Re: Please unsubscribe me form your mailing list. Thank you.

[Caleb Coggeshall]

this woman is not marketing, she is asking to be taken off the mailing list
and simply happens to have a signature with her business information on it.

On Wed, Aug 24, 2016 at 6:42 AM, SUNNY <4got2...@gmail.com> wrote:

> Can we refrain from people marketing on this forum , I guess this is not a
> marketing forum , and these need to be blocked
>
> Sunny
>
> On Aug 24, 2016, at 07:37, "lynda.har...@sympatico.ca" <
> lynda.har...@sympatico.ca> wrote:
>
>
>
>   
> *Lynda Harlos*
> Home based travel agent
>
> Orion Travelinx
>
> Home office: 905-433-4267
>
> Text: 905-723-9210
>
> www.facebook.com/TravelAgent.LyndaHarlos
>
>
>
> Referrals are the best compliment!
>
> Any price/s quoted not guaranteed until payment is made
>
> To unsubscribe please reply with unsubscribe in subject line
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>


-- 
Caleb Coggeshall
UT
http://www.facebook.com/caleb.membrane
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: SSH hangs when using GPG2 + Yubikey on OS-X

[Ben Warren]

Hi,

Sorry it took so long to get back to you on this.  Today I installed gpg 
2.1.15, which contains your fix.  I haven’t seen SSH connections hang yet, but 
haven’t been using it long.

I did, however, see failure to use the card.  I initiated an SSH session, and 
it immediately prompted for the remote user password, indicating that the 
Yubikey was not authenticating.

I see this in the scdaemon log:

2016-08-24 16:29:29 scdaemon[67288] updating reader 0 (0) status: 
0x0007->0x (1->2)
2016-08-24 16:29:29 scdaemon[67288] DBG: Removal of a card: 0
2016-08-24 16:29:29 scdaemon[67288] DBG: application has been released
2016-08-24 16:29:29 scdaemon[67288] sending signal 31 to client 67281
2016-08-24 17:23:23 scdaemon[67288] handler for fd 9 started
2016-08-24 17:23:23 scdaemon[67288] DBG: enter: apdu_open_reader: portstr=(null)
2016-08-24 17:23:23 scdaemon[67288] detected reader 'Yubico Yubikey 4 
OTP+U2F+CCID'
2016-08-24 17:23:23 scdaemon[67288] reader slot 1: not connected
2016-08-24 17:23:23 scdaemon[67288] DBG: leave: apdu_open_reader => slot=1 
[pc/sc]
2016-08-24 17:23:23 scdaemon[67288] DBG: chan_9 -> OK GNU Privacy Guard's 
Smartcard server ready
2016-08-24 17:23:23 scdaemon[67288] DBG: chan_9 <- GETATTR $AUTHKEYID
2016-08-24 17:23:23 scdaemon[67288] DBG: enter: apdu_connect: slot=1
2016-08-24 17:23:23 scdaemon[67288] pcsc_connect failed: sharing violation 
(0x801b)
2016-08-24 17:23:23 scdaemon[67288] reader slot 1: not connected
2016-08-24 17:23:23 scdaemon[67288] DBG: leave: apdu_connect => sw=0x10006
2016-08-24 17:23:23 scdaemon[67288] DBG: Removal of a card: 0
2016-08-24 17:23:23 scdaemon[67288] DBG: chan_9 -> ERR 100696144 Operation not 
supported by device 
2016-08-24 17:23:26 scdaemon[67288] DBG: chan_9 <- BYE
2016-08-24 17:23:26 scdaemon[67288] DBG: chan_9 -> OK closing connection
2016-08-24 17:23:26 scdaemon[67288] handler for fd 9 terminated

Does the ‘pcsc_connect_failed’ message indicate that scdaemon is butting up 
against another smartcard handler running in OS-X?

