On 29/08/13 at 11:54pm, zooko wrote:
> The Least-Authority Filesystem does all of the above. We have some pretty good
> docs:
>
> https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/about.rst
>
> http://code.google.com/p/nilestore/wiki/TahoeLAFSBasics
>
> https://tahoe-lafs.org/trac/tahoe-
On Thu, Aug 29, 2013 at 02:44:37PM +0200, danimoth wrote:
> On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
> > A suspicious user may wonder, how can he be sure that the service
> > indeed uses the provided source code. IMHO, end-to-end security can be
> > really verifiable--from the user perspective--
On 29/08/13 at 03:09pm, Nikos Fotiou wrote:
> A suspicious user may wonder, how can he be sure that the service
> indeed uses the provided source code. IMHO, end-to-end security can be
> really verifiable--from the user perspective--if it can be attested by
> examining only the source code of the a
Considering that it's designed to not trust the servers in the first
place (just your gateway, which often will be part of your own client
or otherwise run locally), it's not all too hard. If you've verified
the client, then you can be sure your data is secure.
2013/8/29 Nikos Fotiou :
> A naive c
A naive comment.
In his first email Zooko states:
"S4 offers “*verifiable* end-to-end security” because all of the source
code that makes up the Simple Secure Storage Service is published for
everyone to see"
A suspicious user may wonder, how can he be sure that the service
indeed uses the provi
On 16/08/13 22:11 PM, zooko wrote:
On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
Nothing really gets anyone past the enormous supply of zero-day vulns in their
complete stacks. In the end I assume there's no technological PRISM
workarounds.
I agree that compromise of the c
On Fri, Aug 16, 2013 at 2:11 PM, zooko wrote:
> On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
>>
>> Nothing really gets anyone past the enormous supply of zero-day vulns in
>> their complete stacks. In the end I assume there's no technological PRISM
>> workarounds.
>
> I agree
On Tue, Aug 13, 2013 at 01:52:38PM -0500, Nicolai wrote:
>
> Zooko: Congrats on the service. I'm wondering if you could mention on the
> site which primitives are used client-side. All I see is that combinations
> of sftp and ssl are used for data-in-flight.
Thanks!
I'm not sure what your qu
On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
>
> Nothing really gets anyone past the enormous supply of zero-day vulns in
> their complete stacks. In the end I assume there's no technological PRISM
> workarounds.
I agree that compromise of the client is relevant. My current b
On Thu, 15 Aug 2013 13:11, wasabe...@gmail.com said:
> To: and From: headers leak the emails/identity of communicating parties,
> but it's not the only place that happens. I've never used PGP but I've used
OpenPGP allows sending messages without information on the used keys
(e.g. gpg --throw-keyid
Yeah. It's also worth pointing out that it is more or less impractical
to secure email. The result is paper-success-reality-fail. This has
been an observation for a long time. For recent evidence see Silent
Circle's decision to drop their secured email offering. I would say it
is mostly be
To: and From: headers leak the emails/identity of communicating parties,
but it's not the only place that happens. I've never used PGP but I've used
SMIME, so I'll refer to SMIME here (that may also apply to PGP anyway). In
SMIME, the keyWrap (which contains the AES key encrypted under each
recipie
On Wed, Aug 14, 2013 at 09:47:09AM +1000, James A. Donald wrote:
> On 2013-08-14 6:10 AM, Nico Williams wrote:
> > - it's really not easy to defeat the PRISMs. the problem is
> >*political* more than technological.
>
> For a human to read all communications would be an impossible burden.
We're
On 2013-08-14 6:10 AM, Nico Williams wrote:
- it's really not easy to defeat the PRISMs. the problem is
*political* more than technological.
For a human to read all communications would be an impossible burden.
Instead, apply the following algorithm. Identify people of interest.
Read com
On Tue, Aug 13, 2013 at 01:09:15PM -0600, Peter Saint-Andre wrote:
> On 8/13/13 12:53 PM, ianG wrote:
> > On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
> >> On 8/13/13 11:02 AM, ianG wrote:
> >>> Super! I think a commercial operator is an essential step forward.
> >>
> >> How so? Centralization v
On Tue, Aug 13, 2013 at 2:09 PM, Peter Saint-Andre wrote:
> Although presumably there would be value in shutting down a
> privacy-protecting service just so that people can't benefit from it any
> longer. When the assumption is that everything must be public, any
> service that keeps some informat
On Tue, Aug 13, 2013 at 12:02 PM, ianG wrote:
> Super! I think a commercial operator is an essential step forward.
A few points:
- if only you access your own files then there's much less interest
for a government in your files: they might contain evidence of crimes
and conspiracies, but you c
On 8/13/13 12:53 PM, ianG wrote:
> On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
>> On 8/13/13 11:02 AM, ianG wrote:
>>> Super! I think a commercial operator is an essential step forward.
>>
>> How so? Centralization via commercial operators doesn't seem to have
>> helped in the email space latel
On Tue, Aug 13, 2013 at 11:16:58AM -0600, Peter Saint-Andre wrote:
> On 8/13/13 11:02 AM, ianG wrote:
> > Super! I think a commercial operator is an essential step forward.
>
> How so? Centralization via commercial operators doesn't seem to have
> helped in the email space lately.
Previously: Mo
On 13/08/13 20:16 PM, Peter Saint-Andre wrote:
On 8/13/13 11:02 AM, ianG wrote:
Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial operators doesn't seem to have
helped in the email space lately.
Centralisation works when the server doe
On Tue, Aug 13, 2013 at 5:16 PM, Peter Saint-Andre wrote:
> On 8/13/13 11:02 AM, ianG wrote:
>> Super! I think a commercial operator is an essential step forward.
>
> How so? Centralization via commercial operators doesn't seem to have helped
> in the email space lately.
It helps because we at
On 8/13/13 11:02 AM, ianG wrote:
> Super! I think a commercial operator is an essential step forward.
How so? Centralization via commercial operators doesn't seem to have
helped in the email space lately.
Peter
--
Peter Saint-Andre
https://stpeter.im/
Super! I think a commercial operator is an essential step forward.
Q: do you have some sense of how long the accesses take? E.g., I'm at
the end of a long ping, will I expect the actions to take ms, s, or ks?
iang
On 13/08/13 18:56 PM, Zooko Wilcox-OHearn wrote:
Dear people of the cryptog
Dear people of the cryptography@randombit.net mailing list:
For obvious reasons, the time has come to push hard on *verifiable*
end-to-end encryption. Here's our first attempt. We intend to bring
more!
We welcome criticism, suggestions, and requests.
Regards,
Zooko Wilcox-O'Hearn
Founder, CEO,
24 matches
Mail list logo