Re: It's time for PGP to die.

On 8/20/2014 2:04 AM, Johan Wevers wrote: > Ah yes, the supreme court has had its say. Now the question is, do the > prisoners at Guantanomo Bay notice anything of it? Yes, as you could discover by checking interviews with their lawyers. > ... have no access to lawyers ... Of course, checking in

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Wednesday 20 August 2014 at 7:04:23 AM, in , Johan Wevers wrote: > Now the > question is, do the prisoners at Guantanomo Bay notice > anything of it? Or will they still be tortured, have no > access to lawyers and get still no fair trial an

Re: It's time for PGP to die.

On 19-08-2014 22:49, Robert J. Hansen wrote: >> And do they get it or will the government just ignore the supreme >> court? > I could literally list *dozens* of cases where the Supreme Court told > Congress and the President "no" on subjects where Congress and the > President insisted they would

Re: Fwd: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 19 August 2014 at 11:48:29 PM, in , Robert J. Hansen wrote: > Yes, it's pure semantics. It's *law*. What, were you > expecting something else? Fair comment, but what has been described as "bargaining" is still coercion. > The

Re: Fwd: It's time for PGP to die.

> In my opinion that is pure semantics. In other news, water is wet, bricks are heavy, and politicians lie. Yes, it's pure semantics. It's *law*. What, were you expecting something else? Wake up and realize the essential nature of what you're talking about: law is *all about* formalism, syntax

Re: Fwd: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 19 August 2014 at 10:05:23 PM, in , Robert J. Hansen wrote: > What the prosecutor is offering there is, "you will plead guilty to > lesser charges, but I'm only willing to do this if you're willing to > show me the full extent of y

Re: Fwd: It's time for PGP to die.

Not coercion? Nope. That's a trade. Passphrase coercion is like so: "you will produce the passphrase, or you will sit in jail until you decide to produce the passphrase, and we're just fine if you sit in there the rest of your natural life, and once we get the passphrase then we'll decide whet

Re: It's time for PGP to die.

And do they get it or will the government just ignore the supreme court? This is the last I will be contributing to this misbegotten thread. The Supreme Court gets involved only rarely, but when they do, they settle the argument with the finality of a nuclear strike. Consider the Detainee Trea

Re: Fwd: It's time for PGP to die.

On Mon, Aug 18, 2014 at 10:43:49PM -0400, Robert J. Hansen wrote: > On 8/18/2014 9:32 PM, Bob Holtzman wrote: > > There are quite a few ways police and prosecutors can coerce a > > suspect to hand over his encryption key(s). > > Your examples which involve coercion are illegal, and the ones that

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am 19.08.2014 um 21:16 schrieb MFPA: > Hi > > > On Monday 18 August 2014 at 8:21:06 PM, in > , Robert J. Hansen wrote: > > > >> No, the Fourth Amendment protects all people within U.S. borders >> equally. Americans get no special protections ove

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 18 August 2014 at 8:21:06 PM, in , Robert J. Hansen wrote: > No, the Fourth Amendment protects all people within > U.S. borders equally. Americans get no special > protections over visitors to the country. Do people at a border cr

Re: Fwd: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 18 August 2014 at 1:25:41 PM, in , Robert J. Hansen wrote: > Basically, if the fact you know something would tend to > implicate you in the commission of a crime, then you > can't be compelled to reveal that you know it. Whether > i

Re: Fwd: It's time for PGP to die.

On 19-08-2014 4:43, Robert J. Hansen wrote: > real life. The DA is allowed to threaten prosecution of only those > crimes the DA reasonably believes a person violated, But that is a very vague criterium. "You liked Wikileaks on Facebook so I'm going to sue you for terrorism and treason". > Don'

Re: It's time for PGP to die.

On 19-08-2014 17:10, James Platt wrote: > In a more recent event, the Supreme Court ruled that Guantanamo Bay > is in the jurisdiction of the United States and, therefore, the > detainees moved there gained the protection of The Constitution. And do they get it or will the government just ignore

Re: Fwd: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Monday 18 August 2014 at 7:11:57 PM, in , Robert J. Hansen wrote: > If you're a witness > to a crime, you can be compelled to testify about what > you see. Yes, but they can't make you remember accurately what you saw, or tell you what to

Re: It's time for PGP to die.

On Aug 18, 2014, at 3:21 PM, Robert J. Hansen wrote: >> At least for US persons, iirc the protection doesn't extend beyond >> that? > > No, the Fourth Amendment protects all people within U.S. borders > equally. Americans get no special protections over visitors to the country. The Fourteenth

Re: Fwd: It's time for PGP to die.