regards,
Ben

> On Jul 19, 2016, at 7:57 PM, NIIBE Yutaka  wrote:
> 
> On 07/19/2016 05:54 PM, NIIBE Yutaka wrote:
>> On 07/19/2016 02:22 PM, Ben Warren wrote:
>>> We don’t see this issue when using a file-based key for SSH,
>>> although in that case we’re using ssh-agent, not gpg-agent.  I’ll
>>> try using a file-based GPG key, which will be closer to the failing
>>> configuration.
>> 
>> Are you using some other tools for Yubikey?
>> 
>> People sometimes do or write a script with
>> 
>>  gpg-connect-agent "SCD RESET" /bye
>> 
>> (to reset PIN auth state) but this only works well if we have a single
>> connection from gpg-agent to scdaemon.  Having ssh-sessions (with
>> forwarding), we have multiple connections from gpg-agent to scdaemon.
>> This could be a cause of troubles.
> 
> I think that the problem occurs when we do "SCD RESET" above or
> removal/insertion of token during the use of SSH.
> 
> It seems for me that OpenSSH client (7.2p2, in my case) keeps the
> connection to ssh-agent even if it doesn't use forwarding.  So, it is
> likely that we encounter this problem.
> 
> Today, I fixed this issue by:
> 
>   commit 1598a4476466822e7e9c757ac471089d3db4b545
> 
> Please try it out.
> -- 
> 
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



smime.p7s
Description: S/MIME cryptographic signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

OpenPGP.conf streamed?

[Anthony Papillion]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I just realized that OpenPGP.conf is coming up in less than a month.
Unfortunately, I won't be able to attend. Will anyone be streaming it
live? If not, will there be videos posted?

Thanks,
Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cajunt...@dukgo.com
VoIP/SIP:   17772471988...@in.callcentric.com



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXvjY0AAoJEAKK33RTsEsVEhMP/AjV7gpCCRgO6AEfDg+vox4B
dnHrdpRVw9SZgpWC033AexNW967h9dC/JrV51Go3ZHXTPs5diR/bBYOMhJUAype/
XFXlvLOxv4hPylVchkHGIjrRiQCtM/K7ux1ECm8mqB8LqFBO6Yl3ERTWeqO8Uu7Y
SNqXwUSI0ptEroMs4XJrNXA3eaR2+5TWLANjblbQT5QwX021vbtRw8DMs44Xcd4R
isAZ1oIDZJIGXMk5/w1qadvXVQ8hZ82TD1QqRzmdpKzyuTSliuBLkqiICW7qjmoN
1JvIPRD5Ru61GOKxkwPDhY7XeFvhSYqC3hkU3aQV8GpjtVR9NpNTFLqFaFuQnlKU
Sth/GUffIIJBD8U0dhH30h7/kPkw6F40tWyS9U2NGcyl5hS9NCHvcuaD3xfRKzOe
A+fjsMXcwnS7dTQNZaAJFvR5PjEsfFiPg3r9h0MtFrAH9A1Xv/IKPNK5mZVJEzNN
BUzgNbXzNTfW0Vozj8QZFCTpeTq6y6ZNVTFrd7QokAAkxwPTMCl4H7DQ7vAsTNKo
Kv8hyNombBFtAOz7H5ayNej8n1GziTzcRsakvsmPkSskIgVnimY5MQ9igrJ3ioNp
DDbh3AylLo9GsN0DgcgGcQdZ1joLp1N7EsmwWi7HiPoMg7/P6fpTPrtguejXR3H5
ivK08QxkWDeWJVzf0s4P
=VHOS
-END PGP SIGNATURE-

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Johan Wevers]

On 24-08-2016 16:27, Robert J. Hansen wrote:

> Ideally, because they present options that may work better than what we
> currently have.  Privacy absolutism -- the position that there is *no*
> justification for infringing on individual privacy, even in the case of
> serious crimes -- doesn't offer anything better than what we currently
> have.  In fact, many people would think it was a lot worse.

I probably misunderstood you. My position is that there is no compromise
possible in the ability of people to protect their privacy. If it can be
broken by passive technical means - bad implementation, weak password -
that's OK with me. If it requires active hacking - keyloggers or so -
that's not OK with me. If it requires pressuring people to give up their
privacy - fines or jail time when not revealing their password - then I
firmly oppose that.

> But if you're okay with technical attacks, you're not a privacy
> absolutist, either.  If your solution is targeted malware, remote
> exploits, Trojans, and the like, then you're permitting the government
> to do an awful lot to subvert privacy.

