----- Forwarded message from Tom Ritter <tom@ritter.vg> ----- Date: Wed, 14 Aug 2013 19:12:24 -0400 From: Tom Ritter <tom@ritter.vg> To: Richard <rz@linux-m68k.org> Cc: guardian-dev <guardian-dev@lists.mayfirst.org>, liberationtech <liberationtech@lists.stanford.edu> Subject: Re: [guardian-dev] An email service that requires GPG/PGP? On 14 August 2013 18:01, Richard <rz@linux-m68k.org> wrote:
On the other end of the paranoia scale I would like to remind folks of the the mixmaster remailer chaining technique which does much more than plain encryption - as far as I can see it is theoretically completely untraceable.
That statement is not correct. Mix networks require more effort to trace than normal packets or Onion Routing, but are not even close to "theoretically completely untraceable". I'll point to Syverson's papers (Why I'm not an entropist, and Sleeping dogs lie in a bed of onions) and Serjantov's "From a Trickle to a Flood." On 14 August 2013 10:17, Ralph Holz <holz@net.in.tum.de> wrote:
Hi Tom
Aside from StartCom (free) most CAs have roughly the same price and service. Since service is equivalent, you're free to choose a CA based on your political opinion, and not worry about missing out on 'features'. It's basically like voting in an election - elections are won by tens or hundreds of thousands of votes, so it seems like one vote doesn't matter. But it can add up.
Not sure if you know this one, but this article paints a somewhat more complex picture of the HTTPS economics. In particular, companies buy from the big players because, alas and behold, they're too big to fail and will never be removed from root stores:
@INPROCEEDINGS{Asghari2013, author = {Asghari, Hadi and van Eeten, Michel J. G. and Arnbak, Axel M. and van Eijk, Nico A. N. M.}, year = {2013}, month = {March}, title = {Security Economics in the {HTTPS} value chain}, location = {Washington, D.C., USA}, booktitle = {Proc. 12th Ann. Workshop on the Economics of Information Security (WEIS 2013)}, }
I had not seen that paper, that's cool thanks. However, it seems they're observing data (EFF Observatory and Market Prices) and drawing conclusions about why companies make decisions. It would be easier and more reliable to just... ask the companies why they do what they do. They seem to omit that somewhat important step to support their conclusions. -tom _______________________________________________ Guardian-dev mailing list Post: Guardian-dev@lists.mayfirst.org List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: Guardian-dev-unsubscribe@lists.mayfirst.org Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org You are subscribed as: eugen@leitl.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5