On 8/25/13 at 8:32 PM, leich...@lrw.com (Jerry Leichter) wrote:
*The* biggest headache is HTTP support. Even the simplest
modern HTTP server is so complex you can never be reasonably
sure it's secure (though, granted, it's simpler than a
browser!) You'd want to stay simple and primitive.
On Aug 28, 2013, at 11:03 AM, Jonathan Thornburg wrote:
On Wed, 28 Aug 2013, Jerry Leichter wrote:
On the underlying matter of changing my public key: *Why* would I have
to change it? It's not, as today, because I've changed my ISP or employer
or some other random bit of routing
Hello, I'm new here, so I apologize if I'm repeating past arguments or
asking old questions.
On Tue, Aug 27, 2013 at 8:52 PM, Jerry Leichter leich...@lrw.com wrote:
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 22:04:22 +0100 Wendy M. Grossman
On Thu, Aug 29, 2013 at 3:31 PM, Callme Whatiwant nejuc...@gmail.comwrote:
Hello, I'm new here, so I apologize if I'm repeating past arguments or
asking old questions.
On Tue, Aug 27, 2013 at 8:52 PM, Jerry Leichter leich...@lrw.com wrote:
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Aug 29, 2013, at 3:43 AM, Jerry Leichter leich...@lrw.com wrote:
- If I need to change because the private key was compromised, there's
nothing I can do about past messages; the question is what I do to minimize
the number of new messages
On 27/08/13 at 10:05pm, Christian Huitema wrote:
Suppose, as in Bitcoin, my email address *is* my public key
You can even use some hash compression tricks so you only need 9 or 10
characters to express the address as hash of the public key.
That works very well, until you have to change
On Aug 28, 2013, at 4:24 AM, danimoth wrote:
On 27/08/13 at 10:05pm, Christian Huitema wrote:
Suppose, as in Bitcoin, my email address *is* my public key
You can even use some hash compression tricks so you only need 9 or 10
characters to express the address as hash of the public key.
On Wed, 28 Aug 2013, Jerry Leichter wrote:
On the underlying matter of changing my public key: *Why* would I have
to change it? It's not, as today, because I've changed my ISP or employer
or some other random bit of routing information - presumably it's because
my public key has been
On Aug 26, 2013, at 5:27 PM, The Doctor dr...@virtadpt.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
Which is why I think Ted Lemon's idea about using Facebook type
friending may be necessary.
Or Gchat-style contacts.
On 26/08/13 08:47 AM, Richard Clayton wrote:
Even without the recent uproar over email privacy, at some point, someone was
going to come up with a product along the following lines: Buy a cheap,
preconfigured box with an absurd amount of space (relative to the huge amounts
of space, like 10GB,
Iang wrote:
Why do we need the 1980s assumption of being able to send freely to
everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to mind.
i...@sale.me.your.thing.com is another. I think the types of prior whitelist
only secure systems being discussed on-list
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely to
everyone, anyway?
It's clear you're not a journalist or working in any other profession
where you actually need to be able to communicate spontaneously with
strangers.
wg
--
On Tue, Aug 27, 2013 at 2:04 PM, Wendy M. Grossman
wen...@pelicancrossing.net wrote:
It's clear you're not a journalist or working in any other profession
where you actually need to be able to communicate spontaneously with
strangers.
And if the people who attacked the NY Times' DNS today
On Tue, Aug 27, 2013 at 5:04 PM, Wendy M. Grossman
wen...@pelicancrossing.net wrote:
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely to
everyone, anyway?
It's clear you're not a journalist or working in any other profession
where you
Phillip Hallam-Baker wrote:
One hypothesis that I would like to throw out is that there is no point in
accepting encrypted email from someone who does not have a key to encrypt
the response.
I'd agree, as I was in just this position in the last week or so: I got a gpg
encryped email from
On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote:
Iang wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to
mind. i...@sale.me.your.thing.com is another. I think the types of
On Tue, 27 Aug 2013 22:04:22 +0100 Wendy M. Grossman
wen...@pelicancrossing.net wrote:
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
It's clear you're not a journalist or working in any other
profession where you
On 8/27/13 7:48 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 22:04:22 +0100 Wendy M. Grossman
wen...@pelicancrossing.net wrote:
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
It's clear you're not a journalist or
On 8/27/13 7:45 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 21:33:01 + radi...@gmail.com wrote:
Iang wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
tech.supp...@i.bought.your.busted.thing.com is one that comes to
mind.
