Re: Multiple Subkey Pairs

[Martin Behrendt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am 18.03.2014 19:34, schrieb Robert J. Hansen:
> (1) Given how many flat wrong things get printed in the newspaper, 
> believing this reporting may not be wise.
> 

While this in general is true, I really wonder why you say that in the
current context. Especially an article where the main facts are backed
up by quotes of officials.

> (2) Let's assume it's true.  The story only says it can record 100%
> of a foreign country's telephone calls for up to a month, not that
> it can store *all* telephone calls for an indefinite period of
> time.  There's still a lot of targeting that has to go on here.
> Claims of worldwide surveillance are still overblown.
> 
We were talking about mass surveillance on an internet-wide scale. Not
of a worldwide 100% surveillance.

> (3) The capability may exist, but the story never claims the system
> has been used.  We've had nuclear weapons sitting idle in their
> silos for decades: this capability may be the information
> equivalent of a nuke in a silo.
> 
"The voice interception program, called MYSTIC, began in 2009. Its
RETRO tool, short for “retrospective retrieval,” and related projects
reached full capacity against the first target nation in 2011.
Planning documents two years later anticipated similar operations
elsewhere."
All quotes from [1].

> (4) Your "yes, they used that system," I simply can't believe, not 
> without seeing supporting evidence.
> 
See above. Read the article. If you don't believe them ask them for
their source material.
"At the request of U.S. officials, The Washington Post is withholding
details that could be used to identify the country where the system is
being employed or other countries where its use was envisioned."

> My uncle, a Korean War veteran, tells me that at one point during
> the war U.S. troops reported they were witnessing tactical nuclear
> strikes. It turned out this was just the 16-inch guns of the
> _U.S.S. Iowa_ battleship.  Apparently, it's pretty easy to mistake
> a 16-inch shelling for a tactical nuclear strike.  The relevance to
> our present situation is this: just as it was very easy for troops
> to see mind-blowingly huge explosions and to conclude the war had
> just gone nuclear, it is very easy for us to look at fragmentary
> and often-inaccurate news media reports and leap to conclusions
> about "that system must exist and it must be in use!"
> 
I can't see how it is possible to compare a life threatening situation
of an combat situation under stress with reading and understanding a
newspaper report. But here are some more quotes from the article:

"A senior manager for the program compares it to a time machine"

"In a statement, Caitlin Hayden, spokeswoman for the National Security
Council, declined to comment on “specific alleged intelligence
activities.” Speaking generally, she said “new or emerging threats”
are “often hidden within the large and complex system of modern global
communications, and the United States must consequently collect
signals intelligence in bulk in certain circumstances in order to
identify these threats.”"

> Be careful.  Carefully separate out what you see from what cause
> you're ascribing to it.  If you see X, I'm willing to accept that
> you see X. But so far you seem to be leaping towards "... therefore
> Y!", and there I think you're on much weaker ground.
> 
Yes we were talking about logic and reason. And I told you why I
think, even without evidence my "therefore Y" is logically and reasonable.

> I never said we should not be aware of the possibility, nor have I
> ever said that such a thing cannot happen.
> 
> I said that we should not treat it as fact, because facts are
> things which can be proven, and so far there's no proof here.

No what you said was this:
>> sorry again, if we are speaking about the YYY, only metadata if 
>> recipient and sender are YYY citizens and if we believe what the 
>> agency says.
> 
> I cannot accept this assertion, as it is offered without either
> direct evidence or logically sound inferences.

And I argued why it is a logically sound inference.


[1]
http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEAREKAAYFAlMomrkACgkQ/6vdZgk46siirQCgpJgaTnZn1dW7UgIPStOus57U
cfgAn3mQXtElb8TSnlfVtOf2pKka0Wst
=zjJY
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple Subkey Pairs

[Robert J. Hansen]

Quoting Martin Behrendt :

Sorry if I sound cynical but the bogeyman says hallo [1]:


Strange: when my nephews were young they would also pass on messages  
from the Thing That Lived In The Closet.  (They never called it the  
bogeyman.  Just "That Thing That Lives In The Closet.")  Despite all  
the times I opened the closet to look for it, I was never able to find  
it.


Let's look at some of the problems here.

(1) Given how many flat wrong things get printed in the newspaper,  
believing this reporting may not be wise.


(2) Let's assume it's true.  The story only says it can record 100% of  
a foreign country's telephone calls for up to a month, not that it can  
store *all* telephone calls for an indefinite period of time.  There's  
still a lot of targeting that has to go on here.  Claims of worldwide  
surveillance are still overblown.


(3) The capability may exist, but the story never claims the system  
has been used.  We've had nuclear weapons sitting idle in their silos  
for decades: this capability may be the information equivalent of a  
nuke in a silo.


(4) Your "yes, they used that system," I simply can't believe, not  
without seeing supporting evidence.


