Re: Is the OpenPGP model still useful?
Hi Daniel, On Sat, Jul 23, 2011 at 2:21 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 07/23/2011 07:04 PM, Marcio B. Jr. wrote: On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen r...@sixdemonbag.org wrote: So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why is this a problem? You know, secrets are shared. 100% increase (at least) in exposing risks. I am struggling with how to respond to your messages since i find them confusing. Ok, I am grateful for that struggle. Are you aware that the purpose of OTR is to allow two parties to communicate confidentially? Right now, I'm trying to study OTR within some US Fifth Amendment contexts. So I'll answer that in a later time. OpenPGP itself uses this sort of symmetric encryption to encrypt messages with a random session key, and only uses asymmetric encryption to encrypt the session key itself. So, say, my subkey's public part encrypts some session key, not the message itself? Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 7/26/11 2:44 PM, Marcio B. Jr. wrote: Are you aware that the purpose of OTR is to allow two parties to communicate confidentially? Right now, I'm trying to study OTR within some US Fifth Amendment contexts. So I'll answer that in a later time. It seems to be a straightforward yes or no question. DKG is just asking if you're aware of OTR's purpose. So, say, my subkey's public part encrypts some session key, not the message itself? Correct. In fact, even signatures can be viewed this way. Signature being just encryption with the private part of the key, the digest of the message (which is all that's encrypted) can be viewed as analogous to a session key. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Hello Robert. On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen r...@sixdemonbag.org wrote: So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why is this a problem? You know, secrets are shared. 100% increase (at least) in exposing risks. Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 7/23/11 1:04 PM, Marcio B. Jr. wrote: You know, secrets are shared. 100% increase (at least) in exposing risks. I need to see a citation for this. What you're claiming is at odds with everything I've ever learned about how DHKEA operates. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?]
Hi Aron, you are somewhat arrogant. Please read what I wrote till completion. Regards, On Fri, Jul 22, 2011 at 9:17 PM, Aaron Toponce aaron.topo...@gmail.com wrote: On Fri, Jul 22, 2011 at 07:56:42PM -0300, Marcio B. Jr. wrote: Hello Daniel, sorry for such a delay; this has been a wild JULY. On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor wrote: On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why does this seem unjustifiable to you? DH and block ciphers are widely-reviewed parts of the standard crypto toolkit. Do you have reason to believe they're generally bad? It seems unjustifiable because there exists an option in which secret keys need not to take risks. And if there's any security concern and one's to choose between zero risk and any other positive-value risk, it's reasonable to pick the former. Are you familiar with the DH key exchange? It doesn't seem that you are. There is no risk in sharing the private key between the two parties. It basically goes like this: Step 1: A generates the private key. Step 2: A encrypts the private key with a one-time session key. Step 3: A sends the encrypted private key to B. Step 4: B encrypts the encrypted private key with his 1-time key. Step 5: B sends the doubly-encrypted private key to A. Step 6: A decrypts what he can with his one-time session key. Step 7: A sends the resulting encrypted key to B. Step 8: B decrypts the private key with his 1-time key. B now has the private key. The one-time session keys are never shared, but stored locally on the machine. Once the DH key exchange finished, the session keys are destroyed. No where in the exchange is there any risk of the private key being compromised. A MITM can grab all the packets he likes. Unless he has one or both session keys, he's not getting the private key. -- . o . o . o . . o o . . . o . . . o . o o o . o . o o . . o o o o . o . . o o o o . o o o ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 07/23/2011 07:04 PM, Marcio B. Jr. wrote: On Wed, Jul 6, 2011 at 5:49 PM, Robert J. Hansen r...@sixdemonbag.org wrote: So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why is this a problem? You know, secrets are shared. 100% increase (at least) in exposing risks. I am struggling with how to respond to your messages since i find them confusing. Are you aware that the purpose of OTR is to allow two parties to communicate confidentially? In a confidential communication, a secret message is sent from party A to party B. The entire purpose is to share the secret between the two parties. They have to share the key to the cipher in order to share the secret. OpenPGP itself uses this sort of symmetric encryption to encrypt messages with a random session key, and only uses asymmetric encryption to encrypt the session key itself. If you research other popular encryption standards (e.g. TLS), you'll find this hybrid approach is quite common. If there's a serious downside or risk to it, could you outline the sort of attack you're concerned about? Thanks, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Hi Robert. Secrecy sharing constitutes sort of a symmetric fact when more than one instance is involved and you ask me for a citation? I resumed this thread in order to clarify whether Kopete's OpenPGP plugin was really superior, compared to the OTR one, and all people say is OTR and its Diffie-Hellman algo are great, but no comparison is ever made because choice depends on threat model. Come on, this is not an academic seminar. It would be simpler to put some hypothetical situation in which you'd choose one of the options, and explain the reason behind that choice. What can I say? My situation is a regular one. Privacy and/or authenticity are needed in varying degrees. Regards, On Sat, Jul 23, 2011 at 2:16 PM, Robert J. Hansen r...