Re: Insecurity of public key crypto #1 (reply to Mandl)
: >Only "sensitive" information is worth encrypting and if you want to : >stay out of trouble you don't go giving sensitive information to : >someone you don't know. : : If part of your communications are encrypted and part are not you have : sent the message about what information is sensitive and what is not. : This difference in encoding is a fir-class message in it's own right. : : Therefore _all_ communications should be encrypted at all time. It is : no argument against the principle that this is difficult to do at the : current time. : : Eric : Would it not make sense, therefore, to publish a public cypherpunks mailing list key, which is returned with subscription requests? All incoming message cleartext to the mailing list server would then be encrypted in the server's key; not for security, but precisely for the reason you state above. That _would_ create quite a volume of encrypted communications to each receipient of the list. --Eric
Would it not make sense, therefore, to publish a public cypherpunks mailing list key, which is returned with subscription requests? All incoming message cleartext to the mailing list server would then be encrypted in the server's key; not for security, but precisely for the reason you state above. That _would_ create quite a volume of encrypted communications to each receipient of the list.
Please don't do that. I don't want to go through hoops to read this mailing list. It's already cumbersome as is. Adding PGP in the soup would make things very nasty. I'd rather not use PGP except for private messages. Perhaps having a usenet news group for encoded mail might be better. Something where everyone can occasionally either send a PGP'ed message with the subject being an encoded version of the receipient's name, or with just random junk that's PGP'ed... This would create enough traffic to be able to hide messages in. Perhaps a special "news" reader program can be written that scans all messages in that group for the encoded name, and if it matches that of the reader it will decode it and dump it in that user's mail or read it (and possibly reply to it) on the spot.
rarachel@prism.poly.edu (Arsen Ray Arachelian) writes:
Perhaps having a usenet news group for encoded mail might be better. Something where everyone can occasionally either send a PGP'ed message with the subject being an encoded version of the receipient's name, or with just random junk that's PGP'ed... This would create enough traffic to be able to hide messages in.
Have you looked at alt.anonymous? I haven't, but the description on one list says it's on encrypted messages to unknown recipients. Like the blind mailing list thing - everyone gets everything, and only what was intended for you will decrypt with your key. ----------------------------------------------------------------------- Rishab Aiyer Ghosh "What is civilisation rishab@doe.ernet.in, rishab@dxm.ernet.in but a ribonucleic Voicemail +91 11 3760335; Vox/Fax/Data 6853410 hangover?" H-34C Saket New Delhi 110017 INDIA -----------------------------------------------------------------------
Have you looked at alt.anonymous? I haven't, but the description on one list says it's on encrypted messages to unknown recipients. Like the blind mailing list thing - everyone gets everything, and only what was intended for you will decrypt with your key.
I haven't either. :-) I don't like the idea of a blind mailing list as it is hard to filter it. I already have enough problems just with reading cypherpunks, and the way I've solved it is via two accounts. One for cypherpunks mail and the other for normal private email. Addinmg any sort of extra noise would make things much harder. It would be nice if I could use a new mailer that automated the filtering process and presented several folders (personal, cypherpunks, blind-mail) and knew how to filter blind mail to pick up only mail intended for me, and automatically be able to handle message signing, posting to the blind list, etc. Message signing/verifying isn't a simple issue when you're dialing up a unix box and using its mail program. Unfortunatly, SLIP access is not given so I can't use a mailer on my own end to help automate this a bit. Storing a private key in my unix account is a bad idea. There have been plenty of break ins to the machines I use, luckily I haven't had my accounts screwed with (or if they're compromised, nobody fucked with my mail...) :-) But actually having a news group and a few automated junk mailers post to that to foil traffic analysys is needed...
participants (3)
-
Eric Johnson -
rarachel@prism.poly.edu -
rishab@dxm.ernet.in