Encrypted email continues to be often used around some places. And encrypted files for transmittal is common, too. Sometimes for online transmittal, other times for sending by offline means. Probably what is happening is that those using encryption do not advertise it as much as in earlier days, not least because of the ease with which it calls attention to users for traffic analysis by those who are happy the fools don't know what they reveal. And the more popluar encryption programs have no doubt been compromised -- that is what "enterprise" means: to lure or entrap crypto users into overly trusting supposedly secure encryption for easy snooping on employees and citizens. No serious info sec lover will use a single means for privacy. And will always beware of absolutely trustworthy anything. That is a mantra here. Turncoats abound, cpunks no different than anyone in succumbing to contracts, bribery, threats, compromise, jealousy, hatred, bitterness, and the rest of excuses shits give themselves for screwing those who counted on others being more stupid than they are. Recall that only a small number of cpunks ever posted to the list, and that remains the case. And quite a few of those posted to stimulate confessions and revealing info sec disclosures. Still not clear if public crypto was a masterful hoodwink, but likely is, perfectly fitting the internet's astonishing success at inducing millions to blab and brag and believe a new era had arrived, privacy protected by mathematics and open testing, not wanting to believe the mathematicians and testers got to make a living doing what has to be done to keep the whining family happy, burp, ahem, ROTFL, etc. Duplicity is inate, the boyos argue and have faith in, to justify their rigging the info sec game. At 09:00 AM 2/25/2008 +0100, Eugen Leitl wrote:
On Sun, Feb 24, 2008 at 07:30:54PM -0600, J.A. Terranson wrote:
At the end of 2004, my annual key expiration event was allowed to pass without genning a new key: nobody had sent me encrypted mail in ages [years], and being the prick that I am, I started a little game instead.
So nobody sends you encrypted mail.
I left the expired key on the .sig, and started the clock to see how long it would take for someone to notice. January 1, 2005 through February 25, 2008: about 3 years.
So nobody sends you encrypted mail.
I had fully expected a CP to be the lucky contestent, but alas, Cpunks
I don't know where cypherpunks are, they're for sure no longer on this list.
dont bother with key management anymore - heck, we dont even bother with distributed email anymore AFAIK. Alas, the alert correspondent was
Hey, you only now notice anonymous remailers have been dead for some half decade?
a commercial software vendor who makes little widgets. I had made an inquiry about a mass purchase, and they noticed the [now profoundly] expired key, and decided to Do The Right Thing and encrypt. Only they couldn't, as the key was deader than dead: it was "Tim May Someone Needs Killing Dead". And, even better, they were nice enough to point it out, assuming I was unaware. I am BCC'ing this post to said vendor: you really did do The Right Thing, and I applaud you for it! That you are the only one to notice is, I hope, a sign of the attention to detail I will find in your widgets.
So, CP Distributed Lists are dead. The list, singular is tottering, and has been for years, and now, I think I can proclaim Encryption Everywhere
O'Rly?
Received: from proton.jfet.org (proton.jfet.org [69.60.117.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sp2734", Issuer "sp2734" (not verified)) by v64.ativel.com (Postfix) with ESMTP id 372521364084
as Dead On Arrival. Even for so called crypto people. Tis a sad day in Eurasia folks.
FWIW, I still get encrypted mail, about one/month, or so.
-- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE