Wow! What a mighty leap of faith!
Let me offer a different view...
Stephen's CERT proves that the sender is a person who got a CERT from some CERT
provider and has a contract with that provider, but has no contract with Anthony,
so that when Steven does something bad to Anthony, like snd him
Franck writes:
> Someone unknown to me send me an e-mail. I do not
> receive this e-mail yet but an automatic reply ask
> the person to perform a task to authenticate itself...
> Like replying to a specific address after reading
> the message (something like a simple Turing test to
> prove the per
Einar writes:
> Wow! What a mighty leap of faith!
That's why they call it trust.
> Stephen's CERT proves that the sender is a person
> who got a CERT from some CERT provider and has a
> contract with that provider, but has no contract
> with Anthony ...
No. In cryptographic authentication, si
--On tirsdag, juni 03, 2003 23:13:24 +0200 Harald Tveit Alvestrand
<[EMAIL PROTECTED]> wrote:
I thought I'd try this
is there any particular disadvantage or centralization of power implied
in me signing this message with my PGP key?
If not, is there any particular reason that I shouldn't d
--On onsdag, juni 04, 2003 12:41:34 -0400 Dan Kolis
<[EMAIL PROTECTED]> wrote:
It was said about IMAP versus POP mail:
Perhaps those folks should use an implementation that can manipulate mail
offline and then sync with the server later.
Dan says:
The group I know have an information technology
[I sent this yesterday but the message appears to have gotten lost. Sorry
for the duplicate if both of them eventually show up.]
I've setup a temporary mailing list to handle discussion of an alternate
mail transfer system, which I expect will get replaced by a real list
eventually, assuming that
> I've setup a temporary mailing list to handle discussion of an
> alternate mail transfer system, which I expect will get replaced by a
> real list eventually, assuming that interest continues to progress. To
> subscribe to that list, send an email message to
> [EMAIL PROTECTED]
>
> I've also put
> is there any particular disadvantage or centralization of power implied in
> me signing this message with my PGP key?
IMHO none (except for the extra inocnvenience of periodically
typing in the [long!] passphrase and hitting an extra key).
> If not, is there any particular reason that I shoul
Harald Tveit Alvestrand wrote:
nope. we have had a lot of PGP key signing parties at IETFs, but
nothing "official".
I see, I might want to attend.
From what I've read, keys (or fingerprints?) were read aloud.
I generally use wwwkeys.eu.pgp.net when I look for keys, but there's
nothing very magi
--On onsdag, juni 04, 2003 14:16:50 +0200 Alexandru Petrescu
<[EMAIL PROTECTED]> wrote:
Harald Tveit Alvestrand wrote:
nope. we have had a lot of PGP key signing parties at IETFs, but
nothing "official".
I see, I might want to attend.
From what I've read, keys (or fingerprints?) were read alo
Harald Tveit Alvestrand wrote:
Can't I just create a public key with the Harald's name and email
address and then post to this list claiming I'm Harald?
However, those who care about whether it's me or you posting will
look at who signed it - that's why my key block is so huge; it's got
all th
Alexandru,
I think me replying to your questions here is no substitute for reading a
good introductory text on PGP... all this is explained, sometimes in
gruesome detail, in the
--On onsdag, juni 04, 2003 14:57:21 +0200 Alexandru Petrescu
<[EMAIL PROTECTED]> wrote:
Harald Tveit Alvestrand
Sorry for the sidebar distraction, those uninterested in POP vs. IMAP
should hit D now...
On Fri, 30 May 2003, Tony Hain wrote:
> Dave Crocker wrote:
> > The POP->IMAP example is excellent, since it really
> > demonstrates my point. IMAP is rather popular in some local
> > area network environmen
On Sat, 31 May 2003, Anthony Atkielski wrote:
> It's easy enough to say "I don't agree with you" without adding
> "because I think you're stupid."
True enough... but "You obviously have no experience..."
is *real* close to "I think you're stupid".
-teg
On Sat, 31 May 2003, Anthony Atkielski wrote:
> > I did. I created more than one e-mail address
> > without ever making them public, and though I
> > note some of them receive SPAM!
>
> Were the addresses along the lines of "postmaster," "info," or "webmaster,"
> by chance?
> They must either ha
On Sat, 31 May 2003, Anthony Atkielski wrote:
> Terry writes:
>
> > At least one of them is a combination of letters
> > and numbers that I would have expected to
> > resist most dictionary spam attacks.
>
> To whom have you sent e-mail from that address?
In several cases, *no* one. That is, th
I am sure you are right, but in the list below the bytes and
number-of-messages rankings are more or less identical. Since this is
in the context of overload of the list by a limited number of people,
the number of bytes real contribution is not relevant. People don't
read it anymore. All what coun
Franck Martin wrote:
it running at an individual user level with the www.keyservers.net
Which is not secure :-)
but for TLS NO CA will deliver a certificate that can sign other
certificates
One particular CA that is built in some particular MUA's does.
(corporate e-mail certificates).
