Re: Fwd: It's time for PGP to die.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 18 August 2014 at 7:11:57 PM, in mid:53f241ed.4050...@sixdemonbag.org, Robert J. Hansen wrote: If you're a witness to a crime, you can be compelled to testify about what you see. Yes, but they can't make you remember accurately what you saw, or tell you what to say. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net Amateurs built the ark. Professionals built the Titanic. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlPznQhXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pTuoD/RAU5zkY+d60HJlTpLtQAW4NS4FB2KhlNGzP srzm8iRsfPDH1K9jabFaxq/llGrlBK7DOPmGddMwe9ty4FXvW0Mep5YOo/0ubnUk 6pX3822P7pFCKCMNcGAuV+SKIUr/EBxrEUM2NNV00efqiyiukqKtVppMFDc1qEdG Ljoz7ig6 =9q7P -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 10:43:49PM -0400, Robert J. Hansen wrote: On 8/18/2014 9:32 PM, Bob Holtzman wrote: There are quite a few ways police and prosecutors can coerce a suspect to hand over his encryption key(s). Your examples which involve coercion are illegal, and the ones that are legal do not involve coercion. Dangling the prospect of a lighter sentence under the poor bugger's nose Not coercion. Prosecutor: We know you have an encrypted drive partition with a lot of child porn on it. Give up your passphrase and we'll reduce it to ten counts of possession and drop the intent to distribute, and we won't object to sentences running concurrently. Which, of course, carries the implied threat of not reducing it to ten counts and objecting to concurrency if he doesn't come across with the keys. Not coercion? Defendant: ... that sounds really good. Or, alternately, imagine the defendant is innocent of the charge: Defendant: I can't accept that deal. I'm innocent of that. (True: if you're innocent of the charge, you're not allowed to plead guilty to it. You might be able to talk the judge into accepting an Alford, but it'd be an uphill battle.) ...and if the prosecutor is hungry for another conviction to aid in his political ambitions it's Katy bar the door and the hell with the truth. BTW what's an Alford? Or, alternately, imagine the defendant is guilty, but only of eight counts of possession: Defendant: No deal. I'll take my risks in court. Good luck producing these 'thousands of images' you're talking about. or conversely, threatening to come down hard, perhaps going for a death penalty. Grossly illegal, in violation of the canons of legal ethics, So is hiding exculpatory evidence. Of course prosecutors would never do such a thing, right?right? and wil get an attorney disbarred. If caught. Some were caught and are still practicing. It made the papers. http://usatoday30.usatoday.com/news/washington/judicial/2010-09-22-federal-prosecutors-reform_N.htm http://reason.com/archives/2009/08/17/innocent-man-freed-but-shabby There are a bunch more. Don't confuse Law Order re-runs with real life. Give me some credit, pal. The DA is allowed to threaten prosecution of only those crimes the DA reasonably believes a person violated, and the DA is expressly forbidden from using the threat of the death penalty to persuade someone to taking a lesser sentence. What should be and what is isn't always the same. The surrender of a suspect's keys would be voluntary and therefore constitutional. In your first example yes, in your second example no. Don't get me wrong: prosecutors have a lot of power, and I personally believe they have too much power with too little accountability. However, it's not a de-facto state of tyranny, either. Of course not. Some prosecutors are real, live, human beings with consciences. Others...pregnant pause As always, my best advice for people facing legal problems is shut up and get a lawyer. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
Not coercion? Nope. That's a trade. Passphrase coercion is like so: you will produce the passphrase, or you will sit in jail until you decide to produce the passphrase, and we're just fine if you sit in there the rest of your natural life, and once we get the passphrase then we'll decide whether we want to prosecute you further, and if we do then your time sitting in jail while deciding to cough up the passphrase won't count against whatever prison term you ultimately get. What the prosecutor is offering there is, you will plead guilty to lesser charges, but I'm only willing to do this if you're willing to show me the full extent of your illegal activities, so cough up the passphrase so I can verify it for myself. When you're facing coercion, you're not getting anything out of the trade. When you agree to something as part of a plea agreement, you do. Or maybe you think that you should be allowed to get a plea deal just by showing up, without cooperating with the State in any way? BTW what's an Alford? http://lmgtfy.com/?q=alford+plea So is hiding exculpatory evidence. Of course prosecutors would never do such a thing, right?right? The vast majority of prosecutors would not. Some would, and in such cases I think the doctrine of prosecutorial immunity should be waived. Snark is not serious argument. There are a bunch more. So what? There are a bunch of prosecutors. If even 1% of prosecutors are corrupt -- which would make them on balance a bunch of saints by the standards of the rest of society -- that's still a large number. The fact there are a large number of abuses is kind of unsurprising given a country with over 300 million people. It's the law of large numbers: one-in-a-million events literally happen thousands of times a day. Don't confuse Law Order re-runs with real life. Give me some credit, pal. You're the one who didn't know what an Alford plea was. Just sayin'. Please note: I'm not saying prosecutorial abuse doesn't happen, that it's not a problem, or that we haven't vastly overcriminalized our civil life. But this paranoid fantasy some people have going, where they believe *every* prosecutor is corrupt... that's just childish. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 19 August 2014 at 10:05:23 PM, in mid:53f3bc13.8040...@sixdemonbag.org, Robert J. Hansen wrote: What the prosecutor is offering there is, you will plead guilty to lesser charges, but I'm only willing to do this if you're willing to show me the full extent of your illegal activities, so cough up the passphrase so I can verify it for myself. When you're facing coercion, you're not getting anything out of the trade. In my opinion that is pure semantics. The situation you described can be characterised as the prosecutor telling the accused that they will suffer X regardless, plus the threat that they will additionally suffer Y if they refuse to co-operate. That seems to resemble the definition of Coercion [0]:- The action or practice of persuading someone to do something by using force or threats. [0] http://www.oxforddictionaries.com/definition/english/coercion - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net No matter what a man's past may have been, his future is spotless. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlPzxDJXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5ph5kD/0q4ZWtNYVLRdgmtcCv877H8fV+o0yaoC2Ud h4nkA/K9kEC8ILA9QLhYOnLB7cpXwwATWAsLCgDTOHmK7R+raQANQKfAXnxaDKaR 9k/CfoSyUsB7+eXinVrIjRq7ELMhnRbMsBsPhS8mEKcz2p8wCafC3HkW5CuHYRvx RewEIzom =9Mhf -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
In my opinion that is pure semantics. In other news, water is wet, bricks are heavy, and politicians lie. Yes, it's pure semantics. It's *law*. What, were you expecting something else? Wake up and realize the essential nature of what you're talking about: law is *all about* formalism, syntax, semantics. If you think law is other than this, then -- well -- this conversation just ceased being worth my time. Discussing law with people who complain about semantics is like discussing biology with Creationists. The situation you described can be characterised... The great thing about liberty is everyone has the right to an opinion. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 19 August 2014 at 11:48:29 PM, in mid:53f3d43d.2030...@sixdemonbag.org, Robert J. Hansen wrote: Yes, it's pure semantics. It's *law*. What, were you expecting something else? Fair comment, but what has been described as bargaining is still coercion. The great thing about liberty is everyone has the right to an opinion. It had to be good for something. - -- Best regards MFPAmailto:2014-667rhzu3dc-lists-gro...@riseup.net To know what we know, and know what we do not know, is wisdom. -BEGIN PGP SIGNATURE- iPQEAQEKAF4FAlPz24RXFIAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pshsEAI5Zg1+T2KqDdeVsAOx63fsYukAi4hCDOsj1 REqcD0ChkBXRxTo0o2He2WQKo5Ojst5jPSlbGRqnkJz5DC9jkS9JwvTyTLye7r/W Fn+t4r9pgO7yH/fJl2KEhvlq/hxI1iMQTHbIZXHczONrVwUUUFZsEG3jxuLku7dt uNiTe+TU =FtsL -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 17-08-2014 22:42, Robert J. Hansen wrote: The only time production of a passphrase is permitted is when it lacks any testimonial value. And who determines wether it has any testimonial value? That sounds like a fine legal loophole to pressure someone into telling the passphrase. In those cases where the US government is actually interested in paying lip service that it will obey the law that is - they could just as easily declare you an illegal combattant or something like that and just torture it out of you. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
I read an article or something a while back stating the legal theory that if your passphrase is an admittance to a past crime, to hand over said passphrase would constitute as having said testimonial value and you could get away with not disclosing the passphrase. But it is just legal theory, and I am no expert in law, american law, or even cryptography. So what happens in practice is anyone's guess really. On 18 August 2014 07:01:46 BST, Johan Wevers joh...@vulcan.xs4all.nl wrote: On 17-08-2014 22:42, Robert J. Hansen wrote: The only time production of a passphrase is permitted is when it lacks any testimonial value. And who determines wether it has any testimonial value? That sounds like a fine legal loophole to pressure someone into telling the passphrase. In those cases where the US government is actually interested in paying lip service that it will obey the law that is - they could just as easily declare you an illegal combattant or something like that and just torture it out of you. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 8/18/2014 5:04 AM, Rob Ambidge wrote: I read an article or something a while back stating the legal theory that if your passphrase is an admittance to a past crime, to hand over said passphrase would constitute as having said testimonial value and you could get away with not disclosing the passphrase. That's one of the exceptions, yes. Basically, if the fact you know something would tend to implicate you in the commission of a crime, then you can't be compelled to reveal that you know it. Whether it's a passphrase or a safe combination makes no difference. There are a lot of nuances and exceptions here. This isn't legal advice. If you need legal advice, ask a real lawyer, not an internet mailing list... smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 8/18/2014 2:01 AM, Johan Wevers wrote: And who determines wether it has any testimonial value? Johan, we're entering paranoid fantasy here. If you truly believe the whole of the USG is corrupt, and that our independent judiciary is in cahoots with a corrupt Executive and Legislature in order to systematically violate people's rights, well... then I think I'm going to need to stop talking with you, which I regret. :( smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Sun, Aug 17, 2014 at 12:41:52AM +0100, Nicholas Cole wrote: On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen r...@sixdemonbag.org wrote: [snip] OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in this blogpost: OpenPGP can't protect your metadata, and that turns out to often be higher-value content than your emails themselves are. Further, exposed metadata is inherent to SMTP, which means this problem is going to be absolutely devilish to fix. That is true. But perhaps it would be a start if email clients actually put the actual email (with subject and references headers etc.) as an attachment to a bare email that contained only the minimal headers for delivery. It wouldn't be a perfect solution, but it would at least fix a certain amount of metadata analysis. Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. STARTTLS does not encrypt mail. It only provides safe passage over the network. It is also client/server encrypted and decrypted. Thus, an administrator with root at an SMTP server can view the mail once the mail transfer is decrypted. Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as Google, Yahoo, and Microsoft. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgprklDx6SXoi.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 08:15:49AM -0600, Aaron Toponce wrote: On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: Perhaps it would be a start if sites providing SMTP would turn on STARTTLS. STARTTLS does not encrypt mail. It only provides safe passage over the network. Sure, it does encrypt mail. My SMTP has mail from me to deliver. It contacts an SMTP that it thinks can get the mail closer to its addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they handshake, and the rest of the session, including MAIL FROM, RCPT TO, and my mailgram following the DATA, is encrypted over the wire. It is also client/server encrypted and decrypted. Thus, an administrator with root at an SMTP server can view the mail once the mail transfer is decrypted. As is often said here, what's your threat model? Keeping nonprivileged people out of the transaction is worthwhile, if I am worried about mail being spied on in transit. STARTTLS greatly reduces the number of parties who could just read email metadata if they have access to the wire. Sysadmin.s take a risk if they are prying into the mail spool -- they could be discovered. Governments, too, may judge that the cost of exposure of such activity is worth more than the advantage of doing it. But I wouldn't depend solely on STARTTLS for securing email any more than I am satisfied to depend solely on encrypting the message body with OpenPGP or similar means. I believe in making the bad guys take as much time, create as much mess, and make as much noise as I can compel. It costs almost nothing to make as much trouble as possible for snoopers, and it's interesting work, so why not do it? Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as Google, Yahoo, and Microsoft. You mean those webmail thingies that I never use? There's so much we don't know about their security practices that I wasn't even thinking about such services. My remark was focused on the scenario above: there is a local MUA, a local MTA and a remote MTA. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote: Sure, it does encrypt mail. My SMTP has mail from me to deliver. It contacts an SMTP that it thinks can get the mail closer to its addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they handshake, and the rest of the session, including MAIL FROM, RCPT TO, and my mailgram following the DATA, is encrypted over the wire. The connection is encrypted, not the mail itelf. SSL/TLS behave like a tunnel. The end result is the same, but the details are different. Much like on OpenSSH tunnel, where SSH does not know anything of the data moving through the tunnel, STARTTLS knows nothing about the data going through its tunnel. You mean those webmail thingies that I never use? There's so much we don't know about their security practices that I wasn't even thinking about such services. My remark was focused on the scenario above: there is a local MUA, a local MTA and a remote MTA. No, I mean the POP3S/IMAPS/SMTPS/MAPIS protocols your MUA, and other SMTP MTAs connects to. Not HTTPS. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o pgp2Xw45OQOkz.