With technical attacks I meant more the like of cracking the crypto, not
active hacking of computers or other devices.

All said, I think our opinions are not that different. All I hope is
that the current situation in Europe does not get used as an excuse to
implement laws like the UK has, where not revealing passwords can get
you jail time. Fortunately with perfect forward secrecy in messengers
like Signal and Whatsapp even that becomes impossible, you can't even
decipher intercepted chats from the past because the keys don't exist
anymore.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Ben McGinnes]

On Wed, Aug 24, 2016 at 10:37:35AM -0400, Robert J. Hansen wrote:
>>
>> P.S.  We may be in the Second Crypto Wars, but the genie is out of
>>   the bottle, so that sense of "oh noes, the governments is
>>   coming for my cryptoes" just isn't there so much.
> 
> Yeah, which is why I find both sides of the privacy absolutist
> debate to be ... pretty much comically missing the point.

It's even more amusing if you've ever run the numbers on any country's
direct economic benefit from Internet commerce (which usually doesn't
count things like banking online).  I did for a white paper released
in 2009 during Australia's "clean feed" Internet censorship debate and
the figures were massive and growing at a ridiculous rate.

For any country with an equivalent GDP or larger (and most smaller),
mandatory backdooring of encryption is economic suicide.

> Tor, cgiproxy, GnuPG, Signal, and other such tools are out there and
> aren't going to go away.  All proposals to require backdoors are
> silly, because so long as just one nation has no such requirement
> those tools will continue to exist and development will continue
> pretty much without interruption.  So the "backdoor everything!"
> crowd is completely barmy.

Exactly.  Sometimes governments will produce some ridiculous things
which nearly become law, my own came precariously close to it a year
or two ago ... which is why one of the first things I added to any of
my commits for the GPGME stuff was a completed ITAR questionnaire.

So much confusion and FUD simply because the term "public domain"
means "no copyright/no license" to most civilians, but means "publicly
available" to DoD.

> But so too are the privacy absolutists who believe that law-enforcement
> is doing something morally wrong when they try to break Tor's anonymity
> in the pursuit of awful people.

Ah, but if they were true absolutists then they wouldn't need these
things because it would be absolutely sacrosanct.  ;)

> I find the current state of detente to be pretty good, actually.
> We're allowed to design the best systems we can, and governments are
> allowed to discover where we're not as clever as we think we are.
> If there's a flaw in Tor and the FBI uses it to pierce anonymity and
> go after a bad guy, I can get behind that.  Way to go, FBI, you did
> it right, now please hold on while we figure out how you did this
> and write a patch to keep you from doing it again.

Right.  Then there's the recent-ish revelation that SSL/TLS was doing
stupid things with sharing primes (maybe SSH was too), which was
almost certainly why all the NSA docs we've seen so far from Ed
Snowden kept referring to SSL as breakable and not so with GPG.

> I guess you could say my preferred solution to the crypto wars is to
> encourage an ongoing escalating crypto arms race.  It's crazy, but
> it seems to work.

It works because it accepts the reality that one side will keep trying
to take power and hoard it, while the rest of us instinctively reject
it (no matter how much we may or may not agree with those attempting
to seize that power).

It starts becoming a problem, however, when I'm viewed as an evil
bastard because I don't show enough loyalty to the United States by
objecting to the NSA reading everything I write no matter what it is
or who it is intended for.  Even though I'm not an American citizen,
or resident ... and the last time I was in America was 30 years ago
(30 years, this month actually).  Because really, that's just stupid,
but I've lost count of the times I've heard it.


Regards,
Ben



signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unsubscribe me please

[Reid Thompson]

you have to unsubscribe yourself.  the link to do so is at the bottom of
every email from the list



On Wed, 2016-08-24 at 12:44 -0400, lynda.har...@sympatico.ca wrote:
>  
> I have contacted you several times to unsubscribe me please.  
>  
>  
>  
>  
>   
> Lynda Harlos
> Home based travel agent
> Orion Travelinx
> Home office: 905-433-4267
> Text: 905-723-9210
> www.facebook.com/TravelAgent.LyndaHarlos 
>  
> Referrals are the best compliment!
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Wolf]

On , Robert J. Hansen wrote:
> >> 3.  If no, then how should we permit privacy tools to be
> >> circumvented?
> >
> > Do you honestly believe that this is really possible? That government
> > backdoor will stay available only to government and will not be
> > misused?
> 
> I never said I believed backdoors were an appropriate way to circumvent
> privacy tools.  I think backdoors are a terrible and inappropriate way
> to do it.
> 
> I completely agree that backdoors are a lousy idea.