Nothing st
Jari Arkko wrote:
So, its the same old question once again: how do we all enroll
ourselves to the same trusted root or web of trust? Should the next
PGP key signing party be held in the plenary, for everyone? Or maybe
Harald stands in the IETF reception desk to look at people's
passports and ce
Harald Tveit Alvestrand wrote:
I think me replying to your questions here is no substitute for
reading a good introductory text on PGP... all this is explained,
sometimes in gruesome detail, in the
I'm sorry, I didn't want to sound like making questions.
It is correct that I can find the right
> allows readers of this email to trust I am who I claim to be, "legally"
> (as if I showed an ID).
"Legally"?--Talk about a disaster in the making, but one that spammers
might save us from by demonstrating it's foolishiness. Where will
the secret key for signing mail be kept, but in something l
This also seems to fall into the definition of intimidation. Other similar
messages by Michel Py have been included below.
I ask the Chair to take the appropriate action.
--Dean
On Tue, 3 Jun 2003, Michel Py wrote:
> Added to the pro-troll and pro-spammer list: Richard Perlman.
Lots of users don't like you have to be connected to IMAP to do routine
things fulltime.
If your paying by the minute for CDMA2000, (for instance), getting frozen
out of doing anything when your not connected turns people off.
Network people like the reduced traffic on the network for POP logins
The mailext list has moved from the ListProc server on list.cren.net
to a Majordomo server at icm.org. This change has (among other) the
following effects:
1) List messages should be sent to "[EMAIL PROTECTED]".
2) List commands should be sent to "[EMAIL PROTECTED]".
The text of your mess
I've setup a temporary mailing list to handle discussion of an alternate
mail transfer system, which I expect will get replaced by a real list
eventually, assuming that interest continues to progress. To subscribe to
that list, send an email message to [EMAIL PROTECTED]
I've also put together a b
Joe and all,
Thanks Joe. You should send this to the E-Vote list as well.
I'm doing research on what is available with respect to web based (or
> email) interfaces that support political participation at the grass roots
> level (bottom up). This includes voting and organizational systems o
You can add me as well if you like, but I really think its your own reply
that was not fair. There is nothing from Richard's email that suggested
he's "pro-spammer" or "pro-troll". It's all regarding quility of discussions
on this list which have seriously deteriorated in the past week and his
m
The growth of this sort of traffic, and traffic responding to it, is
sufficient reason to avoid having a censorship/poster-blocking process.
On Wed, 4 Jun 2003, Dean Anderson wrote:
> I ask the Chair to take the appropriate action.
--
Please visit http://www.icannwatch.org
A. Mi
William,
I don't think you got it: we have a troll problem on this list. The
traffic pattern has been standard, with trolls being the top posters as
usual and when it gets to the point where the IETF chair has to step in,
the decision about the appropriateness of removing trolls has been made
alre
Thus spake "Dan Kolis" <[EMAIL PROTECTED]>
> Lots of users don't like you have to be connected to IMAP to do
> routine things fulltime.
>
> If your paying by the minute for CDMA2000, (for instance), getting
> frozen out of doing anything when your not connected turns people off.
Perhaps those folk
inline. I apologize in advance for so many questions. I have looked on the
ISOC site, and IAB site, and other pages to find the answers to these
questions.
On Wed, 4 Jun 2003, Harald Tveit Alvestrand wrote:
>
>
> --On tirsdag, juni 03, 2003 17:28:55 -0400 Dean Anderson <[EMAIL PROTECTED]>
> wrote
Terry,
TG> and I believe Dave's
TG> assessment is only true for residential ISPs, not enterprises.)
As I suspect Terry knows I know, the differences between pop and imap
are fundamental. I was making no comment on the utility of imap vs. pop.
This is about end-user adoption statistics.
i should
Excuses, I jumped too quickly into this discussion, and only then I read
the other posts on this thread, that already express what's important;
Vernon Schryver wrote:
"legally" (as if I showed an ID).
"Legally"?--Talk about a disaster in the making
I quoted "legally".
[...] require a passphrased f
Terry,
> Terry Gray wrote:
> In contrast, I suspect that most enterprises use either
> Exchange/MAPI or an IMAP-based solution (and of course
> Exchange also supports IMAP).
This is not the picture that I see. I think that I would have made the
same assumption you did (why bother using POP3 when
It was said about IMAP versus POP mail:
>Perhaps those folks should use an implementation that can manipulate mail
>offline and then sync with the server later.
Dan says:
The group I know have an information technology group which raid and
confiscate anything they don't install. They terrorize ev
Okay. Can somebody please tell me what the relevance of this is to the
IETF. This is absolute noise. Take this thread off-line. This list is
starting to annoy the heck out of me. I am starting to get the same feeling
about this list and SPAM. The list is starting to be unusable.
Moderator pl
In response to the various threads on authenticated email...
Yes, there is a value to authentication, even weak authentication. The vast
majority of spam uses a forged origin address, according to our measurements
and those of the FTC. By forged origin address I mean it was sent without
any form
On Wed, Jun 04, 2003 at 02:55:29PM +0300, Jari Arkko wrote:
> I don't have a good suggestion on how to resolve this, however.