@sixdemonbag.org wrote: On 7/23/11 1:04 PM, Marcio B. Jr. wrote: You know, secrets are shared. 100% increase (at least) in exposing risks. I need to see a citation for this. What you're claiming is at odds with everything I've ever learned about how DHKEA operates. Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 7/23/11 2:36 PM, Marcio B. Jr. wrote: Secrecy sharing constitutes sort of a symmetric fact when more than one instance is involved and you ask me for a citation? Yes. I am quite certain that if, say, Daniel Gillmor were to assert the Earth is round and I were to ask him for a citation, he would refer me to Eratosthenes's trigonometric analysis of the angles of sunlight incidence in Syene and Alexandria, and would not find my request to be in the slightest bit unusual. There is no fact, however obvious, which is guaranteed to be obvious to everyone. When people ask for citations for obvious facts, the only thing it means is it is not obvious to them. The courteous and genteel thing to do is to provide a citation, so that the person in question might learn. What you're saying is at odds with everything I've come to learn about DHKEA. What you're saying is extremely nonobvious to me. Please present a citation for your assertion that DHKEA shares secrets more than another competing protocol. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OT: IM encryption options [was: Re: Is the OpenPGP model still useful?]
Hello Daniel, sorry for such a delay; this has been a wild JULY. On Wed, Jul 6, 2011 at 4:09 PM, Daniel Kahn Gillmor d...@fifthhorseman.net wrote: On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why does this seem unjustifiable to you? DH and block ciphers are widely-reviewed parts of the standard crypto toolkit. Do you have reason to believe they're generally bad? It seems unjustifiable because there exists an option in which secret keys need not to take risks. And if there's any security concern and one's to choose between zero risk and any other positive-value risk, it's reasonable to pick the former. As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? Not all of these decisions should be made on purely mathematical grounds. Consider, for example, pidgin's old GPG plugin (i dont know whether it is still in use or under development) It worked by signing and encrypting each message before it was sent, and decrypting and verifying each response. However, IM messages tend to be heavily context-dependent, which makes them vulnerable to replay attacks. No secret key can ever be intercepted or shared. For example, how many times have you written on IRC (or whatever IM network you use) the simple phrase i agree? If each message is individually signed and verified, it'd be relatively easy for an attacker to replay your i agree in another conversation, making it look like you agreed to something you hadn't actually agreed to. OTR's stream-based approach ensures that messages are only authenticated as part of a single, two-party conversation. There is no room for a replay attack. I am obviously considering signing and encrypting. OTR also is designed so that a third-party (one not involved in the original communication can't conclusively prove that you wrote something. this is the off the record part of OTR. It's debatable how useful this so-called repudiability would be in, say, a court of law; but individually-signed messages clearly do *not* have this kind of repudiability; anyone in possession of one of these messages can convince any third party that you did in fact write the message. There is secrecy sharing so maintenance of this repudiability's effectiveness is not entirely up to you. Regards, Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 7 July 2011 at 12:52:42 AM, in mid:20110706235242.ga24...@helcaraxe.net, Milo wrote: I think that informative and didactic value of such response is negligible. Even if that were true, there would still be the entertainment value. But iconoclasm can be instructive; think for yourself, otherwise you have to believe what others tell you. - -- Best regards MFPAmailto:expires2...@ymail.com Dollar sign - An S that's been double crossed -BEGIN PGP SIGNATURE- iQE7BAEBCgClBQJOFf7nnhSAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pChQEAJYQ Q4K6U5fTAnY3RuX759nGi0S9UJThGXqZxT21dipbJApwpf4pQ80deQ2oG6zkgnnS +HZWyiJegtryQhPm7K8FoIAI6q35Npao9bgPN0dbw/wznvWuMA+JFtspfXeHWfRJ 2o9pSC9aRlwasgolL0AoTPXjE9aDU/Q/pyw38AwF =BZ8J -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Hello, resuming this thread because I'm studying encryption options for KDE's Kopete IM client. So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? Regards, On Fri, Apr 29, 2011 at 10:12 AM, Robert J. Hansen r...@sixdemonbag.org wrote: On 4/28/11 11:05 AM, Michel Messerschmidt wrote: Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? The barrier to usage is still high with OTR: users still have to authenticate, and you can get horrible sync issues. Plus, let's not forget the wacky hijinks that occur if you're logged into IM from two places at once -- although this is explicitly supported by some IM protocols (Jabber), with OTR it causes no end of troubles. The thought experiment here -- it's not a real proposal -- is, what would happen if we discarded authentication entirely, and went purely for a require-brute-force approach to discover the random session key? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
OT: IM encryption options [was: Re: Is the OpenPGP model still useful?]
On 07/06/2011 01:28 PM, Marcio B. Jr. wrote: resuming this thread because I'm studying encryption options for KDE's Kopete IM client. Hmm, i'm not sure this is the best place for this discussion, so i've marked the subject line OT for off-topic -- if you think there might be a better discussion list, feel free to follow up there. So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. Why does this seem unjustifiable to you? DH and block ciphers are widely-reviewed parts of the standard crypto toolkit. Do you have reason to believe they're generally bad? As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? Not all of these decisions should be made on purely mathematical grounds. Consider, for example, pidgin's old GPG plugin (i dont know whether it is still in use or under development) It worked by signing and encrypting each message before it was sent, and decrypting and verifying each response. However, IM messages tend to be heavily context-dependent, which makes them vulnerable to replay attacks. For example, how many times have you written on IRC (or whatever IM network you use) the simple phrase i agree? If each message is individually signed and verified, it'd be relatively easy for an attacker to replay your i agree in another conversation, making it look like you agreed to something you hadn't actually agreed to. OTR's stream-based approach ensures that messages are only authenticated as part of a single, two-party conversation. There is no room for a replay attack. OTR also is designed so that a third-party (one not involved in the original communication can't conclusively prove that you wrote something. this is the off the record part of OTR. It's debatable how useful this so-called repudiability would be in, say, a court of law; but individually-signed messages clearly do *not* have this kind of repudiability; anyone in possession of one of these messages can convince any third party that you did in fact write the message. Note that we're just talking here about message/conversation signing, encryption, and verification; iirc, the original thread was asking about OpenPGP's certification model (that is, how multi-issuer OpenPGP certificates are used to bind identities to public keys), which is an entirely different (though related) topic. hope this helps, --dkg signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 07/06/2011 10:28, Marcio B. Jr. wrote: Hello, resuming this thread because I'm studying encryption options for KDE's Kopete IM client. So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? IDOYTM, which you haven't defined. Personally I've used OTR for years, and am a big fan. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Dear Doug, I don't know what IDOYTM is supposed to mean, and am afraid I'm not enough-of-a-teenager to get really concerned with that. If the existence of big fans justifies quality, Amy Winehouse would be Teresa of Calcutta. My question, which, I must emphasize for you, is a question — not an assertion, was on mathematical coherence. Regards, On Wed, Jul 6, 2011 at 4:37 PM, Doug Barton do...@dougbarton.us wrote: On 07/06/2011 10:28, Marcio B. Jr. wrote: Hello, resuming this thread because I'm studying encryption options for KDE's Kopete IM client. So far, OTR adoption seems unjustifiable, really. I mean, it uses the Diffie-Hellman key exchange method with block ciphers. As of what I got from your (Robert) explanation plus some preliminary conclusions of my studies, making use of asymmetric algos with OpenPGP would be more coherent and secure, mathematically. Is it correct? IDOYTM, which you haven't defined. Personally I've used OTR for years, and am a big fan. -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ Marcio Barbado, Jr. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 07/06/2011 13:39, Marcio B. Jr. wrote: Dear Doug, I don't know what IDOYTM is supposed to mean, It depends on your threat model. You haven't defined what you're guarding against, so it's impossible to judge how potential solutions may or may not help. and am afraid I'm not enough-of-a-teenager to get really concerned with that. If the existence of big fans justifies quality, Amy Winehouse would be Teresa of Calcutta. Um, yeah, Ok. My question, which, I must emphasize for you, is a question — not an assertion, was on mathematical coherence. And like I said (and Daniel said in more detail) OTR has some very valid uses cases, but without knowing what your goals are it's hard to respond intelligently. Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Wed, Jul 06, 2011 at 01:49:52PM -0700, Robert J. Hansen wrote: (...) -- it's just not something I can answer. Coherency and security are matters of personal taste and policy. Are you sure about that? then find a person who will tell you that (you like thought experiments, don't you?) during obvious live threat situation feels secure. You can imaging what will be a common anwser, right? Defining from the scratch all the terms and dictionaries before starting conversation is somehow bogus. Robert, if you will look around you will find fine and common/universal-enough definitions of security in context adequate to this thread. If you doubt about that start a thread for revisiting - for example - wikipedia's terms regarding IT/information security stuff. I think that most people (and I'm saying about _most_ of them) will agree that there are fine. Perhaps instead of serving extreme form of relativism is better to not anwser at all. I think that informative and didactic value of such response is negligible. -- Kind regards, Milo ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 7/6/2011 7:52 PM, Milo wrote: Are you sure about that? then find a person who will tell you that (you like thought experiments, don't you?) during obvious live threat situation feels secure. You can imaging what will be a common anwser, right? You must not know many United States Marines. They're a screwy bunch. They kind of like getting shot at: it keeps them on their toes. On the other side of the coin, consider someone suffering from combat-related post traumatic stress disorder, for whom there is literally no environment that allows them to feel safe. One group of people finds even obvious live threat situations to be invigorating and they feel quite confident about their ability to thrive in such situations, and another group of people considers all situations, even obviously safe ones, to be mortal threats. I think we ought be very careful in making universal statements about what all people agree upon with respect to security. It seems to me to be quite likely there are no such things. As with so many things in life, IDOYTM. Define your threat model, and then we can talk about coherency and security. Not before then. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Simon Ward schrieb: On Fri, Apr 29, 2011 at 09:05:35PM +0200, B wrote: By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted There is an option in Enigmail's expert settings to always confirm. Simon Hej Simon, thanks very much for your comment! I didn't know that setting yet. But I'm lacking phantasy of how to use this for preventing me of sending unencrypted in case that Enigmail does not work properly So, if it does not work, the confirmation request will not appear and mail goes out unencrypted, doesn't it? Regards, Boris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Mon, May 2, 2011 at 5:34 AM, B brud...@cation.de wrote: Simon Ward schrieb: On Fri, Apr 29, 2011 at 09:05:35PM +0200, B wrote: By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted There is an option in Enigmail's expert settings to always confirm. [SNIP] But I'm lacking phantasy of how to use this for preventing me of sending unencrypted in case that Enigmail does not work properly If you run your mail server, you should be able to set up a secure channel by having your MTA issue a STARTTLS command. The communication from the originating MTA to your MTA will be secure (some hand waiving). If the sender connects to his/her mail server securely (and MTA's use TLS), then most opportunities for message inspection and tampering should be remediated. Jeff ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Jeffrey Walton schrieb: On Mon, May 2, 2011 at 5:34 AM, B brud...@cation.de wrote: Simon Ward schrieb: On Fri, Apr 29, 2011 at 09:05:35PM +0200, B wrote: By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted There is an option in Enigmail's expert settings to always confirm. [SNIP] But I'm lacking phantasy of how to use this for preventing me of sending unencrypted in case that Enigmail does not work properly If you run your mail server, you should be able to set up a secure channel by having your MTA issue a STARTTLS command. The communication from the originating MTA to your MTA will be secure (some hand waiving). If the sender connects to his/her mail server securely (and MTA's use TLS), then most opportunities for message inspection and tampering should be remediated. Hej Jeff, thanks for your comment! Your explanation has nothing to do with OpenPGP. Of course everybody could or should use TLS against his server Boris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Mon, May 02, 2011 at 11:34:47AM +0200, B wrote: But I'm lacking phantasy of how to use this for preventing me of sending unencrypted in case that Enigmail does not work properly So, if it does not work, the confirmation request will not appear and mail goes out unencrypted, doesn't it? If Enigmail is completely broken, or you’ve disabled the add‐on, your emails will not be signed or encrypted and the confirmation request will not appear. In a non‐broken state with the confirmation option, the confirmation dialog appears every time you hit send, regardless of whether the mail is signed or encrypted, and informs you of the signing and encryption status. You might be able to verify yourself by choosing not to send the email immediately (send later), then inspecting the mail in the Outbox. I cannot remember if messages saved in the Outbox are encrypted. Simon -- A complex system that works is invariably found to have evolved from a simple system that works.