Re: Security Against Compelled Disclosure
1. Don't send attachments to cypherpunks 2. See below for the reason why 3. Reread rules 1 and 2 On Wed, Aug 01, 2001 at 01:39:45AM -0700, Malcolm Idaho wrote:
Given all the discussion about compelled disclosure/distruction of originals/etc, I thought this document (attached) might be of some use.
It's by Ian Brown or Hidden Footprints Ltd, and Ben Laurie of A.L. Digital Ltd. It discusses several approaches to security against "rubber hose" cryptanalysis, including mention of favorable locations in which to store sensitive (and encrypted) files, use of stegonographic file systems, the judicial discovery process in a few contries, key warrants, SigInt, Backups, document destruction, and gobs more.
Enjoy
Malcolm
[demime 0.97c removed an attachment of type application/pdf which had a name of Compelled Disclosure.pdf"; x-mac-creator="4341524F"; x-mac-type="50444620]
On Sat, 4 Aug 2001, Declan McCullagh wrote:
1. Don't send attachments to cypherpunks
2. See below for the reason why
3. Reread rules 1 and 2
Actually there is no such policy on the CDR. Declan doesn't even run a member node so his opinions of what should happen with other peoples property is irrelevant. -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
You fool. One of the cypherpunks nodes removed the attachment. Sending attachments to the distributed cypherpunks list when at least one node remove them is about as useful as, well, arguing with Choate. -Declan On Sat, Aug 04, 2001 at 12:20:01AM -0500, Jim Choate wrote:
On Sat, 4 Aug 2001, Declan McCullagh wrote:
1. Don't send attachments to cypherpunks
2. See below for the reason why
3. Reread rules 1 and 2
Actually there is no such policy on the CDR.
Declan doesn't even run a member node so his opinions of what should happen with other peoples property is irrelevant.
-- ____________________________________________________________________
Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light.
B.A. Behrend
The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, 4 Aug 2001, Declan McCullagh wrote:
You fool. One of the cypherpunks nodes removed the attachment.
Actually they should ONLY be removing attachments to their subscribers, if they are removing attachments in general then they are breaking the contract. More over, the size limitations for messages to the CDR's was agreed to be 1M minimum over a year ago. Check the archives.
Sending attachments to the distributed cypherpunks list when at least one node remove them is about as useful as, well, arguing with Choate.
It's more useful than listening to the drivel that comes out of your mouth, for sure. If you got FACTS I'll accept them, all you ever offer is your opinion, which (at least) when it comes to how the CDR operates is worthless. You don't operate a node, you have nothing to say about policy - that's between you and YOUR node operator. If you're head wasn't so inflated you might have a hope of pulling it out of your ass. -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, 4 Aug 2001, Bill O'Hanlon wrote:
On Sat, Aug 04, 2001 at 08:29:55AM -0500, Jim Choate wrote:
Actually they should ONLY be removing attachments to their subscribers, if they are removing attachments in general then they are breaking the contract.
Contract?
Explicit written (ie email) contract at that. -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, Aug 04, 2001 at 11:54:35AM -0500, Jim Choate wrote:
On Sat, 4 Aug 2001, Bill O'Hanlon wrote:
On Sat, Aug 04, 2001 at 08:29:55AM -0500, Jim Choate wrote:
Actually they should ONLY be removing attachments to their subscribers, if they are removing attachments in general then they are breaking the contract.
Contract?
Explicit written (ie email) contract at that.
Sure. And I could find such a thing...where? It would seem that I ought to at least read such a thing, if I've supposedly agreed to it. -- Bill O'Hanlon wmo@pro-ns.net Professional Network Services, Inc. 612-379-3958 http://www.pro-ns.net
On Sat, 4 Aug 2001, Bill O'Hanlon wrote:
Sure. And I could find such a thing...where?
It would seem that I ought to at least read such a thing, if I've supposedly agreed to it.
