On 8/25/13 at 8:32 PM, leich...@lrw.com (Jerry Leichter) wrote:
*The* biggest headache is HTTP support. Even the simplest
modern HTTP server is so complex you can never be reasonably
sure it's secure (though, granted, it's simpler than a
browser!) You'd want to stay simple and primitive.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 29, 2013, at 3:43 AM, Jerry Leichter wrote:
> - If I need to change because the private key was compromised, there's
> nothing I can do about past messages; the question is what I do to minimize
> the number of new messages that will arrive
On Thu, Aug 29, 2013 at 3:31 PM, Callme Whatiwant wrote:
> Hello, I'm new here, so I apologize if I'm repeating past arguments or
> asking old questions.
>
>
> On Tue, Aug 27, 2013 at 8:52 PM, Jerry Leichter wrote:
> >
> > On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
> >
> >> On Tue, 27 A
Hello, I'm new here, so I apologize if I'm repeating past arguments or
asking old questions.
On Tue, Aug 27, 2013 at 8:52 PM, Jerry Leichter wrote:
>
> On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
>
>> On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
>> wrote:
>>> On 08/27/2013 18
On Aug 28, 2013, at 11:03 AM, Jonathan Thornburg wrote:
> On Wed, 28 Aug 2013, Jerry Leichter wrote:
>> On the underlying matter of changing my public key: *Why* would I have
>> to change it? It's not, as today, because I've changed my ISP or employer
>> or some other random bit of routing info
On Wed, 28 Aug 2013, Jerry Leichter wrote:
> On the underlying matter of changing my public key: *Why* would I have
> to change it? It's not, as today, because I've changed my ISP or employer
> or some other random bit of routing information - presumably it's because
> my public key has been comp
On Aug 28, 2013, at 4:24 AM, danimoth wrote:
> On 27/08/13 at 10:05pm, Christian Huitema wrote:
>>> Suppose, as in Bitcoin, my email address *is* my public key
>>
>> You can even use some hash compression tricks so you only need 9 or 10
>> characters to express the address as hash of the public
On 27/08/13 at 10:05pm, Christian Huitema wrote:
> > Suppose, as in Bitcoin, my email address *is* my public key
>
> You can even use some hash compression tricks so you only need 9 or 10
> characters to express the address as hash of the public key.
>
> That works very well, until you have to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> Suppose, as in Bitcoin, my email address *is* my public key
You can even use some hash compression tricks so you only need 9 or 10
characters to express the address as hash of the public key.
That works very well, until you have to change the pub
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
> wrote:
>> On 08/27/2013 18:34, ianG wrote:
>>> Why do we need the 1980s assumption of being able to send freely
>>> to everyone, anyway?
>>
>> It's clear you're not a journalist or wo
On Wed, 28 Aug 2013 03:04:25 +0100 "Wendy M. Grossman"
wrote:
> On 08/28/2013 02:48, Perry E. Metzger wrote:
> > Of course, as a reporter, you are probably getting email
> > addresses of people to talk to via referral, and that could be
> > used to get past the barrier. The problem of people spont
On 08/28/2013 02:48, Perry E. Metzger wrote:
> Of course, as a reporter, you are probably getting email addresses of
> people to talk to via referral, and that could be used to get past the
> barrier. The problem of people spontaneously contacting a published
> address is harder.
I do the latter a
On 8/27/13 7:45 PM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote:
>> Iang wrote:
>>
>>> Why do we need the 1980s assumption of >being able to send freely
>>> to everyone, anyway?
>>
>> tech.supp...@i.bought.your.busted.thing.com is one that comes to
>> mind.
On 8/27/13 7:48 PM, Perry E. Metzger wrote:
> On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
> wrote:
>> On 08/27/2013 18:34, ianG wrote:
>>> Why do we need the 1980s assumption of being able to send freely
>>> to everyone, anyway?
>>
>> It's clear you're not a journalist or working in any
On Tue, 27 Aug 2013 22:04:22 +0100 "Wendy M. Grossman"
wrote:
> On 08/27/2013 18:34, ianG wrote:
> > Why do we need the 1980s assumption of being able to send freely
> > to everyone, anyway?
>
> It's clear you're not a journalist or working in any other
> profession where you actually need to be
On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote:
> Iang wrote:
>
> >Why do we need the 1980s assumption of >being able to send freely
> >to everyone, anyway?
>
> tech.supp...@i.bought.your.busted.thing.com is one that comes to
> mind. i...@sale.me.your.thing.com is another. I think the
Phillip Hallam-Baker wrote:
>One hypothesis that I would like to throw >out is that there is no point in
>accepting >encrypted email from someone who does >not have a key to encrypt
>the response.
I'd agree, as I was in just this position in the last week or so: I got a gpg
encryped email from
On Tue, Aug 27, 2013 at 5:04 PM, Wendy M. Grossman <
wen...@pelicancrossing.net> wrote:
> On 08/27/2013 18:34, ianG wrote:
> > Why do we need the 1980s assumption of being able to send freely to
> > everyone, anyway?