—John Gall signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On 4/28/11 11:05 AM, Michel Messerschmidt wrote: Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? The barrier to usage is still high with OTR: users still have to authenticate, and you can get horrible sync issues. Plus, let's not forget the wacky hijinks that occur if you're logged into IM from two places at once -- although this is explicitly supported by some IM protocols (Jabber), with OTR it causes no end of troubles. The thought experiment here -- it's not a real proposal -- is, what would happen if we discarded authentication entirely, and went purely for a require-brute-force approach to discover the random session key? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Am 28.04.2011 17:05, schrieb Michel Messerschmidt: Sounds very much like Off-the-Record messaging for every kind of communication. Or is there a difference I have missed? Hej list members, whatever you ar talking about with this topic: I like using OpenPGP VERY MUCH and find it VERY useful and useable with enigmail in Thunderbird (Icedove) on Debian Squeeze. Thanks for every hand and mind developing this fine peace of software! By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted Thanks in advance, Boris ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Fri, Apr 29, 2011 at 09:05:35PM +0200, B wrote: By the way: Using OpenPGP with enigmail in Thunderbird, I miss a feature: Usually the recipient rules work but if they fail (perhaps due to background update of Thunderbird and not working plugin), I would like to have a chance to see that the written message is going to be send unencrypted BEFORE sending. Or vice vera: I want to see that a instantly written message is going to be encrypted There is an option in Enigmail’s expert settings to always confirm. Simon -- A complex system that works is invariably found to have evolved from a simple system that works.—John Gall signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Is the OpenPGP model still useful?
(The subject line may be provocative, but please don't think I'm arguing that it's not useful. I don't know. I just had an idea a couple of days ago, and I figure it might be worth some discussion.) OpenPGP takes its origins from ClassicPGP, which in turn comes out of a military threat model of the sort that was more or less standard policy everywhere from WW2 forwards: Attackers can apply significant resources to interception, and they already know who they want to intercept Communication technicians are trained, skilled and motivated Communication channels are centrally defined and structured Communiqués must be secure for decades or more There are other elements, but these four are what interest me right now. OpenPGP defends quite neatly against point one, point two explains why it's okay for OpenPGP to have a learning curve like the Matterhorn, the Web of Trust (which is to say, a loose confederation of CAs) follows from point three, and long-term security is point four. Now, while there are still environments in which those four criteria hold, the modern day seems to mostly be governed by four different principles: Attackers need distinguishment more than interception Defenders are unskilled and perhaps incompetent Communication channels are ephemeral, media-hopping and ad hoc Most people don't care if an individual email — or even a series of them — gets compromised Distinguishment versus interception may need some explanation. Intercepting communications is not very hard: finding what communications need to be intercepted is a labor of Hercules. We are, figuratively speaking, drowning in a sea of irrelevant and useless data. The major task is not being able to read the information, but being able to pick signal out from noise. Distinguishment — differentiating signal from noise — is more important than interception — picking up the signal once you know what it is. With respect to communication channels being ephemeral, media-hopping and ad hoc: today it's not unusual for a conversation to begin in SMS, hop to Facebook, migrate to email, and finish on IM. Whatever tool we use to secure our messages needs to be as media-agile as our conversations. And finally, most people simply don't care if their emails get read. Open a stand outside a McDonald's offering FREE BIG MAC AND FRIES FOR YOUR EMAIL SERVER PASSWORD and see how many coupons you give away. Odds are good that the loudest voices of outrage would come from Burger King and Wendy's, and they'd shut up once you set up booths outside their restaurants, too.[*] ... So, finally, here's my Modest Proposal. Encrypt each communication (Facebook post, SMS, whatever) with a random 40-bit key. Throw the key away. Send it. The only way for your recipient to recover the key is to brute-force the message. By our existing standards this would be absolutely crazy: and yet, it would foil large-scale Hoovering of email messages (adding that work factor to each email message would make large-scale analysis difficult), would address point 2 by getting rid of the learning factor (install this plugin and that's all you have to do), would address point 3 by being broadly applicable over a large swath of the problem domain, and if someone recovers a particular message anyway... well, as point 4 shows us, meh. (Note: if the phrase Modest Proposal wasn't enough of a giveaway, this is not a serious proposal. It's a