Re: [cryptopolitics] Silent Circle and Secure Email
Reading what Jon Callas wrote he said silent circle interoperated with unencrypted SMTP email (unencrypted other than SSL over the transport), and they used some bump in the wire PGP thingy that encrypts incoming email with the silent circle users public key, and presumably sends out cleartext possibly SSL SMTP where available, for non silent-circle recipients. Clearly therefore anyone tampering with the SSL (and often those mail transport systems are not that smart about SSL as there is no security UI) or just getting the NSA camel's nose inside the silent circle SSL termination point prior to encrytion. As they didnt think that would end well they decided to close it down. Alternatively they might have considered disabling the mail-in and mail-out features. Its less clear what lavabit were talking about. Perhaps something similar in terms of an SMTP interoperability encryption gap, or alternatively about being pressured to modify code (which people seem to assume, but I didnt see explicitly stated). There were some hushmail rumors about code modification some years back - does anyone know what actually at hushmail? Adam On Fri, Aug 09, 2013 at 08:46:57PM -0400, Jeffrey Walton wrote:
On Fri, Aug 9, 2013 at 2:43 PM, Jeffrey Goldberg <Jeffrey@goldmark.org> wrote:
On Aug 9, 2013, at 11:45 AM, Jeffrey Walton <noloader@gmail.com> wrote:
I'd be interested in hearing more with respect to Silent Circle complicity in crimes against the American people if they supplied secure email.
I think you may have missed the point in the Lavabit wording of this announcement.
It looks like they were saying that complying with law enforcement requests (handing over data or putting a back door in their systems) would be "complicity in crimes against the American people.”
Thanks Jeffrey. I thought it might have been that, but the word "crime" removed the possibility in my mind's eye. I guess I would have worded it differently.
participants (1)
-
Adam Back