[guardian-dev] An email service that requires GPG/PGP?

Eugen Leitl eugen at leitl.org
Fri Aug 16 08:22:11 PDT 2013 

----- Forwarded message from Tom Ritter <tom at ritter.vg> -----

Date: Wed, 14 Aug 2013 19:12:24 -0400
From: Tom Ritter <tom at ritter.vg>
To: Richard <rz at linux-m68k.org>
Cc: guardian-dev <guardian-dev at lists.mayfirst.org>, liberationtech <liberationtech at lists.stanford.edu>
Subject: Re: [guardian-dev] An email service that requires GPG/PGP?

On 14 August 2013 18:01, Richard <rz at linux-m68k.org> wrote:
> On the other end of the paranoia scale I would like to remind folks of the
> the mixmaster remailer chaining technique which does much more than plain
> encryption - as far as I can see it is theoretically completely untraceable.

That statement is not correct.  Mix networks require more effort to
trace than normal packets or Onion Routing, but are not even close to
"theoretically completely untraceable".  I'll point to Syverson's
papers (Why I'm not an entropist, and Sleeping dogs lie in a bed of
onions) and Serjantov's "From a Trickle to a Flood."



On 14 August 2013 10:17, Ralph Holz <holz at net.in.tum.de> wrote:
> Hi Tom
>
>> Aside from StartCom (free) most CAs have roughly the same price and
>> service.  Since service is equivalent, you're free to choose a CA
>> based on your political opinion, and not worry about missing out on
>> 'features'. It's basically like voting in an election - elections are
>> won by tens or hundreds of thousands of votes, so it seems like one
>> vote doesn't matter.  But it can add up.
>
> Not sure if you know this one, but this article paints a somewhat more
> complex picture of the HTTPS economics. In particular, companies buy
> from the big players because, alas and behold, they're too big to fail
> and will never be removed from root stores:
>
> @INPROCEEDINGS{Asghari2013,
>   author = {Asghari, Hadi and van Eeten, Michel J. G. and Arnbak, Axel
> M. and van Eijk, Nico A. N. M.},
>   year = {2013},
>   month = {March},
>   title = {Security Economics in the {HTTPS} value chain},
>   location = {Washington, D.C., USA},
>   booktitle = {Proc. 12th Ann. Workshop on the Economics of Information
> Security (WEIS 2013)},
> }


I had not seen that paper, that's cool thanks.  However, it seems
they're observing data (EFF Observatory and Market Prices) and drawing
conclusions about why companies make decisions.  It would be easier
and more reliable to just... ask the companies why they do what they
do.  They seem to omit that somewhat important step to support their
conclusions.

-tom
_______________________________________________
Guardian-dev mailing list

Post: Guardian-dev at lists.mayfirst.org
List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev

To Unsubscribe
        Send email to:  Guardian-dev-unsubscribe at lists.mayfirst.org
        Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/eugen%40leitl.org

You are subscribed as: eugen at leitl.org

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list