQQ= =8HS6 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
nothing so dramatic
On 28/04/11 13:40, Johan Wevers wrote: I'm not so sure. Especially for human rights activists in, say, Syrie or Tibet, might not want the government to know when they are mailing with foreign journalists. Quite probably, but I do not consider myself qualified to comment on trials and tribulations of human rights activists in faraway lands, or, for that matter, on this continent. My concern is the result of a much more mundane set of circumstances. When legal pressure to decrypt is discussed, almost universally the issue becomes that of the right not to self-incriminate. Implicitly, it is assumed that the proceedings are part of some segment of the criminal law. However, it is not in the criminal but in the civil litigation that the courts can (and nowadays increasingly do) issue Subpoena Duces Tecum (production of evidence) for plain-text of one of the litigant's communications. No right not to self-incriminate applies in such case. Where the record exists (just for an-instance) in a monetary hefty divorce litigation that there was encrypted communication with a third party, reasonably suspected of interfering in the marriage, the request from the opposing side for such duces tecum would not be hard to obtain. But there has to be a reasonable expectation of relevance; i.e., encrypted communication with a specific and relevant individual. Without it, request would likely be treated as nothing but a fishing expedition and rejected. I can easily imagine similar cases where the other communicating party is not Alice (36-29-38) but Bob, your accountant or stockbroker. Mark R. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OFF LIST - Your signed posts.
Mike Acker wrote: thanks for the note i have PGP/MIME set ON so this should not happen (and HTML has to be MIMEd ) from your note it sounds like Thunderbird is sending BOTH .txt and .html formats. I would expect your e/mail client to selecvt one of these -- and either should verify -- which would mean the message has to carry two signatures we might see if anyone on the list has any info on this... Compose window: Options -- Format -- Plain and Rich (HTML) text Default behavior: main Window: Tools -- Options -- Composition -- Send Options -- Text Format -- John P. Clizbe Inet: John (a) Enigmail DAWT net FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or mailto:pgp-public-k...@gingerbear.net?subject=HELP Q:Just how do the residents of Haiku, Hawai'i hold conversations? A:An odd melody / island voices on the winds / surplus of vowels signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: nothing so dramatic
On 4/28/11 12:03 PM, M.R. wrote: However, it is not in the criminal but in the civil litigation that the courts can (and nowadays increasingly do) issue Subpoena Duces Tecum (production of evidence) for plain-text of one of the litigant's communications. This is at odds with my understanding of the Rules of Civil Procedure and the Constitution. Could I please get a cite to a case which establishes this as being correct? To my understanding of United States law, a subpoena can always be refused on Fifth Amendment grounds. If you have a reasonable fear that divulging a document in a civil suit will expose you to criminal charges, you *always* have the right to refuse on the grounds of self-incrimination, and that refusal may not be used against you in any way. IANAL: my only credential here is growing up around a federal judge who heard an awful lot of subpoenas and challenges to them. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: (was: OFF LIST) Your signed posts.
Mike Acker wrote the following on 4/28/11 11:29 AM: i have PGP/MIME set ON so this should not happen (and HTML has to be MIMEd ) from your note it sounds like Thunderbird is sending BOTH .txt and .html formats. I would expect your e/mail client to selecvt one of these -- and either should verify -- which would mean the message has to carry two signatures When I set manually Thunderbird to *display* in plain text, your signature verifies. I have set Thunderbird to *send* in plain text (converts to plain text if html is present). I always compose in plain text, but I guess that when quoting html formatted text, both formats are present. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Keylogers
- Message from Mike Acker mike_ac...@charter.net on Thu, 28 Apr 2011 10:49:13 -0400 - To: Robert J. Hansen r...@sixdemonbag.org cc: gnupg-users@gnupg.org, Faramir faramir...@gmail.com Subject: Re: Re: Keylogers On 14:59, Robert J. Hansen wrote: On Wed, 27 Apr 2011 12:56:19 -0400, Mike Acker mike_ac...@charter.net wrote: snip we shoud recognize that this inventory process is most critical for the operating software itself: the software that is allowed to run in RING0. In a properly secured O/S an application program can't do any damage to its host O/S. snip In a properly secured O/S an application program can't do any damage No damage, yes. But additional alterations can happen. Software installations alter the base O/S--especially the Windows registry. Keep in mind things such as Anti-virus software need to put in hooks to intercept normal/original processing to test files/programs. I've wondered how this same subject works with application whitelisting. Also, I believe device drivers still run in RING0 on Windows. Although I haven't heard/checked whether that's still true in Windows 7.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users