> Perhaps the lowest common denominator is still a big enough
> deterrent? Note that help from a network entity is not likely
> solve this problem. Think about it: the avera
Thus spake "Michael Thomas" <[EMAIL PROTECTED]>
> It depends on what you mean by signing. Signing a message in and
> of itself ought not hurt anything modulo software bugs, etc. But the
> real question is what does the receiving program (MTA, MUA) do
> with that signature? At the very least it coul
Thus spake "Harald Tveit Alvestrand" <[EMAIL PROTECTED]>
> I thought I'd try this
>
> is there any particular disadvantage or centralization of power
> implied in me signing this message with my PGP key?
>
> If not, is there any particular reason that I shouldn't do this all the
> time?
>
> It'
Hi,
A little off the center of the road, but that's nothing new here.
As users tend to use HTTP email accounts; (for privacy, flirting, whatever)
in enterprises this makes it hard to snag viruses to some extent.
If the preferred solution in some server farm of linux and NT's whatever
is sna
On Wed, 04 Jun 2003 11:54:03 EDT, Dean Anderson said:
> Implementors are not the only users of standards. Businsess seek to
> purchase and sell "Standard" Services, and may receive just and public
> criticism for not providing the services they claim to provide. In some
> jurisdictions, this coul
Stephen Sprunk writes:
> Thus spake "Michael Thomas" <[EMAIL PROTECTED]>
> > It depends on what you mean by signing. Signing a message in and
> > of itself ought not hurt anything modulo software bugs, etc. But the
> > real question is what does the receiving program (MTA, MUA) do
> > with tha
Uri Blumenthal writes:
> > Let me ask something in return: do you think that
> > just the act of signing mail -- with no trust
> > roots implied -- could help? My sense is that it
> > might in a sow-the-seeds kind of way for some
> > later goodness (it's as you say not a solution).
> > I too
You made my point. Cisco was "justly and publicly" criticized with
"near-universal-derision" for not complying with the standard. Most
companies want to avoid that. False derision is actionable in many
jurisdictions.
--Dean
On Wed, 4 Jun 2003 [EMAIL PROTECTED] wrote:
> On Wed,
Stephen Sprunk writes:
> Thus spake "Harald Tveit Alvestrand" <[EMAIL PROTECTED]>
> > I thought I'd try this
> >
> > is there any particular disadvantage or centralization of power
> > implied in me signing this message with my PGP key?
> >
> > If not, is there any particular reason that
Dan,
A partial solution to _part_ of this problem lies in the
receiving MUA. To oversimplify quite a bit, there are three
things a receiving MUA can do with an HTTP body part:
* Discard it because it _might_ be dangerous. This is,
obviously, not a good general solution, but mi
Hi -
> From: "Michel Py" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: "IETF Discussion" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Tuesday, June 03, 2003 8:04 PM
> Subject: RE: This IETF discussion list
...
> already and is supported by the community. If you don't like it, you can
> e
Alexandru writes:
> Can't I just create a public key with the Harald's
> name and email address and then post to this list
> claiming I'm Harald?
Sure, but that wouldn't do much good, because of the way PGP's key
infrastructure works.
See, with PGP, you NEVER trust a key just because it claims t
Alexandru asks:
> So the level of trust depends on the number of signatures?
No, it depends on who signed the key. If you trust the people who signed
the key, then by extension, you can trust the key (because presumably
trustworthy individuals would not sign a key if they were not certain that
t
Terry writes:
> In contrast, I suspect that most enterprises use either
> Exchange/MAPI or an IMAP-based solution ...
Both solutions are extremely well suited to intracompany or
intraorganizational e-mail systems in relatively homogenous user
environments. I'd always recommend Microsoft Exchange
Michel writes:
> In Enterprise networks using GroupWise or Notes
> or Exchange, a good 80% to 100% of the clients are
> using the client software that pairs with the
> server software. So there is a GroupWise client,
> a Notes client and there used to be an Exchange
> client but now everyone uses
Stephen writes:
> Does my signature on this message make you trust
> it more than, say, the ten ads you got this morning
> for Viagra?
Yes.
> Why or why not?
It proves who you are, which means that you expose yourself to a certain
extent in the event that you do anything inappropriate with your
Stephen writes:
> Does my signature on this message make you trust
> it more than, say, the ten ads you got this morning
> for Viagra?
Your signature tells me nothing, its what I kinow about your private key
that is significant.
If there is someone I trust that signs a statement that says that t
www.spamassassin.org is a cost based system which is quite useful but has many false positives too
The best system I have found is tmda.sourceforge.net which concept is used on a couple of commercial individual systems...
The concept is quite simple...
Someone unknown to me send me an e
please note that the ptomaine list, formerly [EMAIL PROTECTED], has
been consumed by GROW.
Date: Fri, 2 May 2003 13:29:11 -0700
The PTOMAINE mailing list is in the process of being
retired. GROW is taking its place. If you are not already
on the GROW list and want to subscri
56 matches
Mail list logo