On 8/18/2014 9:32 PM, Bob Holtzman wrote: > There are quite a few ways police and prosecutors can coerce a > suspect to hand over his encryption key(s). Your examples which involve coercion are illegal, and the ones that are legal do not involve coercion. > Dangling the prospect of a lighter sen

Re: Fwd: It's time for PGP to die.

On Sun, Aug 17, 2014 at 04:42:52PM -0400, Robert J. Hansen wrote: > > Unfortunately most of us do. Including the US, UK and the Dutch are > > aklso pushing for such laws. > > Speaking only for the U.S., this is not the case. Dream on. > The United States Constitution protects an individual's ri

Re: It's time for PGP to die

>> Once a crisp and nicely implementable asynchronous protocol with forward >> secrecy comes up, however, we should have it implemented >> immediately.(The synchronous ones are easy, of course.) >Whispersystems has done a good job with Textsecure as ar as I read the >opinions about it. In practi

Re: Fwd: It's time for PGP to die.

On 18-08-2014 20:11, Robert J. Hansen wrote: > Err -- *what* right to remain silent? No country has a universal right > to remain silent. If you're a witness to a crime, you can be compelled > to testify about what you see. Yes, unfortunately. > If you're in possession of documents > that are

Re: It's time for PGP to die.

> At least for US persons, iirc the protection doesn't extend beyond > that? No, the Fourth Amendment protects all people within U.S. borders equally. Americans get no special protections over visitors to the country. ___ Gnupg-users mailing list Gnup

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 08/18/2014 09:03 PM, Robert J. Hansen wrote: >> The article also mentions the issue of inspections at border >> crossings which are not criminal investigations. > > A U.S. appellate court recently ruled that inspections of laptop > contents at b

Re: It's time for PGP to die.

> The article also mentions the issue of inspections at border crossings > which are not criminal investigations. A U.S. appellate court recently ruled that inspections of laptop contents at border crossings violated the Fourth Amendment. It's currently being appealed, but so far the tea leaves a

Re: It's time for PGP to die.

> Something better needs to live. That's the opposite of what he is > saying. What a negative Nancy. (Long anecdote, but I promise, it's relevant.) = I live maybe ten miles away from the world's largest firearms museum. When I first moved to this area a couple of years ago I figured I'd take

Re: It's time for PGP to die.

On Aug 18, 2014, at 7:13 AM, Jerry wrote: > The entire article is available here: > As the article says, the question of whether the 5th Amendment applies to passphrases remains unclear. There have been conflict

Re: Fwd: It's time for PGP to die.

> Well, I see some ridiculous sentences of US judges published here, > but I realize that only the most stupid ones reach the press here. > However, since US law has something called "subphoena", which I > consider a grave violation of the right to remain silent, I have not > much trust in US l

Re: Fwd: It's time for PGP to die.

On 18/08/14 16:15, Aaron Toponce wrote: > Also, many big mail vendors have already enabled SSL/TLS/STARTTLS, such as > Google, Yahoo, and Microsoft. Unfortunately, so long as TLS is not demanded, a downgrade attack can easily disable it. My 2c Peter. -- I use the GNU Privacy Guard (GnuPG) in c

Re: It's time for PGP to die.

On 17/08/14 23:14, Robert J. Hansen wrote: > But let's be real careful about thinking we are in any way better > than other people. We're not. I completely agree with that statement but never read any disrespect in the mail you are replying to. It /can/ be read that way, I agree. So it might be g

(OT) It's time for PGP to die.

On 18/08/14 19:28, Johan Wevers wrote: > And then they became "witnesses" and had to testify. Considering what > could happen to them if they talked they suddenly all had amnesia... Classic prisoners dillemma! You know, they should arrest a whole lot of these groups, and in a controlled setting tr

Re: Fwd: It's time for PGP to die.

On 18-08-2014 14:31, Robert J. Hansen wrote: >> And who determines wether it has any "testimonial value"? > Johan, we're entering paranoid fantasy here. If you truly believe the > whole of the USG is corrupt, Well, I see some ridiculous sentences of US judges published here, but I realize that

Re: Fwd: It's time for PGP to die.

On 18-08-2014 11:04, Rob Ambidge wrote: > But it is just legal theory, and I am no expert in law, american law, or > even cryptography. So what happens in practice is anyone's guess really. I've seen what happens in practice: some group of people was accused of organized growing of hennep. They a

Re: Fwd: It's time for PGP to die.

On Mon, Aug 18, 2014 at 12:24:43PM -0400, Mark H. Wood wrote: > Sure, it does encrypt mail. My SMTP has mail from me to deliver. It > contacts an SMTP that it thinks can get the mail closer to its > addressee. My SMTP sends STARTTLS, the receiving SMTP agrees, they > handshake, and the rest of t

Re: It's time for PGP to die.