Then I'm sorry, I've probably got you wrong. But I would be really
interested to know what is you proposed solution to this issue.

TV.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unsubscribe me please

[Pete Stephenson]

Hi Lynda,

Unfortunately, that's not how it works. Essentially all of us are just
users and can't unsubscribe you. Instead, your message was sent to the
entire mailing list.

Thankfully, the self-service process is straightforward: if you wish to
unsubscribe, just click the link at the bottom of every message sent to the
list and follow the directions to unsubscribe.

Cheers!
-Pete

On Aug 24, 2016 18:51, "lynda.har...@sympatico.ca" <
lynda.har...@sympatico.ca> wrote:

> I have contacted you several times to unsubscribe me please.
>
>
>
>   
> *Lynda Harlos*
> Home based travel agent
>
> Orion Travelinx
>
> Home office: 905-433-4267
>
> Text: 905-723-9210
>
> www.facebook.com/TravelAgent.LyndaHarlos
>
>
>
> Referrals are the best compliment!
>
> Any price/s quoted not guaranteed until payment is made
>
> To unsubscribe please reply with unsubscribe in subject line
> *---Original Message---*
>
> *From:* martin 
> *Date:* 8/24/2016 12:32:12 PM
> *To:* gnupg-users@gnupg.org
> *Subject:* Re: Attacks on encrypted communicxatiopn rising in Europe
>
> On 24/08/16 15:37, Robert J. Hansen wrote:
> > I find the current state of detente to be pretty good, actually.  We're
> > allowed to design the best systems we can, and governments are allowed
> > to discover where we're not as clever as we think we are.  If there's a
> > flaw in Tor and the FBI uses it to pierce anonymity and go after a bad
> > guy, I can get behind that.  Way to go, FBI, you did it right, now
> > please hold on while we figure out how you did this and write a patch to
> > keep you from doing it again.
> >
> > I guess you could say my preferred solution to the crypto wars is to
> > encourage an ongoing escalating crypto arms race.  It's crazy, but it
> > seems to work.
>
> For my €0.02 I think the above is mostly valid bar 2 small details:
>
> 1. Seldom we do find the FBI breaking security of anonymity tools. Only
> if a high profile case shows up or someone leaks it. I think it is even
> more rare for the FBI to outright disclose the vulnerability they used
> so it can be patched. I don't even know if the other 3 letter agencies
> do it.
>
> 2. Crypto arms race also implies stock piling vulnerabilities -
> something Bruce Schneier is very vocal about [1][2]. I think the answer
> here is to find a balance of some sort - i.e. keep vulnerabilities in
> rare cases for short periods of time and then disclose and patch them.
> However for that to work we need to trust the govt. to do the right
> thing. Which I think is pretty much the core issue that started this
> discussion.
>
> Regards,
> Martin
>
> [1] Hacking Team, Computer Vulnerabilities, and the NSA -
> https://www.schneier.com/blog/archives/2015/09/hacking_team_co.html
> [2] Disclosing vs. Hoarding Vulnerabilities -
> https://www.schneier.com/blog/archives/2014/05/disclosing_vs_h.html
>
>
> 
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
>
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
>
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Wolf]

On , Robert J. Hansen wrote:
> 3.  If no, then how should we permit privacy tools to be
> circumvented?

Do you honestly believe that this is really possible? That government
backdoor will stay available only to government and will not be
misused?

As an example I would raise issue of TSA accepted luggage locks. You
know, those locks that only TSA is supposed to have master key to
inspect for threats? The master key you can download from internet and
print on your 3d printed and open any TSA accepted lock with
it?

( 
https://en.wikipedia.org/wiki/Transportation_Security_Administration#Luggage_locks
 )

So in my eyes, when it comes to your question, we have only two
options, no privacy or absolute privacy. Or do you know of any way to
guarantee that government backdoor will not be made public and/or
misused?