Check the email you and I exchanged when pro-dns.net was put on the SSZ backbone feed. You agreed to not filter the backbone mail. If you want to change that policy feel free, I'll drop your feed and place a 'not a nice player' notice next to the pro-dns.net node on the SSZ homepage. -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, Aug 04, 2001 at 01:28:46PM -0500, Jim Choate wrote:
On Sat, 4 Aug 2001, Bill O'Hanlon wrote:
Sure. And I could find such a thing...where?
It would seem that I ought to at least read such a thing, if I've supposedly agreed to it.
Check the email you and I exchanged when pro-dns.net was put on the SSZ backbone feed. You agreed to not filter the backbone mail. If you want to change that policy feel free, I'll drop your feed and place a 'not a nice player' notice next to the pro-dns.net node on the SSZ homepage.
I looked, and I can't find the mail we exchanged, though I do remember exchanging mail at the time. Spell out what it is that you think we've agreed to, and I'll report back with how well I intend to comply, and you can decide what you want to put on your homepage. Or not, as you wish. If it helps, my thoughts on how things should work are in pretty close alignment with Eric's, and my node is now running his code. (Eric has done a nice job of making Majordomo pass only messages from subscribers to one of the CDRs, plus known remailers. His work also makes it easy to scan a bunch of messages looking for mail that didn't make it and add the message and the user to the node. The list is substantially more readable as a result, as many others have remarked.) -Bill -- Bill O'Hanlon wmo@pro-ns.net Professional Network Services, Inc. 612-379-3958 http://www.pro-ns.net
On Sat, 4 Aug 2001, Bill O'Hanlon wrote:
I looked, and I can't find the mail we exchanged, though I do remember exchanging mail at the time.
Spoliation!!!!!! ;) I don't keep 'em either.
Spell out what it is that you think we've agreed to, and I'll report back with how well I intend to comply, and you can decide what you want to put on your homepage.
Already did...<sigh>...what traffic you get from other CDR nodes you pass on unmodified. What happens between you and your subscribers is between you and your subscribers and doesn't commit other CDR nodes or their subscribers. Really simple, how the hell you could 'forget' is pretty convenient... (Sandy should consider selling copies of that fancy backpedaling bicycle he has, maybe he'll share some of those mail order drugs thought they don't seem to be helping a damn bit) ps You're already listed as a moderated hub. http://einstein.ssz.com/cdr -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, Aug 04, 2001 at 01:30:03AM -0400, Declan McCullagh wrote:
You fool. One of the cypherpunks nodes removed the attachment. Sending attachments to the distributed cypherpunks list when at least one node remove them is about as useful as, well, arguing with Choate.
-Declan
On Sat, Aug 04, 2001 at 12:20:01AM -0500, Jim Choate wrote:
On Sat, 4 Aug 2001, Declan McCullagh wrote:
1. Don't send attachments to cypherpunks
2. See below for the reason why
3. Reread rules 1 and 2
Actually there is no such policy on the CDR.
Jim's correct- there is no such "policy" on the overall cypherpunks list. It's just one CDR (lne) that's demiming posts. Here's how demime works related to the lne CDR: Posts that are received (enter the CDR system) at lne and are forwarded to the other CDRs are demimed. Posts originating from another CDR are demimed on the way to lne CDR subscribers. Posts originating from another CDR and being forwarded to another CDR aren't demimed. The lne CDR welcome message, and the message I posted to cypherpunks when announcing the lne CDR, simply said: "Lne.com runs the input to its CDR list through demime (http://scifi.squawk.com/demime.html) which deletes MIME attachments from mail. Demime leaves a note in the attachments place, so that recipients know that there was some cruft there." I'll update the welcome message to reflect the details I posted above. Demiming posts that originate at lne and go to other CDRs is an artifact of how I set up the list. Since lne CDR subscribers see demimed posts, they're likely to be, um, trained to post non-MIME, and thus shouldn't be affected much by this setup. There's no CDR contract. At least I didn't sign one. There is an informal agreement, or a set of same. I've tried to announce ahead of time what I'm doing, and to stick with what I've announced, limited by the time I'm willing to put in to the project. As far as I'm concerned that's what's required. Having one CDR demime posts does unfortunately create a discrepency between what the lne CDR subscribers see vs. the other CDR subscribers... but there's already a pretty big discrepancy there, as the lne CDR subscribers aren't seeing the spam that's posted to cypherpunks. It doesn't seem to harm the discussion any. But Declan (and everyone else) should remember that not everyone sees the same list they do.
