The more interesting point is high vs low latency. I really like the
idea of having a high-latency option in Tor. It would still need to
have a lot of users to actually be useful, though. But it seems there
are various protocols that would be ore high-latency-friendly than
HTTP - SMTP, of
Given those shortcomings I think is not wise to recommend it unless your
enemy doesn't have the resources of a country. That being said, it's the
best tool at the moment, lights year ahead of other popular software
like
Cryptocat, whose end-point security should be considered not only
On 2/07/13 11:17 AM, aort...@alu.itba.edu.ar wrote:
But I don't blame you. I don't think any real-time chat can ever be made
safe and by safe I mean anonymous, because of its low-latency nature.
On a tangent, I have often wanted high-latency chat because high-speed
chat is so damn
On 2/07/13 03:33 AM, mtm wrote:
as a spartan of sorts, and one thats shared laphroig with both a plank
member of the nsa and the creator of fbi's hrt, id like to say these
fellas are decent men and not petty.
I know a few of the older ones as well. They are indeed decent men, and
BTNS (better than nothing security) for IPSec could save it.
There is precedent: the ideas behind SSH totally swept out
secure-telnet within a year or so. Skype demolished other VoIP
providers, because its keys were hidden. The same thing happened with
that email transport security system.
I think it time to deprecate non-https (and non-forward secret
ciphersuites.) Compute power has moved on, session cacheing works,
symmetric crypto is cheap.
Btw did anyone get a handle on session resumption - does it provide forward
secrecy (via k' = H(k)?). Otherwise I saw concerns a disk
On 2/07/13 13:25 PM, Adam Back wrote:
I think it time to deprecate non-https (and non-forward secret
ciphersuites.) Compute power has moved on, session cacheing works,
symmetric crypto is cheap.
Good point -- anything that contributes to the HTTPS Everywhere
campaign is a good thing. As an
On 2 July 2013 11:25, Adam Back a...@cypherspace.org wrote:
I think it time to deprecate non-https (and non-forward secret
ciphersuites.) Compute power has moved on, session cacheing works,
symmetric crypto is cheap.
Btw did anyone get a handle on session resumption - does it provide forward
Hello cryptographers,
We are excited to share that the Open Technology Fund (OTF) at Radio
Free Asia's (RFA) ongoing solicitation of concept notes is open and
receiving proposals. We seek to fund disruptive technology projects that
advance global Internet freedom and human rights online. If you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 30/06/13 20:32, Jacob Appelbaum wrote:
Michael Rogers:
I'd love to see a revitalisation of remailer research, focussing
on unlinkability (which we know many people would benefit from)
rather than sender anonymity (which fewer people need, and
Il 7/1/13 1:32 PM, Tom Ritter ha scritto:
I'm not saying GlobaLeaks+Tor is safe. I'm saying I think our current
remailer network is wildly unsafe. (Now what I think about fixing
it... that's a whole other story, for a whole other time.)
While it's outside the scope of GlobaLeaks to provide a
aort...@alu.itba.edu.ar:
The more interesting point is high vs low latency. I really like the
idea of having a high-latency option in Tor. It would still need to
have a lot of users to actually be useful, though. But it seems there
are various protocols that would be ore high-latency-friendly
I think DANE will help with that. But that's blocked on having enough/easy
DNSSEC-capable registrars.
- Taral
On Jul 2, 2013 3:26 AM, Adam Back a...@cypherspace.org wrote:
I think it time to deprecate non-https (and non-forward secret
ciphersuites.) Compute power has moved on, session
On Tue, Jul 02, 2013 at 11:48:02AM +0100, Ben Laurie wrote:
On 2 July 2013 11:25, Adam Back a...@cypherspace.org wrote:
does it provide forward secrecy (via k' = H(k)?).
Resumed [SSL] sessions do not give forward secrecy. Sessions should be
expired regularly, therefore.
That seems like an
On Tue, Jul 2, 2013 at 2:07 AM, ianG i...@iang.org wrote:
... it only takes a few
deviations to drift into crisis when power is large and concentrated.
the behemoth that is the current intelligence apparatus(es) is most
disturbing in this aspect; truly excessive concentration of power
unethical
On 2013-07-02, at 4:17 AM, aort...@alu.itba.edu.ar wrote:
Given those shortcomings I think is not wise to recommend it unless your
enemy doesn't have the resources of a country. That being said, it's the
best tool at the moment, lights year ahead of other popular software
like
Cryptocat,
On 2 July 2013 16:07, Adam Back a...@cypherspace.org wrote:
On Tue, Jul 02, 2013 at 11:48:02AM +0100, Ben Laurie wrote:
On 2 July 2013 11:25, Adam Back a...@cypherspace.org wrote:
does it provide forward secrecy (via k' = H(k)?).
Resumed [SSL] sessions do not give forward secrecy. Sessions
On Jul 2, 2013, at 1:52 PM, Ben Laurie b...@links.org wrote:
Alternatively, we stay in this world, clients expire sessions hourly,
and we're all happy.
Is this what most recent browsers do? They expire their TLS sessions after an
hour? That would be nice.
--Paul Hoffman
On Tue, July 2, 2013 2:02 pm, Paul Hoffman wrote:
On Jul 2, 2013, at 1:52 PM, Ben Laurie b...@links.org wrote:
Alternatively, we stay in this world, clients expire sessions hourly,
and we're all happy.
Is this what most recent browsers do? They expire their TLS sessions after
an hour?
On Jul 2, 2013, at 2:59 PM, Ryan Sleevi ryan+cryptogra...@sleevi.com wrote:
On Tue, July 2, 2013 2:02 pm, Paul Hoffman wrote:
On Jul 2, 2013, at 1:52 PM, Ben Laurie b...@links.org wrote:
Alternatively, we stay in this world, clients expire sessions hourly,
and we're all happy.
Is this
20 matches
Mail list logo