Tomas Volf


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

>> 3.  If no, then how should we permit privacy tools to be
>> circumvented?
>
> Do you honestly believe that this is really possible? That government
> backdoor will stay available only to government and will not be
> misused?

I never said I believed backdoors were an appropriate way to circumvent
privacy tools.  I think backdoors are a terrible and inappropriate way
to do it.

I completely agree that backdoors are a lousy idea.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Unsubscribe me please

[Peter Lebbing]

On 24/08/16 18:44, lynda.har...@sympatico.ca wrote:
> I have contacted you several times to unsubscribe me please.  

Yet, the "you" you are contacting are not in the power to help you. It would be
strange if the subscribers of a public mailing list could unsubscribe other
subscribers.

Please follow the link at the bottom of *every* post you receive through the 
list:

> http://lists.gnupg.org/mailman/listinfo/gnupg-users

If you ever find yourself in this situation again, please look for some pointers
in the mail or on the web first, instead of posting such messages to the mailing
list. It is a bit disruptive.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Unsubscribe me please

[lynda.har...@sympatico.ca]

I have contacted you several times to unsubscribe me please.  

 
 
   
Lynda Harlos 
Home based travel agent
Orion Travelinx 
Home office: 905-433-4267 
Text: 905-723-9210
www.facebook.com/TravelAgent.LyndaHarlos 
 
Referrals are the best compliment! 
Any price/s quoted not guaranteed until payment is made 
To unsubscribe please reply with unsubscribe in subject line
---Original Message---
 
From: martin
Date: 8/24/2016 12:32:12 PM
To: gnupg-users@gnupg.org
Subject: Re: Attacks on encrypted communicxatiopn rising in Europe
 
On 24/08/16 15:37, Robert J. Hansen wrote:
> I find the current state of detente to be pretty good, actually.  We're
> allowed to design the best systems we can, and governments are allowed
> to discover where we're not as clever as we think we are.  If there's a
> flaw in Tor and the FBI uses it to pierce anonymity and go after a bad
> guy, I can get behind that.  Way to go, FBI, you did it right, now
> please hold on while we figure out how you did this and write a patch to
> keep you from doing it again.
>
> I guess you could say my preferred solution to the crypto wars is to
> encourage an ongoing escalating crypto arms race.  It's crazy, but it
> seems to work.
 
For my €0.02 I think the above is mostly valid bar 2 small details:
 
1. Seldom we do find the FBI breaking security of anonymity tools. Only
if a high profile case shows up or someone leaks it. I think it is even
more rare for the FBI to outright disclose the vulnerability they used
so it can be patched. I don't even know if the other 3 letter agencies
do it.
 
2. Crypto arms race also implies stock piling vulnerabilities -
something Bruce Schneier is very vocal about [1][2]. I think the answer
here is to find a balance of some sort - i.e. keep vulnerabilities in
rare cases for short periods of time and then disclose and patch them.
However for that to work we need to trust the govt. to do the right
thing. Which I think is pretty much the core issue that started this
discussion.
 
Regards,
Martin
 
[1] Hacking Team, Computer Vulnerabilities, and the NSA -
https://www.schneier.com/blog/archives/2015/09/hacking_team_co.html
[2] Disclosing vs. Hoarding Vulnerabilities -
https://www.schneier.com/blog/archives/2014/05/disclosing_vs_h.html
 
 

 
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
 
 ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[martin]

On 24/08/16 15:37, Robert J. Hansen wrote:
> I find the current state of detente to be pretty good, actually.  We're
> allowed to design the best systems we can, and governments are allowed
> to discover where we're not as clever as we think we are.  If there's a
> flaw in Tor and the FBI uses it to pierce anonymity and go after a bad
> guy, I can get behind that.  Way to go, FBI, you did it right, now
> please hold on while we figure out how you did this and write a patch to
> keep you from doing it again.
> 
> I guess you could say my preferred solution to the crypto wars is to
> encourage an ongoing escalating crypto arms race.  It's crazy, but it
> seems to work.