My uncle, a Korean War veteran, tells me that at one point during the  
war U.S. troops reported they were witnessing tactical nuclear  
strikes.  It turned out this was just the 16-inch guns of the _U.S.S.  
Iowa_ battleship.  Apparently, it's pretty easy to mistake a 16-inch  
shelling for a tactical nuclear strike.  The relevance to our present  
situation is this: just as it was very easy for troops to see  
mind-blowingly huge explosions and to conclude the war had just gone  
nuclear, it is very easy for us to look at fragmentary and  
often-inaccurate news media reports and leap to conclusions about  
"that system must exist and it must be in use!"


Be careful.  Carefully separate out what you see from what cause  
you're ascribing to it.  If you see X, I'm willing to accept that you  
see X.  But so far you seem to be leaping towards "... therefore Y!",  
and there I think you're on much weaker ground.



And I don't don't know what it
takes, but if you still don't see logic and reason in taking the
assumption that there is a mass and wide-scale surveillance also of
also E-Mail content as fact, than again, I so would like to life in
your world.


I never said we should not be aware of the possibility, nor have I  
ever said that such a thing cannot happen.


I said that we should not treat it as fact, because facts are things  
which can be proven, and so far there's no proof here.


Anyway.  I've said my peace.  I'm done here.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple Subkey Pairs

[Martin Behrendt]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Am 18.03.2014 15:01, schrieb Robert J. Hansen:
> 
> My other position is that we have to be careful what we believe.
> In these times it's tempting to see shadows and jump at them,
> believing that we're seeing the bogeyman.  We have to resist this
> temptation.  In frightening times, we must pay special attention to
> logic and reason.
> 

Sorry if I sound cynical but the bogeyman says hallo [1]:

"The National Security Agency has built a surveillance system capable
of recording “100 percent” of a foreign country’s telephone calls,
enabling the agency to rewind and review conversations as long as a
month after they take place, [...]"

and yes, they used that system. So I 100% agree with you, we must pay
special attention to logic and reason. And I don't don't know what it
takes, but if you still don't see logic and reason in taking the
assumption that there is a mass and wide-scale surveillance also of
also E-Mail content as fact, than again, I so would like to life in
your world.

[1]
http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iEYEAREKAAYFAlMoiBQACgkQ/6vdZgk46sjINwCdFKLlS5PM2oFFbuqF7EJxPVOD
cBEAoLwwuW8dIhuMiiDlABtm2f76Vo4z
=9EEP
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg: sending command `SCD PASSWD' to agent failed: ec=6.55

[Tristan Santore]

Dear All,

Has anyone seen this before, when trying to change pins or enter pins ?

gpg: sending command `SCD PASSWD' to agent failed: ec=6.55

Package versions:
gnupg2-smime-2.0.22-1.fc20.x86_64
gnupg2-2.0.22-1.fc20.x86_64

After downgrading to another version from our builders, namely,
gnupg2-smime-2.0.21-1.fc20.x86_64 gnupg2-2.0.21-1.fc20.x86_64 this
problem is solved.

Do you want me to file this one on your bugzilla ? I would file it on
ours, but then our poor triage people get to it, then the package
maintainer and then it ends up with you anyway, so I may as well file it
directly. How can I assist you in providing you more output, so you can
debug it ? If, of course,  you want me to file this one.

Thank you.

Regards,

Tristan

-- 

Tristan Santore BSc MBCS
TS4523-RIPE
Network and Infrastructure Operations
InterNexusConnect
Mobile +44-78-55069812
tristan.sant...@internexusconnect.net

Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)

For Fedora related issues, please email me at:
tsant...@fedoraproject.org


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple Subkey Pairs

[Robert J. Hansen]

> I can't read that from Robert's mails.  IIRC, the main point here was
> that traffic analysis is a much more powerful tool than wholesale
> content analysis.

I am not in a position to know whether it is for a fact, but that agrees
with my understanding.

My other position is that we have to be careful what we believe.  In
these times it's tempting to see shadows and jump at them, believing
that we're seeing the bogeyman.  We have to resist this temptation.  In
frightening times, we must pay special attention to logic and reason.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Multiple Subkey Pairs

[Werner Koch]

On Mon, 17 Mar 2014 19:49, martin-gnupg-us...@dkyb.de said:

> think. Because your world seems to be the more righteous and calm place
> and I wish I didn't have to worry about the future of free societies as

I can't read that from Robert's mails.  IIRC, the main point here was
that traffic analysis is a much more powerful tool than wholesale
content analysis.  I am not able to decide this but from all what I know
the former has a incredible better cost-benefit ratio.  Rumors are the
NSA employs some mathematicians so that they might be able to do their
arithmetic.

This does not mean I neglect that mail and other content is regularly
scanned to find possible targets and what do I know.  Actually we now
that Google does this as well as Microsoft for Skype chats.

Given that keeping content secret is way easier than mitigating traffic
analysis, we need to be excellent in this craft before we are able to
widely deploy traffic analysis countermeasures.


Shalom-Salam,

   Werner


p.s.
Remember ENRON?  You may use all their internal mails to play which
traffic analysis tools .
IIRC, there was even a website to view the connection graphs
(enronscope?).

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users