thought experiment, just something I found to be interesting enough to spend a few minutes contemplating.) [*] Some years ago while teaching a computer literacy class, I had the undergrads reading David Brin's The Transparent Society. In it, Brin suggests offering a free Big Mac with a mouth swab and driver's license, and plugging these DNA samples into a database of unsolved crimes. He cheerfully argues there are no privacy concerns since it is so obviously a bad idea, and yet people will voluntarily choose to do it anyway despite knowing it's stupid. The class had a good talk about this. The next Monday a couple of students talked to me after class. After class last week, we went down to the Pita Pit. We were sitting around talking about how stupid Brin's idea was and how he was wrong and nobody would be that stupid ... and then we realized we were saying this while we were filling out credit-card applications in order to get a free pita. When I asked them what they did next, they shrugged. We felt kind of stupid. But we filled them out, got our free pita, and started talking about something else. You can lead a horse to water, and you can even give the horse a straw, but... ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Some thoughts: o Agreed: OpenPGP is difficult. o Media-hopping: each segment can be treated separately. The users know there is a thread of conversation but the technologies do not. So, is this point relevant? o Who is the attacker? A government with sufficient motivation and money should have little trouble getting carriers to inform them of who is involved in a given flow in near realtime (say, by forwarding the log streams out of their RADIUS servers), and matching that to a watch list is trivial. These are exactly the people who would be doing large-scale collection. A personal rival probably couldn't afford it. (This is directed at the distinguishment factor.) Today the chief difficulty for a state really isn't technical or financial, but legal. o Encrypt each communication (Facebook post, SMS, whatever) with a random 40-bit key. Throw the key away. Send it. Isn't that what we do now? Or do you mean: encrypt *everything*; don't ask, just make encryption the default for all communication. I could get behind that. (I've argued for some time that we ought to do away with HTTP-not-S, not-S-SMTP, etc. and this just extends the argument to another layer.) o Agreed: most people don't care about most of their messaging. o Just so long as those who *do* care can plug in or wrap on something stronger and more manageable if they wish. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart. pgpBKtqaT8xV6.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
Robert J. Hansen wrote the following on 4/27/11 9:48 AM: (The subject line may be provocative, but please don't think I'm arguing that it's not useful. I don't know. I just had an idea a couple of days ago, and I figure it might be worth some discussion.) OpenPGP takes its origins from ClassicPGP, I'm buying. May I cross-post and quote, with attribution (CC3 maybe)? Thanks. Charly ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Wed, 27 Apr 2011 11:09:00 -0400, Mark H. Wood mw...@iupui.edu wrote: o Media-hopping: each segment can be treated separately. The users know there is a thread of conversation but the technologies do not. So, is this point relevant? Yes. E.g., OpenPGP messages cannot be reduced to fit in an SMS message: you'd need to break them apart multiple SMS messages. Different media have different technical requirements. Today the chief difficulty for a state really isn't technical or financial, but legal. Strongly disagree. Figuring out the difference between signal and noise seems to be highly nontrivial. o Encrypt each communication (Facebook post, SMS, whatever) with a random 40-bit key. Throw the key away. Send it. Isn't that what we do now? No. Encryption -- even weak encryption -- is not pervasive. It's my position that pervasive weak encryption would make large-scale data analysis difficult (further hammering the differentiation issue and making a hard problem harder), while impacting regular users only slightly. Or do you mean: encrypt *everything*; don't ask, just make encryption the default for all communication. I could get behind that. (I've argued for some time that we ought to do away with HTTP-not-S, not-S-SMTP, etc. and this just extends the argument to another layer.) My problem with HTTPS, SMTPS, etc., is they typically have scalability problems. Asymmetric crypto is CPU intensive. I'd like to see, e.g., HTTPS for commerce, but if I visit Slashdot go to a weaker system that's not CPU-intensive but would still make mass surveillance problematic. o Just so long as those who *do* care can plug in or wrap on something stronger and more manageable if they wish. Yes, absolutely. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Is the OpenPGP model still useful?
On Wed, 27 Apr 2011 10:11:51 -0400, Charly Avital shavi...@mac.com wrote: I'm buying. May I cross-post and quote, with attribution (CC3 maybe)? Sure. Consider it CC BY-ND. Repost how you like, commercial use OK. :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users