On Aug 27, 2013, at 9:48 PM, Perry E. Metzger wrote:
On Tue, 27 Aug 2013 22:04:22 +0100 Wendy M. Grossman
wen...@pelicancrossing.net wrote:
On 08/27/2013 18:34, ianG wrote:
Why do we need the 1980s assumption of being able to send freely
to everyone, anyway?
It's clear you're not a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suppose, as in Bitcoin, my email address *is* my public key
You can even use some hash compression tricks so you only need 9 or 10
characters to express the address as hash of the public key.
That works very well, until you have to change the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
In message fdd34a58-6ce6-497a-a177-b940d36d0...@lrw.com, Jerry Leichter
leich...@lrw.com writes
On the flip side, mail systems like gMail or Yahoo mail are complex and
difficult to run *exactly because they are immense*.
The mail systems part is
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
rich...@highwayman.com wrote:
If you run your own emails system then you'll rapidly find out what
2013's spam / malware problem looks like.
This is slightly off topic, but...
As it happens, I run my own email system (and run email for a few
Hi,
On 26.08.2013 00:28, Perry E. Metzger wrote:
We probably don't want any sort of central service running this
network that could be easily disrupted, so identifier to IP address
information should probably be stored in some big honking DHT, signed
in the ID's key. Access to the DHT
On Aug 26, 2013, at 10:14 AM, Perry E. Metzger pe...@piermont.com wrote:
On Mon, 26 Aug 2013 06:47:49 +0100 Richard Clayton
rich...@highwayman.com wrote:
If you run your own emails system then you'll rapidly find out what
2013's spam / malware problem looks like.
This is slightly off
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into keys
with reasonable trust) and part 2 (most users having some sort of
long lived $40 device attached to their home
On 08/25/2013 08:32 PM, Jerry Leichter wrote:
Where
mail servers have gotten into trouble is when they've tried to provide
additional services - e.g., virus scanners, which then try to look
inside of complex formats like zip files. This is exactly the kind
of thing you want to avoid - another
On Mon, 26 Aug 2013 10:40:17 -0700 Ray Dillinger b...@sonic.net
wrote:
On 08/25/2013 03:28 PM, Perry E. Metzger wrote:
So, imagine that we have the situation described by part 1 (some
universal system for mapping name@domain type identifiers into
keys with reasonable trust) and part 2
On Mon, Aug 26, 2013 at 02:44:32PM -0400, Perry E. Metzger wrote:
My main issue with this proposal is that somebody identifiable is
going to manufacture these boxes. Maybe several somebodies, but
IMO, that's an identifiable central point of control/failure.
Recently there's a trend for at
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/26/2013 08:46 AM, Phillip Hallam-Baker wrote:
Which is why I think Ted Lemon's idea about using Facebook type
friending may be necessary.
Or Gchat-style contacts.
I don't think we can rely on that for Key distribution. But I think
it
On 8/26/13 8:14 AM, Perry E. Metzger wrote:
there is a good reason that I proposed that in the
long run, whitelist only systems like Jabber and Facebook messaging
are a better model.
As one of those Jabber guys, I agree. :-)
Perry, thanks for starting some very interesting threads here --
[Third in an ongoing series. Disclaimer yet again: I make few claims
of the contents here being specifically original to me. Mix networks
and the like have been discussed forever, and I'm sure others have
been having similar thoughts to this of late.]
The aim of the Tor network (which, it should
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the silent spying that goes on in big cloud servers.
Initial
On Sun, 25 Aug 2013 16:04:59 -0700 Christian Huitema
huit...@huitema.net wrote:
I think we can agree that the first step is to deploy home servers,
and that the first application there would to host communication
applications. Just doing that without much other change would
already provide
On Aug 25, 2013, at 6:28 PM, Perry E. Metzger wrote:
[Commenting on just one minor piece]
...Similar techniques may be useful for voice traffic, but that has
interesting latency requirements, and they're hard to fulfill with a
mix network that might take arbitrary time. There's been some
On Aug 25, 2013, at 7:04 PM, Christian Huitema wrote:
I think we can agree that the first step is to deploy home servers, and that
the first application there would to host communication applications. Just
doing that without much other change would already provide protection
against the
36 matches
Mail list logo