On Sun, Aug 17, 2014 at 10:41:27AM +0100, da...@gbenet.com wrote: > Time to die? Well after 20 years I think it is all very academic - professors > sit in class > rooms the world over - not much common sense comes out of their mouths. The > real issues are: > > (a) do we want to implement our ow

Re: Fwd: It's time for PGP to die.

On Mon, Aug 18, 2014 at 08:15:49AM -0600, Aaron Toponce wrote: > On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: > > Perhaps it would be a start if sites providing SMTP would turn on > > STARTTLS. > > STARTTLS does not encrypt mail. It only provides safe passage over the > network.

Re: Fwd: It's time for PGP to die.

On Mon, Aug 18, 2014 at 09:59:33AM -0400, Mark H. Wood wrote: > Perhaps it would be a start if sites providing SMTP would turn on > STARTTLS. STARTTLS does not encrypt mail. It only provides safe passage over the network. It is also client/server encrypted and decrypted. Thus, an administrator wit

Re: Fwd: It's time for PGP to die.

On Sun, Aug 17, 2014 at 12:41:52AM +0100, Nicholas Cole wrote: > On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen > wrote: [snip] > > OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in > > this blogpost: OpenPGP can't protect your metadata, and that turns out > > to often be

Re: Fwd: It's time for PGP to die.

Am 18.08.2014 um 14:31 schrieb Robert J. Hansen: > On 8/18/2014 2:01 AM, Johan Wevers wrote: >> And who determines wether it has any "testimonial value"? > > Johan, we're entering paranoid fantasy here. If you truly believe the > whole of the USG is corrupt, and that our independent judiciary is

Re: It's time for PGP to die.

Much of the discussion has been about what analogy comes closest. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. s/Prosecutors/Judges Nobody really cares what prosecutors view it as: the question is what they can get

Re: Fwd: It's time for PGP to die.

On 8/18/2014 2:01 AM, Johan Wevers wrote: > And who determines wether it has any "testimonial value"? Johan, we're entering paranoid fantasy here. If you truly believe the whole of the USG is corrupt, and that our independent judiciary is in cahoots with a corrupt Executive and Legislature in ord

Re: It's time for PGP to die.

On Mon, 18 Aug 2014 10:04:54 +0100, Rob Ambidge stated: > I read an article or something a while back stating the legal theory that > if your passphrase is an admittance to a past crime, to hand over said > passphrase would constitute as having said "testimonial value" and you > could get away wit

Re: Fwd: It's time for PGP to die.

On 8/18/2014 5:04 AM, Rob Ambidge wrote: > I read an article or something a while back stating the legal theory > that if your passphrase is an admittance to a past crime, to hand > over said passphrase would constitute as having said "testimonial > value" and you could get away with not disclosin

Re: Fwd: It's time for PGP to die.

I read an article or something a while back stating the legal theory that if your passphrase is an admittance to a past crime, to hand over said passphrase would constitute as having said "testimonial value" and you could get away with not disclosing the passphrase. But it is just legal theory,

Re: It's time for PGP to die.

On Sun, Aug 17, 2014 at 10:14 PM, Robert J. Hansen wrote: >> Leaving aside the issue of how popular encryption of mail is - we are >> faced with the fact that 98 per cent of computer users are completely >> ignorant about software and hardware. But even if they weren't, the problem is that OpenP

Re: Fwd: It's time for PGP to die.

On 17-08-2014 22:42, Robert J. Hansen wrote: > The only time production of a passphrase is permitted is when > it lacks any testimonial value. And who determines wether it has any "testimonial value"? That sounds like a fine legal loophole to pressure someone into telling the passphrase. In thos

Re: It's time for PGP to die.

> To mop a floor (or, indeed, to concrete a floor) you start at the > opposite end to the door you will leave through and you work towards > the door, keeping off the bit you have already done. Yes. And somehow, I keep on getting soapy water on my shoes.

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 17 August 2014 at 10:14:51 PM, in , Robert J. Hansen wrote: > I was watching a janitor mop a floor... without leaving > footprints in anything. It struck me because I mopped > my kitchen floor recently and wound up with soapy water

Re: Fwd: It's time for PGP to die.

> Unfortunately most of us do. Including the US, UK and the Dutch are > aklso pushing for such laws. Speaking only for the U.S., this is not the case. The United States Constitution protects an individual's right not to testify against themselves. If the production of a passphrase would have any

Re: It's time for PGP to die.

> Leaving aside the issue of how popular encryption of mail is - we are > faced with the fact that 98 per cent of computer users are completely > ignorant about software and hardware. "Completely ignorant" is an overstatement. Few people today are completely ignorant about software and hardware.