>
> It's clear you're not a journalist or working in any other profession
> where
On Tue, Aug 27, 2013 at 2:04 PM, Wendy M. Grossman <
wen...@pelicancrossing.net> wrote:
> It's clear you're not a journalist or working in any other profession
> where you actually need to be able to communicate spontaneously with
> strangers.
>
And if the people who attacked the NY Times' DNS to
On 08/27/2013 18:34, ianG wrote:
> Why do we need the 1980s assumption of being able to send freely to
> everyone, anyway?
It's clear you're not a journalist or working in any other profession
where you actually need to be able to communicate spontaneously with
strangers.
wg
--
www.pelicancrossi
Iang wrote:
>Why do we need the 1980s assumption of >being able to send freely to
>everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to mind.
i...@sale.me.your.thing.com is another. I think the types of "prior whitelist
only" secure systems being discussed on-list
On 26/08/13 08:47 AM, Richard Clayton wrote:
Even without the recent uproar over email privacy, at some point, someone was
going to come up with a product along the following lines: Buy a cheap,
preconfigured box with an absurd amount of space (relative to the "huge" amounts
of space, like 10GB
On Aug 26, 2013, at 5:27 PM, The Doctor wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
>
>> Which is why I think Ted Lemon's idea about using Facebook type
>> friending may be necessary.
>
> Or Gchat-style contacts.
>
>> I do
On 8/26/13 8:14 AM, Perry E. Metzger wrote:
> there is a good reason that I proposed that in the
> long run, whitelist only systems like Jabber and Facebook messaging
> are a better model.
As one of those Jabber guys, I agree. :-)
Perry, thanks for starting some very interesting threads here --
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
> Which is why I think Ted Lemon's idea about using Facebook type
> friending may be necessary.
Or Gchat-style contacts.
> I don't think we can rely on that for Key distribution. But I think
> it
On Mon, Aug 26, 2013 at 02:44:32PM -0400, Perry E. Metzger wrote:
> > My main issue with this proposal is that somebody identifiable is
> > going to manufacture these boxes. Maybe several somebodies, but
> > IMO, that's an identifiable central point of control/failure.
Recently there's a trend f
On Mon, 26 Aug 2013 10:40:17 -0700 Ray Dillinger
wrote:
> On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
>
> > So, imagine that we have the situation described by part 1 (some
> > universal system for mapping name@domain type identifiers into
> > keys with reasonable trust) and part 2 (most user
On 08/25/2013 08:32 PM, Jerry Leichter wrote:
Where
mail servers have gotten into trouble is when they've tried to provide
additional services - e.g., virus scanners, which then try to look
inside of complex formats like zip files. This is exactly the kind
of thing you want to avoid - another p
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into keys
with reasonable trust) and part 2 (most users having some sort of
long lived $40 device attached to their home netw
On Mon, Aug 26, 2013 at 1:47 AM, Richard Clayton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> In message , Jerry Leichter
> writes
>
> >On the flip side, mail systems like gMail or Yahoo mail are complex and
> >difficult to run *exactly because they are immense*.
>
> The mail syst
On Aug 26, 2013, at 10:14 AM, Perry E. Metzger wrote:
> On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
> wrote:
>> If you run your own emails system then you'll rapidly find out what
>> 2013's spam / malware problem looks like.
>
> This is slightly off topic, but...
>
> As it happens, I ru
Hi,
On 26.08.2013 00:28, Perry E. Metzger wrote:
> We probably don't want any sort of central service running this
> network that could be easily disrupted, so identifier to IP address
> information should probably be stored in some big honking DHT, signed
> in the ID's key. Access to the DHT prob
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
wrote:
> If you run your own emails system then you'll rapidly find out what
> 2013's spam / malware problem looks like.
This is slightly off topic, but...
As it happens, I run my own email system (and run email for a few
other people at the sam
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In message , Jerry Leichter
writes
>On the flip side, mail systems like gMail or Yahoo mail are complex and
>difficult to run *exactly because they are immense*.
The mail systems part is really rather simple... and pretty much looks
after itself. T
On Aug 25, 2013, at 7:04 PM, Christian Huitema wrote:
> I think we can agree that the first step is to deploy home servers, and that
> the first application there would to host communication applications. Just
> doing that without much other change would already provide protection
> against the "
On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
> ...Similar techniques may be useful for voice traffic, but that has
> "interesting" latency requirements, and they're hard to fulfill with a
> mix network that might take arbitrary time. There's been some
>
On Sun, 25 Aug 2013 16:04:59 -0700 "Christian Huitema"
wrote:
> I think we can agree that the first step is to deploy home servers,
> and that the first application there would to host communication
> applications. Just doing that without much other change would
> already provide protection again
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the "silent spying" that goes on in big cloud servers.
Initial depl
[Third in an ongoing series. Disclaimer yet again: I make few claims
of the contents here being specifically original to me. Mix networks
and the like have been discussed forever, and I'm sure others have
been having similar thoughts to this of late.]
The aim of the Tor network (which, it should b
39 matches
Mail list logo