For my €0.02 I think the above is mostly valid bar 2 small details:

1. Seldom we do find the FBI breaking security of anonymity tools. Only
if a high profile case shows up or someone leaks it. I think it is even
more rare for the FBI to outright disclose the vulnerability they used
so it can be patched. I don't even know if the other 3 letter agencies
do it.

2. Crypto arms race also implies stock piling vulnerabilities -
something Bruce Schneier is very vocal about [1][2]. I think the answer
here is to find a balance of some sort - i.e. keep vulnerabilities in
rare cases for short periods of time and then disclose and patch them.
However for that to work we need to trust the govt. to do the right
thing. Which I think is pretty much the core issue that started this
discussion.

Regards,
Martin

[1] Hacking Team, Computer Vulnerabilities, and the NSA -
https://www.schneier.com/blog/archives/2015/09/hacking_team_co.html
[2] Disclosing vs. Hoarding Vulnerabilities -
https://www.schneier.com/blog/archives/2014/05/disclosing_vs_h.html



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Please unsubscribe me form your mailing list. Thank you.

[SUNNY]

Can we refrain from people marketing on this forum , I guess this is not a 
marketing forum , and these need to be blocked 

Sunny 

> On Aug 24, 2016, at 07:37, "lynda.har...@sympatico.ca" 
>  wrote:
> 
> 
>  
>  
>   
> Lynda Harlos
> Home based travel agent
> Orion Travelinx
> Home office: 905-433-4267
> Text: 905-723-9210
> www.facebook.com/TravelAgent.LyndaHarlos 
>  
> Referrals are the best compliment!
> Any price/s quoted not guaranteed until payment is made
> To unsubscribe please reply with unsubscribe in subject line
> ___
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

> P.S.  We may be in the Second Crypto Wars, but the genie is out of the
>   bottle, so that sense of "oh noes, the governments is coming for
>   my cryptoes" just isn't there so much.

Yeah, which is why I find both sides of the privacy absolutist debate to
be ... pretty much comically missing the point.

Tor, cgiproxy, GnuPG, Signal, and other such tools are out there and
aren't going to go away.  All proposals to require backdoors are silly,
because so long as just one nation has no such requirement those tools
will continue to exist and development will continue pretty much without
interruption.  So the "backdoor everything!" crowd is completely barmy.

But so too are the privacy absolutists who believe that law-enforcement
is doing something morally wrong when they try to break Tor's anonymity
in the pursuit of awful people.

I find the current state of detente to be pretty good, actually.  We're
allowed to design the best systems we can, and governments are allowed
to discover where we're not as clever as we think we are.  If there's a
flaw in Tor and the FBI uses it to pierce anonymity and go after a bad
guy, I can get behind that.  Way to go, FBI, you did it right, now
please hold on while we figure out how you did this and write a patch to
keep you from doing it again.

I guess you could say my preferred solution to the crypto wars is to
encourage an ongoing escalating crypto arms race.  It's crazy, but it
seems to work.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

> Why would we listen to anyone for that matter?

Ideally, because they present options that may work better than what we
currently have.  Privacy absolutism -- the position that there is *no*
justification for infringing on individual privacy, even in the case of
serious crimes -- doesn't offer anything better than what we currently
have.  In fact, many people would think it was a lot worse.

> until he talks"). In hindsight it was a bit ill-formatted to put it
> between the methods I did agree with. I'm OK with technical attacks, I
> am firmly against obligations to talk or pressuring people to talk with
> torture, prison terms or fines.

Okay, I can understand speaking glibly: thank you for clarifying you're
opposed to that.

But if you're okay with technical attacks, you're not a privacy
absolutist, either.  If your solution is targeted malware, remote
exploits, Trojans, and the like, then you're permitting the government
to do an awful lot to subvert privacy.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Ben McGinnes]

On Wed, Aug 24, 2016 at 08:41:33AM +0200, Werner Koch wrote:
> On Tue, 23 Aug 2016 21:37, joh...@vulcan.xs4all.nl said:
> 
> > (German), the German and French government are attacking the right to
> > encrypt communication of their serfs. Also because of their violent
> 
> Despite their common declaration to do something against the "evil" of
> encryption, the French and the German texts of that declaration differ!
> The German version does not ask for laws to introduced backdoors or key
> escrow.  See the (German) article at Netzpolitik [1].

Ah-ha, I had wondered whether or not anything was being lost in
translation here, with my main questions given the French focus being
along the lines of, "when is the next election in France?" and, "how
much does the current government have to claw their way back since the
dreadful attacks recently?"

There's an old maxim: all politics is local.

With France and Germany together that's been effectively local since
Dagobert got skewered in a darkened wood (i.e. approx. 12 or 13
centuries).

> The German minister of the interior pushes for a federal agency as a
> central organization to develop and deploy the "federal trojan".  What
> they want are _targeted_ attacks on confidential communication.  They
> know very well that backdoors, as requested by the French, are a bad
> idea.

Good, so that just leaves the French politicians to be convinced and
that's easy.  At least it is if they like having a banking and
financial sector of their economy.  They can have that *or* they can
have backdoors in encryption, but not both.

Here's another old maxim: money talks.


Regards,
Ben

P.S.  We may be in the Second Crypto Wars, but the genie is out of the
  bottle, so that sense of "oh noes, the governments is coming for
  my cryptoes" just isn't there so much.




signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

> He is of course not advocating torture, he's merely listing possible
> exploits, referencing to xkcd #538.

My question was, "How should we permit privacy tools to be
circumvented?"  His answer was, "You can try - someone might have used a
weak password, wrote it down somewhere or made another mistake. Or can
be pressured into telling it (the famous $5 wrench comes to mind here)."

If I ask "how should we permit privacy tools to be circumvented?" and
someone's answer is "Pressure them.  A wrench comes to mind," well...
I've received an answer to how the person believes governments should be
permitted to obtain secrets.  It's not a very good one.

> It's very difficult for me not to consider you a troll if you keep
> using these cheap rhetorical tricks.

Consider me what you will.  Couldn't care less, myself.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Johan Wevers]

On 24-08-2016 15:17, Robert J. Hansen wrote:

>>> 2.  If yes, why should we listen to you?
>>
>> The child porn excuse is used too often...
> 
> But this doesn't answer my question.
> 
> Why should we listen to a privacy absolutist?

Why would we listen to anyone for that matter?

>> You can try - someone might have used a weak password, wrote it down
>> somewhere or made another mistake. Or can be pressured into telling it
>> (the famous $5 wrench comes to mind here).
> 
> Wait, wait, wait.
> 
> You're opposed to *any* kind of privacy circumvention... but you're okay
> with torture?

No I'm not, it was only an example that current western governments are
considering (however, they are applying the more moderate "lock him up
until he talks"). In hindsight it was a bit ill-formatted to put it
between the methods I did agree with. I'm OK with technical attacks, I
am firmly against obligations to talk or pressuring people to talk with
torture, prison terms or fines.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

> Then let me ask you how "I have supported strong, non-backdoored
> privacy tools" doesn't clash with:
> 
>>3.  If no, then how should we permit privacy tools to be
>>circumvented?

Simple: I wasn't presenting my own views, I was asking Johan for his.
Where's the contradiction?

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Francesco Ariis]

On Wed, Aug 24, 2016 at 09:17:19AM -0400, Robert J. Hansen wrote:
> > You can try - someone might have used a weak password, wrote it down
> > somewhere or made another mistake. Or can be pressured into telling it
> > (the famous $5 wrench comes to mind here).
> 
> Wait, wait, wait.
> 
> You're opposed to *any* kind of privacy circumvention... but you're okay
> with torture?  You're seriously advocating "swing a wrench at this guy's
> knees and make him talk" as an alternative to any kind of circumvention
> of a privacy technology?
> 
> Johan, your position is morally incoherent.

He is of course not advocating torture, he's merely listing possible
exploits, referencing to xkcd #538.
It's very difficult for me not to consider you a troll if you keep
using these cheap rhetorical tricks.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

>>  1.  Are you a privacy absolutist?
> 
> Yes.

Thank you for being clear on that.

>>  2.  If yes, why should we listen to you?
> 
> The child porn excuse is used too often...

But this doesn't answer my question.

Why should we listen to a privacy absolutist?

> You can try - someone might have used a weak password, wrote it down
> somewhere or made another mistake. Or can be pressured into telling it
> (the famous $5 wrench comes to mind here).

Wait, wait, wait.

You're opposed to *any* kind of privacy circumvention... but you're okay
with torture?  You're seriously advocating "swing a wrench at this guy's
knees and make him talk" as an alternative to any kind of circumvention
of a privacy technology?

Johan, your position is morally incoherent.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[NdK]

Il 24/08/2016 14:11, Francesco Ariis ha scritto:

> @Johan Wevers: you might or might not be aware, but what you describe
> is the "Four Horseman of the Infocalypse" [1].
Instead of stupid backdoors, couldn't legislators simply say that if
encryption is used to try to hide a crime (that still have to be proven
by *other* means!) then it's like having used a gun in a robbery?
That would simpli make something wrong even worst, but allow for
rightful use of crypto.
Sure, it's way easier to outlaw any non-approved crypto, but then
outlaws will use strong crypto nevertheless...

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Please unsubscribe me form your mailing list. Thank you.

[lynda.har...@sympatico.ca]

 
 
   
Lynda Harlos 
Home based travel agent
Orion Travelinx 
Home office: 905-433-4267 
Text: 905-723-9210
www.facebook.com/TravelAgent.LyndaHarlos 
 
Referrals are the best compliment! 
Any price/s quoted not guaranteed until payment is made 
To unsubscribe please reply with unsubscribe in subject line___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Francesco Ariis]

On Wed, Aug 24, 2016 at 04:42:34AM -0400, Robert J. Hansen wrote:
> I'd shrug and point to my many public statements where I've supported
> strong, non-backdoored privacy tools.  If someone wants to accuse me of
> being a government absolutist, that's on them.

Then let me ask you how "I have supported strong, non-backdoored
privacy tools" doesn't clash with:

>3.  If no, then how should we permit privacy tools to be
>circumvented?

@Johan Wevers: you might or might not be aware, but what you describe
is the "Four Horseman of the Infocalypse" [1].

[1] https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Johan Wevers]

On 24-08-2016 8:41, Werner Koch wrote:

> Whether the current German rules on when and how constitutional rights
> on privacy can lawfully be suspended are still in compliance with the
> constitution is a different question.

They can try the French method: declare the state of emergency after
some terrorist attack. German prime minister Merkel faces already stern
opposition because of here views on immigration so it might suit her well.

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Johan Wevers]

On 24-08-2016 4:26, Robert J. Hansen wrote:

>   1.  Are you a privacy absolutist?

Yes.

>   2.  If yes, why should we listen to you?

The child porn excuse is used too often. The terrorism card is also
played often (not that it would help much against that as all known
exmples show). And then comes the drugs excuse (where it might work but
that's where a lot of people start to think "so what?"). And then come
the tax evaders ("you pay more because he hides his administration").

Eventually you land in the situation you have in the USA, where people
are being investigated because they have unwanted political opinions or
oppose those in power like Clinton, or the situation in Turkey where
people get jailed for supporting a competitor of the current sultan.

Point is, the government can't be trusted. And even if you trusts
today's one, tomorrows one might be another thing.

>   3.  If no, then how should we permit privacy tools to be
>   circumvented?

You can try - someone might have used a weak password, wrote it down
somewhere or made another mistake. Or can be pressured into telling it
(the famous $5 wrench comes to mind here). But that's all you got. And
the child pornographers will still use decent encryption because in any
sane country the penalty for child abuse is higher than the penalty
would be for refusing to decrypt. Unless you want to change that, the
child abusers (or even those who only download other's pictures)will
still use encryption, but everyone else is at risk. Not to mention
terrorists who do use encryption: if you're going to die anyway, why
would they care?

-- 
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Attacks on encrypted communicxatiopn rising in Europe

[Robert J. Hansen]

> ("privacy absolutist" is political framing 101 -- would you
> feel fairly treated if I described your views on the matter as, say,
> "government absolutist"?)

I'd shrug and point to my many public statements where I've supported
strong, non-backdoored privacy tools.  If someone wants to accuse me of
being a government absolutist, that's on them.

> is bound to get pretty flamish pretty soon.

Once it becomes such it'll be time to stop.  Until then, the discussion
can be quite useful.

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users