Re: It's time for PGP to die.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 17 August 2014 at 10:41:27 AM, in , da...@gbenet.com wrote: > I've been using gnupg for many many years. I have 199 > users in my key ring and 99.99 per cent are > "untrusted." A fact that I for one do not mind. You > don't trust m

Re: Fwd: It's time for PGP to die.

On 17-08-2014 17:08, Michael Anders wrote: > Your private key is compromized if your system > has been hacked(if you don't live in a police state where authorities > can force you to reveal it). Unfortunately most of us do. Including the US, UK and the Dutch are aklso pushing for such laws. > On

Re: Fwd: It's time for PGP to die.

I share most of Greene's arguments agaist PGP to a limited extent, however, he seems strongly biased against it. There are two points, in which I strongly disagree with Greene: A) For me forward secrecy is not of utmost importance for asymmetric end to end mail encryption. Your private key is comp

Re: It's time for PGP to die.

On Sun, 17 Aug 2014 12:17, pe...@digitalbrains.com said: > - MUA's still work with RFC-822 based mail, with a sort of "dummy" envelope > that > holds an encrypted MIME message/rfc822 inside with the real metadata. These > MUA's still talk IMAP and SMTP. Exactly. Pprobably some MUAs need some fix

Re: It's time for PGP to die.

On 17.08.2014, da...@gbenet.com wrote: > Leaving aside the issue of how popular encryption of mail is - we are faced > with the fact > that 98 per cent of computer users are completely ignorant about software and > hardware. They > just go into PC World and buy what they like. Looking around w

Re: It's time for PGP to die.

On 17/08/14 11:57, Werner Koch wrote: > Using this feature it is possible to keep the entire RFC-822 based mail > infrastructure while using a different transport mechanism. This can be > done mostly transparent for existing applications using a private or > corporate gateways. So basically what

Mail header encryption (was Re: It's time for PGP to die.)

On 17/08/14 03:05, Garreau, Alexandre wrote: > Well, afaik, there’s *no* MIME header which is required for delivery However, in practice, MTA's, and specific configurations of MTA's, might depend on headers in the mail: - Spam filtering setups. Enough said. - Microsoft Exchange[1] is not an RFC2

Re: It's time for PGP to die.

On Sun, 17 Aug 2014 01:08, r...@sixdemonbag.org said: > this blogpost: OpenPGP can't protect your metadata, and that turns out > to often be higher-value content than your emails themselves are. > Further, exposed metadata is inherent to SMTP, which means this problem > is going to be absolutely d

Re: It's time for PGP to die.

On 17/08/14 08:57, Heinz Diehl wrote: > On 16.08.2014, Kristy Chambers wrote: > >> Sorry for that crap subject. I just want to leave this. > [] > > The use of PGP/GPG depends entirely on the respective needs and > and context. For me, it has been working perfectly in many years, and > thus,

Re: It's time for PGP to die.

On 16.08.2014, Kristy Chambers wrote: > Sorry for that crap subject. I just want to leave this. [] The use of PGP/GPG depends entirely on the respective needs and and context. For me, it has been working perfectly in many years, and thus, what's described in this article is a good example fo

Re: Fwd: It's time for PGP to die.

On 8/16/2014 7:41 PM, Nicholas Cole wrote: > There are 25 years invested in making PGP work. Many subtle bugs and > security errors in the protocol and the gnupg implementation have been > worked out. Throwing out PGP would be a bit like making this > mistake: More or less, yeah. Someday I'm go

Re: Fwd: It's time for PGP to die.

On 2014-08-17 at 01:41, Nicholas Cole wrote: > On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen > wrote: >> OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in >> this blogpost: OpenPGP can't protect your metadata, and that turns out >> to often be higher-value content than y

Fwd: It's time for PGP to die.

On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen wrote: > On 8/16/2014 1:14 PM, Kristy Chambers wrote: >> Sorry for that crap subject. I just want to leave this. > > Meh. Color me unimpressed. This was a terrific post. Thank you, Robert. [snip] > * "No forward secrecy." Not everyone needs

Re: It's time for PGP to die.

On 8/16/2014 1:14 PM, Kristy Chambers wrote: > Sorry for that crap subject. I just want to leave this. Meh. Color me unimpressed. * "PGP keys suck." No, asymmetric key infrastructure sucks in general. OpenPGP provides no infrastructure, only tools with which to build infrastructure. If your

Re: It's time for PGP to die.

On 2014-08-16 at 19:14, Kristy Chambers wrote: > Sorry for that crap subject. I just want to leave this. > http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html Yeah, PGP’s what I’d call something coming with and for the “old” Internet, the slow, federated, cleartext, client–s

It's time for PGP to die.

Sorry for that crap subject. I just want to leave this. http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html Regards, Chambers ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users