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 18-08-2014 11:04, Rob Ambidge wrote: But it is just legal theory, and I am no expert in law, american law, or even cryptography. So what happens in practice is anyone's guess really. I've seen what happens in practice: some group of people was accused of organized growing of hennep. They arrested a lot of people, then dropped the charges against some minor members of the gang. And then they became witnesses and had to testify. Considering what could happen to them if they talked they suddenly all had amnesia... -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 18-08-2014 14:31, Robert J. Hansen wrote: And who determines wether it has any testimonial value? Johan, we're entering paranoid fantasy here. If you truly believe the whole of the USG is corrupt, Well, I see some ridiculous sentences of US judges published here, but I realize that only the most stupid ones reach the press here. However, since US law has something called subphoena, which I consider a grave violation of the right to remain silent, I have not much trust in US law. And as I described in another reply, I've seen in practice what they do to make someone testify: drop charges against person 1 so he can be declared witness against person 2. and that our independent judiciary is in cahoots with a corrupt Executive and Legislature in order to systematically violate people's rights, That seems to be what Snowden showd. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
Well, I see some ridiculous sentences of US judges published here, but I realize that only the most stupid ones reach the press here. However, since US law has something called subphoena, which I consider a grave violation of the right to remain silent, I have not much trust in US law. Err -- *what* right to remain silent? No country has a universal right to remain silent. If you're a witness to a crime, you can be compelled to testify about what you see. If you're in possession of documents that are relevant to a police investigation, you can be ordered to produce them, and so on and so on. That's the subpoena duces tecum in a nutshell, right there. Keep in mind that the idea of a subpoena duces tecum is so uncontroversial that it's been formalized in *two* separate Hague conventions: the Hague Service Convention and the Hague Evidence Convention. If you don't have trust in U.S. law because we have the subpoena duces tecum, you should have no more faith in Dutch law... That seems to be what Snowden showd. Been nice talking to you, Johan. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 18-08-2014 20:11, Robert J. Hansen wrote: Err -- *what* right to remain silent? No country has a universal right to remain silent. If you're a witness to a crime, you can be compelled to testify about what you see. Yes, unfortunately. If you're in possession of documents that are relevant to a police investigation, you can be ordered to produce them, and so on and so on. No, not here. When the police thinks I have such documents they can get a search order, but if they can't find them and I remain silent it's too bad for them. I am not in violation of any law when I don't give them, not even when they later find out I did have them. Same for when I would destroy or encrypt said documents after I found out the police was looking for them. Keep in mind that the idea of a subpoena duces tecum is so uncontroversial that it's been formalized in *two* separate Hague conventions: the Hague Service Convention and the Hague Evidence Convention. Perhaps, but the Dutch law doesn't wortk like that. If you don't have trust in U.S. law because we have the subpoena duces tecum, Not ONLY because of that. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On Sun, Aug 17, 2014 at 04:42:52PM -0400, Robert J. Hansen wrote: Unfortunately most of us do. Including the US, UK and the Dutch are aklso pushing for such laws. Speaking only for the U.S., this is not the case. Dream on. The United States Constitution protects an individual's right not to testify against themselves. If the production of a passphrase would have any kind of testimonial value, then such production cannot be ordered. The only time production of a passphrase is permitted is when it lacks any testimonial value. There are quite a few ways police and prosecutors can coerce a suspect to hand over his encryption key(s). Dangling the prospect of a lighter sentence under the poor bugger's nose, or conversely, threatening to come down hard, perhaps going for a death penalty. The surrender of a suspect's keys would be voluntary and therefore constitutional. Even if the role production serves is testimonial, if it's voluntary, and the statement the poor sod is required to sign will so state, it's constitutional (I think). Don't forget, even non-testimonial key surrender can be used to build a body of evidence. DISCLAIMER: I'm not a lawyer and the above is opinion only. Many people look at one particular case and say, hey, production was required in that case, clearly the U.S. can compel you to produce!, or production wasn't required in that case, clearly the U.S. can't compel you to produce! The reality is different. You need to look at the role the production serves. Testimonial in nature? Nope, forbidden. Non-testimonial? Yep, permitted. -- Bob Holtzman Giant intergalactic brain-sucking hyperbacteria came to Earth to rape our women and create a race of mindless zombies. Look! It's working! signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 8/18/2014 9:32 PM, Bob Holtzman wrote: There are quite a few ways police and prosecutors can coerce a suspect to hand over his encryption key(s). Your examples which involve coercion are illegal, and the ones that are legal do not involve coercion. Dangling the prospect of a lighter sentence under the poor bugger's nose Not coercion. Prosecutor: We know you have an encrypted drive partition with a lot of child porn on it. Give up your passphrase and we'll reduce it to ten counts of possession and drop the intent to distribute, and we won't object to sentences running concurrently. Defendant: ... that sounds really good. Or, alternately, imagine the defendant is innocent of the charge: Defendant: I can't accept that deal. I'm innocent of that. (True: if you're innocent of the charge, you're not allowed to plead guilty to it. You might be able to talk the judge into accepting an Alford, but it'd be an uphill battle.) Or, alternately, imagine the defendant is guilty, but only of eight counts of possession: Defendant: No deal. I'll take my risks in court. Good luck producing these 'thousands of images' you're talking about. or conversely, threatening to come down hard, perhaps going for a death penalty. Grossly illegal, in violation of the canons of legal ethics, and will get an attorney disbarred. Don't confuse Law Order re-runs with real life. The DA is allowed to threaten prosecution of only those crimes the DA reasonably believes a person violated, and the DA is expressly forbidden from using the threat of the death penalty to persuade someone to taking a lesser sentence. The surrender of a suspect's keys would be voluntary and therefore constitutional. In your first example yes, in your second example no. Don't get me wrong: prosecutors have a lot of power, and I personally believe they have too much power with too little accountability. However, it's not a de-facto state of tyranny, either. As always, my best advice for people facing legal problems is shut up and get a lawyer. smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
I share most of Greene's arguments agaist PGP to a limited extent, however, he seems strongly biased against it. There are two points, in which I strongly disagree with Greene: A) For me forward secrecy is not of utmost importance for asymmetric end to end mail encryption. Your private key is compromized if your system has been hacked(if you don't live in a police state where authorities can force you to reveal it). Most likely the important private messages will still reside on your system then, so they are leaked anyways in this case. So there is limited gain by implementing forward secrecy. So the complaint about lacking forward secrecy is exaggerated in my eyes. Nevertheless, there do exist solutions for asynchronous message exchange with forward secrecy and we need to have an eye on them and watch out for new publications on these. At present IMHO they are awkwardly difficult to implement and maintain and just keeping a watchful eye on them seems perfectly reasonable today. Once a crisp and nicely implementable asynchronous protocol with forward secrecy comes up, however, we should have it implemented immediately.(The synchronous ones are easy, of course.) B) A minor point. Greene complains, that in PGP securing ciphers with a MAC is not enforced in the standard. For an asymmetrically enciphered message IMHO it does not make any sense whatsoever, to secure message authenticity with a MAC. A correct MAC is proof that the message has not been altered by someone not knowing the symmetric key. But knowledge of the symmetric key doesn't prove anything since it is essentially a random number selected by the unauthenticated sender. So a correct MAC in a RSA cipher just proves that the sender is the sender - so what? (I know that many people disagree with me on this point, yet I have never heard a convincing argument for the MAC in an asymmetric cipher.) If you want authenticity, you have to have the message or cipher be digitally signed by the sender. For me the critcism of PGP is clearly unfair regarding this second aspect. Regards, Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 17-08-2014 17:08, Michael Anders wrote: Your private key is compromized if your system has been hacked(if you don't live in a police state where authorities can force you to reveal it). Unfortunately most of us do. Including the US, UK and the Dutch are aklso pushing for such laws. Once a crisp and nicely implementable asynchronous protocol with forward secrecy comes up, however, we should have it implemented immediately.(The synchronous ones are easy, of course.) Whispersystems has done a good job with Textsecure as ar as I read the opinions about it. In practice their application is very usable too, except that MMS does not work in some circumstances (but who uses that anyway in 2014?) -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
Unfortunately most of us do. Including the US, UK and the Dutch are aklso pushing for such laws. Speaking only for the U.S., this is not the case. The United States Constitution protects an individual's right not to testify against themselves. If the production of a passphrase would have any kind of testimonial value, then such production cannot be ordered. The only time production of a passphrase is permitted is when it lacks any testimonial value. Many people look at one particular case and say, hey, production was required in that case, clearly the U.S. can compel you to produce!, or production wasn't required in that case, clearly the U.S. can't compel you to produce! The reality is different. You need to look at the role the production serves. Testimonial in nature? Nope, forbidden. Non-testimonial? Yep, permitted. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Fwd: It's time for PGP to die.