Declan doesn't even run a member node so his opinions of what should happen with other peoples property is irrelevant.
His opinion is important since he's both an active list member and a lne CDR subscriber. As always I'm open to reasoned non-inflamatory suggestions, especially from lne CDR subscribers. BTW, the other day I switched majordomo to delete the Received: lines in posts to the lne CDR recipients-- posts that go through a number of CDRs get a lot of Received lines added to them, and some subscriber's MTAs were rejecting mail because of too many Received lines. If this bothers you and you're an lne CDR subscriber let me know and when I get a chance I'll hack up something to nuke just some of the Received lines. I've also found the source of the wrapped Message-Ids and I'll be fixing it soon. Eric
On Sat, Aug 04, 2001 at 12:00:34PM -0700, Eric Murray wrote:
I've also found the source of the wrapped Message-Ids and I'll be fixing it soon.
Eric
That's good news. The duplicated messages were confusing. -Bill
On Sat, 4 Aug 2001, Eric Murray wrote:
There's no CDR contract. At least I didn't sign one.
You don't have to sign it. You only have to agree to it verbally, or in this case email. A verbal agreement between two parties that dictate how they will relate to each other is a contract. If you don't want to abide by that 'informal' agreement then I'll gladly remove you from the SSZ CDR feed. It's your call. -- ____________________________________________________________________ Nature and Nature's laws lay hid in night: God said, "Let Tesla be", and all was light. B.A. Behrend The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
On Sat, Aug 04, 2001 at 12:00:34PM -0700, Eric Murray wrote:
Posts that are received (enter the CDR system) at lne and are forwarded to the other CDRs are demimed.
Posts originating from another CDR are demimed on the way to lne CDR subscribers.
Posts originating from another CDR and being forwarded to another CDR aren't demimed.
I have no problem with demime-ing posts, and applaud Eric's work to maintain a readable cypherpunks node. My only point, addressed to the fellow who sent an attachment, is that sending such things to any cypherpunks node makes little sense. Many of the more frequent posters now use the lne.com node, so we'll never see your attachment. And, depending on where the message enters the system, others may not either. -Declan
On Saturday, August 4, 2001, at 09:26 PM, Declan McCullagh wrote:
On Sat, Aug 04, 2001 at 12:00:34PM -0700, Eric Murray wrote:
Posts that are received (enter the CDR system) at lne and are forwarded to the other CDRs are demimed.
Posts originating from another CDR are demimed on the way to lne CDR subscribers.
Posts originating from another CDR and being forwarded to another CDR aren't demimed.
I have no problem with demime-ing posts, and applaud Eric's work to maintain a readable cypherpunks node.
My only point, addressed to the fellow who sent an attachment, is that sending such things to any cypherpunks node makes little sense. Many of the more frequent posters now use the lne.com node, so we'll never see your attachment. And, depending on where the message enters the system, others may not either.
There are many good reasons why mailing lists should not use attachments: -- viruses, worms -- attachments are best arranged beforehand, for the virus/worm reason, and to minimize sudden bogdowns in downloads -- with URLs so common, a pointer to a stored file someplace accomplishes most tasks people intend to do with attachments -- attachments that are not pictures (vacation pics sent by mail, commonly) are usually formatted Word or whatever documents...not needed for mailing lists, and not welcome -- mailing lists of several hundred subscribers...'nuff said. -- diverse mailers...everything from Emacs to elm to Eudora to AmigaMail. Expecting hundreds of subscribers on dozens of mail systems to open an attachment is foolish. Anyone who _did_ get a big attachment through would likely go into my kill file. --Tim May
participants (7)
-
Bill O'Hanlon -
Bill O'Hanlon -
Declan McCullagh -
Eric Murray -
Jim Choate -
Jim Choate -
Tim May