PGP - when you care enough to send the very best!
Morlock Elloi
morlockelloi at yahoo.com
Sun May 26 19:24:59 PDT 2002
> Agreed. Which is why I pointed out that the encryption taking place
> under-the-hood tends to be a reasonable defense against a passive or
> less-resourced attacker while being frequently unsuitable against the
Whoever taps SMTP/POP3 bitstreams is hardly less-resourced. The only adversary
you need to worry about is the resourceful one.
> decision. But that does not mean that no security benefits are to be had
> from opportunistic encryption of Internet traffic.
Any massive deployment of crypto is subvertible. I see no way around it - it's
like microsoft windows' vulnerabilities. To be safe, crypto needs to be
diverse, custom-made and manual. The brain cycles you spend when encrypting are
the only real defense.
> friend's nor my ISP to have ready access to the cleartext of that email.
> Fortunately, we had encrypted SMTP connections end-to-end, thus
> protecting the contents of the email from the ISP's, albeit perhaps not
> from the NSA.
Very few run their own SMTP. Your own SMTP on your own box is not much
different from PGP eudora plug-in autoencrypting. But you cannot use this
argument to preach benefits of under-the-hood crypto - when almost all internet
mail traffic uses ISP-owned SMTP servers.
> noticed that a good majority of the P2P efforts introduced at CODECON
> all included support for encryption as part of the protocol. The various
I predict that first attempt to apply this on the
gnutella/morpheus/kazaa/napster scale will lead to clampdown. Which is the
reason that no one did it. We don't want osama sending orders that way.
=====
end
(of original message)
Y-a*h*o-o (yes, they scan for this) spam follows:
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
More information about the cypherpunks-legacy
mailing list