On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen r...@sixdemonbag.org wrote: On 8/16/2014 1:14 PM, Kristy Chambers wrote: Sorry for that crap subject. I just want to leave this. Meh. Color me unimpressed. This was a terrific post. Thank you, Robert. [snip] * No forward secrecy. Not everyone needs PFS, and frankly, obsession with PFS is one of those things I really wish people would grow out of. Before complaining about what OpenPGP needs or where it's lacking, try looking at where OpenPGP has been broken in the real world. Hint: PFS ain't a panacea. I agree people are obsessed with this, and it is unhealthy. I think the name doesn't help. I've seen various definitions. http://en.wikipedia.org/wiki/Forward_secrecy This means that the compromise of one message cannot lead to the compromise of others. In the case of PGP, of course, it is true that the compromise of the Public key would compromise all messages, but in other ways PGP does help. It is possible, for example, to surrender just the session key, in the case that it is necessary to do so to comply with a legitimate law-enforcement request. But I don't see how PFS could really apply to something like email, as opposed to something like an http request. * So what should we be doing? There are 25 years invested in making PGP work. Many subtle bugs and security errors in the protocol and the gnupg implementation have been worked out. Throwing out PGP would be a bit like making this mistake: http://www.joelonsoftware.com/articles/fog69.html OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in this blogpost: OpenPGP can't protect your metadata, and that turns out to often be higher-value content than your emails themselves are. Further, exposed metadata is inherent to SMTP, which means this problem is going to be absolutely devilish to fix. That is true. But perhaps it would be a start if email clients actually put the actual email (with subject and references headers etc.) as an attachment to a bare email that contained only the minimal headers for delivery. It wouldn't be a perfect solution, but it would at least fix a certain amount of metadata analysis. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 2014-08-17 at 01:41, Nicholas Cole wrote: On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen r...@sixdemonbag.org wrote: OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in this blogpost: OpenPGP can't protect your metadata, and that turns out to often be higher-value content than your emails themselves are. Further, exposed metadata is inherent to SMTP, which means this problem is going to be absolutely devilish to fix. That is true. But perhaps it would be a start if email clients actually put the actual email (with subject and references headers etc.) as an attachment to a bare email that contained only the minimal headers for delivery. It wouldn't be a perfect solution, but it would at least fix a certain amount of metadata analysis. Well, afaik, there’s *no* MIME header which is required for delivery (maybe RFC says there is, but currently mail servers accepts mails with no headers at all). The headers that are needed for delivery are not MIME ones (the ones like “From:”, “To:”, “Date:”, “Message-Id:”, “Subject:”, etc.) but the SMTP one (the “MAIL FROM:” and “RCPT TO:”) which are separated. So I think mail clients could just send a void mail with just as much MIME informations to says its content is a MIME message (“message/rfc822” MIME type I think). Then things like the subject, the date, the message-id, the list of attached things, etc. would be protected. That makes less metadata, but it still leaks the more important: recipient and receiver. So the only way is to build an asynchronous communication system based on anonymity, like GNUnet’s doing. signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Fwd: It's time for PGP to die.
On 8/16/2014 7:41 PM, Nicholas Cole wrote: There are 25 years invested in making PGP work. Many subtle bugs and security errors in the protocol and the gnupg implementation have been worked out. Throwing out PGP would be a bit like making this mistake: More or less, yeah. Someday I'm going to wind up getting frustrated to the point where I write an angry, bitter, ranty screed on how the biggest headache with OpenPGP is unrealistic expectations and demands on the part of people who claim to know better, but obviously don't... smime.p7s Description: S/MIME Cryptographic Signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users